dahaboo.com Cross Site Scripting vulnerability OBB-3930183

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

ga.junin.gob.ar Cross Site Scripting vulnerability OBB-3865428

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

umr-marbec.fr Cross Site Scripting vulnerability OBB-3864420

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

lemnet.org Cross Site Scripting vulnerability OBB-3860540

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

paddleboardingguru.com Cross Site Scripting vulnerability OBB-3857672

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

space911.com Cross Site Scripting vulnerability OBB-3856327

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

riftenergycorp.com Cross Site Scripting vulnerability OBB-3856261

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

stargift.ro Cross Site Scripting vulnerability OBB-3852318

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Socks! Our cyber prediction for 2024

I get pretty bored of reading pointless prediction puff pieces from vendors about what is going to happen next year in cyber. Don’t tell me, it’ll be security issues that their next-gen, xDR, paradigm-shifting, lowest TCO turnkey solution resolves. So here’s what I can guarantee for next year:...

Malicious code in netlify-swag (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3694d55c2e008a2b19479d7d295632d06557f2c4ceede0e8a679ea19d44cbc81 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-4807 Malicious code in netlify-swag (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3694d55c2e008a2b19479d7d295632d06557f2c4ceede0e8a679ea19d44cbc81 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Congratulations and New Swag Awards for the Top MSRC 2022 Q1 Security Researchers!

Today, we are excited to recognize this quarter’s Microsoft Researcher Recognition Program leaderboard and share new swag awards and improvements to the leaderboard. Congratulations and thank you to everyone for your hard work and continued partnership to secure customers. The top three researche...

Congratulations and New Swag Awards for the Top MSRC 2022 Q1 Security Researchers!

Today, we are excited to recognize this quarter’s Microsoft Researcher Recognition Program leaderboard and share new swag awards and improvements to the leaderboard. Congratulations and thank you to everyone for your hard work and continued partnership to secure customers. The top three researche...

Congratulations and New Swag Awards for the Top MSRC 2022 Q1 Security Researchers!

Today, we are excited to recognize this quarter’s Microsoft Researcher Recognition Program leaderboard and share new swag awards and improvements to the leaderboard. Congratulations and thank you to everyone for your hard work and continued partnership to secure customers. The top three researche...

Code Security Advent Calendar 2021

We are happy to announce our sixth consecutive Code Security Advent Calendar! Born at RIPS in 2016, each calendar comprises 24 little code puzzles containing hidden security vulnerabilities that wait to be spotted. This is our way to share good vibes with the community while learning and having f...

The return of the Malwarebytes CrackMe

This blog post was authored by Hasherezade Update: Malwarebytes Crackme : we already have the winners in the category "the fastest solve", congratulations! 1st: @nazywam 2nd: Suvaditya Sur @x0r19x91 3rd:@evandrix But we are still waiting for your submissions! -- Malwarebytes Threat Intelligence...

HackerOne: PII data Leakage through hackerone reports

Summary: I found PII data leakage through the HackerOne report. I found a link in one of the disclosed report that allow me to get the address and phone numbers of security researchers. Here I got the address and phone number of ████ ███ Vulnerability Name: PII data Leakage through Steps to...

h1-ctf: H1 Hackyholidays CTF - The Grinch was defeated

The following writeup will underline all the steps and tools used to solve the 12 challenges of the H1 Holidays CTF. The theme of the competition was the Grinch. How it is possible to read from the competition blog post https://www.hackerone.com/blog/12-days-hacky-holidays-ctf , the goal was to...

h1-ctf: HackyHolidays H1 CTF Writeup

HackyHolidays Day 1 Once the CTF started and the Grinch released the scope hackyholidays.h1ctf.com, I started the CTF by a good old Nmap scan, to see whats running on the server. So the nmap command looked like nmap -sC -sV -oA nmap hackyholidays.h1ctf.com/. The result showed a promising entry...

h1-ctf: 12 Days of CTF Walkthroughs

h1-ctf: 12 Days of Hacky Holidays This is my writeup for 12 Days of Hacky Holidays. The report is written such that beginners to CTFs will be able to learn the tricks of the trade. The Mission: The Grinch has gone hi-tech this year with the intention of ruining the holidays 😱We need you to...