Brave Software: New XSS vector in ReaderMode with %READER-TITLE-NONCE%

A new XSS vulnerability was discovered in Brave iOS 1.31.1 and higher, which allowed attackers to execute malicious scripts on ReaderMode pages. The vulnerability was caused by a relaxation of the CSP rule, which allowed scripts with nonce-%READER-TITLE-NONCE% to be executed. Attackers could...

SwiftBelt - A macOS Enumeration Tool Inspired By Harmjoy'S Windows-based Seatbelt Enumeration Tool

SwiftBelt is a macOS enumerator inspired by @harmjoy's Windows-based Seatbelt enumeration tool. SwiftBelt does not utilize any command line utilities and instead uses Swift code leveraging the Cocoa Framework, Foundation libraries, OSAKit libraries, etc. to perform system enumeration. This can be...

How a Typo Stopped Hackers from Stealing $1 Billion from Bank

Typos are really embarrassing, but this time it saved the Bangladesh Central Bank and the New York Federal Reserve by preventing a nearly $1 Billion £700 Million heist. Last month, some unknown hackers broke into Bangladesh's central bank, obtained credentials needed for payment transfers and the...