Malicious code in security.txt (npm)

The package security.txt was found to contain malicious code...

MAL-2025-32883 Malicious code in security.txt (npm)

The package security.txt was found to contain malicious code...

security.txt Detection (HTTP)

Web Servers can use a file called security.txt to provide contact information for security researchers and other security related content. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

London Councils & pirate books. Google dorking for subdomain takeovers

TL;DR Google dorks found me an exploited DigitalOcean subdomain takeover on London Councils’ .gov.uk domain It used a meta refresh to redirect to a site hosting unprovenanced PDFs London Councils had a security.txt file which made disclosure a doddle Their security team were awesome and fixed it...

Malwarebytes' modernized bug bounty program—here's all you need to know

Malwarebytes welcomes and encourages independent researchers reporting vulnerabilities in our products, and has run a bug bounty program for several years. Our security team has spent the last few months modernizing the program and we thought you'd like to hear about it. What is a bug bounty...

Scanning for security.txt files

Introduction RFC 9116 was written by E. Foudil and Y. Shafranovich and left draft status in April 2022. This RFC formally defines the unofficial security.txt file that has been an unofficial standard for many years, initially created back in 2017 and documented at . The security.txt file provides...

Does Your Organization Have a Security.txt File?

It happens all the time: Organizations get hacked because there isnt an obvious way for security researchers to let them know about security vulnerabilities or data leaks. Or maybe it isnt entirely clear who should get the report when remote access to an organizations internal network is being so...

Security.txt File Detected

A Security.txt file has been detected on the target. When security risks in web services are discovered by independent security researchers, this file defines the channels to disclose them properly. As a result, security issues may be disclosed by 3rd party researchers securely in a manner define...

Security.txt File Not Detected

A Security.txt file has not been detected on the target. When security risks in web services are discovered by independent security researchers, this file defines the channels to disclose them properly & enables 3rd party researchers to disclose issues securely in a manner defined by the...

contact.sh - An OSINT tool to find contacts in order to report security vulnerabilities

An OSINT tool to find contacts in order to report security vulnerabilities. Installation Linux Make sure you have installed the whois and jq packages. $ git clone https://github.com/EdOverflow/contact.sh.git $ cd contact.sh/ $ chmod u+x contact.sh $ ./contact.sh -d google.com -c google OSX $ brew...

Ed: Chrome Extension is vulnerable to the self-DOS issues in case it process the security.txt with a big size

Description Hello. Before all, thanks for the invite: Here is keyword: frog I discovered the self-DOS issue, which affects Chrome extension. Impact I marked the impact as low, because it will affect only the browser tab, and will not impact other browser tabs. The issue happens due to processing...