javascript – WindowsTechs.com

Apparently malicious website seems like it’s attempting to exfil SSH keys [closed]

Posted on April 1, 2025 by obadz

As I visited this website the other day, after a few minutes I found it displaying error messages looking like this:

This happened when using Firefox on Linux, and Firefox on Mac (on completely different computers, at different locations,… Continue reading Apparently malicious website seems like it’s attempting to exfil SSH keys [closed]→

SideWinder targets the maritime and nuclear sectors with an updated toolset

Posted on March 10, 2025 by Giampaolo Dedola, Vasily Berdnikov

In this article, we discuss the tools and TTPs used in the SideWinder APT’s attacks in H2 2024, as well as shifts in its targets, such as an increase in attacks against the maritime and logistics sectors. Continue reading SideWinder targets the maritime and nuclear sectors with an updated toolset→

The GitVenom campaign: cryptocurrency theft using GitHub

Posted on February 24, 2025 by Georgy Kucherin, Joao Godinho

Kaspersky researchers discovered GitVenom campaign distributing stealers and open-source backdoors via fake GitHub projects. Continue reading The GitVenom campaign: cryptocurrency theft using GitHub→

PRevent: Open-source tool to detect malicious code in pull requests

Posted on February 20, 2025 by Zeljka Zorz

Apiiro security researchers have released open source tools that can help organizations detect malicious code as part of their software development lifecycle: PRevent (a scanner for pull requests), and a malicious code detection ruleset for Semgrep and… Continue reading PRevent: Open-source tool to detect malicious code in pull requests→

Java security: If you ain’t cheatin,’ you ain’t tryin’

Posted on February 19, 2025 by mbracken

Rigging the odds in your favor is the only way security practitioners can go.

The post Java security: If you ain’t cheatin,’ you ain’t tryin’ appeared first on CyberScoop.

Continue reading Java security: If you ain’t cheatin,’ you ain’t tryin’→

Can I always exploit the website after getting an alert box? [closed]

Posted on February 16, 2025 by Red Potato

I entered an onclick=’alert("helo there")’ in a button thru inspect and I got an alert.
Can I report the bug like that or should I search for a dangerous payload to get maximum priority?

Also what type of xss is that?

Continue reading Can I always exploit the website after getting an alert box? [closed]→

Nice PDF, But Can It Run Linux? Yikes!

Posted on February 11, 2025 by Heidi Ulrich

Screenshot of Linux in a PDF in a browser

The days that PDFs were the granny-proof Swiss Army knives of document sharing are definitely over, according to [vk6]. He has managed to pull off the ultimate mind-bender: running Linux …read more Continue reading Nice PDF, But Can It Run Linux? Yikes!→

What damage can a malicious site cause with JavaScript?

Posted on January 28, 2025 by Maxfield

People say that JavaScript is potentially dangerous, but are there any good examples of how harmful a site can be for its visitors when JavaScript is enabled?

Continue reading What damage can a malicious site cause with JavaScript?→

XSS javascript does not execute (bug bounty)

Posted on January 12, 2025 by Don Schulz

I am doing a bug bounty and i found an XSS injection point. However most tags are filtered and i have been getting no results in executing JS, i can do what ever HTML i want though
here are some examples as they show id WebDev Tools
<im… Continue reading XSS javascript does not execute (bug bounty)→

How to securely load user genereated Javascript code from IFrame into my website?

Posted on January 9, 2025 by Zurf

Before I start, I have found a few related references to this question, but they are not answered previously or are about a slightly different scenario to mine.
I have the following need. I need a way to let users write Javascript code, wh… Continue reading How to securely load user genereated Javascript code from IFrame into my website?→