Forwarded from The Hacker News
🚨 Hackers are hijacking Google search ads to trick devs into downloading malware disguised as GitHub tools.
The payload? A 128MB file that hides from sandboxes unless your GPU passes its “check.” Info theft & remote access are the endgame.
Details ↓ https://thehackernews.com/2025/09/gpugate-malware-uses-google-ads-and.html
The payload? A 128MB file that hides from sandboxes unless your GPU passes its “check.” Info theft & remote access are the endgame.
Details ↓ https://thehackernews.com/2025/09/gpugate-malware-uses-google-ads-and.html
it has been three month since i started this channel and my cybersecurity journey
i hesitated many times to start a channel feeling i have to dig a lot inorder to share something but i understood noone started after being perfect but you will get improved through the journey and yeah good to share the journey , getting help from seniors in the field and building community. still just starting but we will grow through time |GOD HELPS|
happy new year !!!
i hesitated many times to start a channel feeling i have to dig a lot inorder to share something but i understood noone started after being perfect but you will get improved through the journey and yeah good to share the journey , getting help from seniors in the field and building community. still just starting but we will grow through time |GOD HELPS|
happy new year !!!
❤5
kid cyber
covering reflected xss...a lot to dig
just found this website to practice xss
https://xss-game.appspot.com/
https://xss-game.appspot.com/
🔥1
kid cyber
just found this website to practice xss https://xss-game.appspot.com/
here it all starts !!
same origin policy: it stops one website reading or writing data to and from another website
the policy essentially checks for 3 different things in the origin: protocol, host and port
only if the three are the same for two different origin then the browser allows cross read and write
same origin policy: it stops one website reading or writing data to and from another website
the policy essentially checks for 3 different things in the origin: protocol, host and port
only if the three are the same for two different origin then the browser allows cross read and write
Forwarded from Yekolo Temari (የቆሎ ተማሪ)
Get ready for Ethiopia CyberShield Showdown Week, featuring bootcamps, red-team exploits, incident response simulations, and a high-stakes Capture the Flag (CTF). Join us to learn, compete, and connect with a chance to win prizes, merch, and recognition.
📅 Event Details
🔹 Online Bootcamp: Sept 17 to 18 | 8:00 PM to 10:00 PM
🔹 In-Person CTF: Sept 19 to 21 | 9:00 AM to 5:00 PM
📍 Capstone, ALX Tech Lideta Hub, Lideta
🔗 Register now: https://luma.com/jyu7twze
#ALXEthiopia #CyberShieldShowdown #CTF2025 #Cybersecurity #ALXAfrica #dohardthings #lifeatalx #yekolotemari
📅 Event Details
🔹 Online Bootcamp: Sept 17 to 18 | 8:00 PM to 10:00 PM
🔹 In-Person CTF: Sept 19 to 21 | 9:00 AM to 5:00 PM
📍 Capstone, ALX Tech Lideta Hub, Lideta
🔗 Register now: https://luma.com/jyu7twze
#ALXEthiopia #CyberShieldShowdown #CTF2025 #Cybersecurity #ALXAfrica #dohardthings #lifeatalx #yekolotemari
❤2
kid cyber
here it all starts !! same origin policy: it stops one website reading or writing data to and from another website the policy essentially checks for 3 different things in the origin: protocol, host and port only if the three are the same for two different…
💡 Same-Origin Policy (SOP)
It prevents one website from reading/writing data to another site unless protocol, host, and port all match.
🔒 But what about attacks like XSS?
Cross-Site Scripting (XSS) is a web vulnerability where attackers inject malicious noscripts into trusted websites to run in the victim’s browser.
⚡ Types of XSS:
Stored XSS → Malicious noscript is permanently saved on the target server (e.g., in a database, comment section).
Reflected XSS → Script comes from a crafted link or request and reflects back in the response.
DOM-based XSS → The attack happens fully on the client side due to unsafe JavaScript handling in the DOM.
👉 In short: XSS abuses the trust a site has with your browser.
It prevents one website from reading/writing data to another site unless protocol, host, and port all match.
🔒 But what about attacks like XSS?
Cross-Site Scripting (XSS) is a web vulnerability where attackers inject malicious noscripts into trusted websites to run in the victim’s browser.
⚡ Types of XSS:
Stored XSS → Malicious noscript is permanently saved on the target server (e.g., in a database, comment section).
Reflected XSS → Script comes from a crafted link or request and reflects back in the response.
DOM-based XSS → The attack happens fully on the client side due to unsafe JavaScript handling in the DOM.
👉 In short: XSS abuses the trust a site has with your browser.
Samsung fixes critical zero-day CVE-2025-21043 exploited in android attacks and it releases security update for these phones https://security.samsungmobile.com/workScope.smsb
This media is not supported in your browser
VIEW IN TELEGRAM
Have u ever wondered why college degree is called "bachelor's degree"?
Forwarded from ThreatX Security
🔰 Famous Platforms to practice Pentesting 🔰
tryhackme
https://tryhackme.com
bWAPP
http://itsecgames.com
flAWS Cloud
http://flaws.cloud
Hack Yourself First
http://hackyourselffirst.troyhunt.com
OWASP Juice Shop
http://juice-shop.herokuapp.com
Google Gruyere
https://google-gruyere.appspot.com
Hack Me
https://hack.me
HackTheBox
https://hackthebox.eu
Root-Me
https://root-me.org
XSS Game
https://xss-game.appspot.com
Pentesterlab
https://pentesterlab.com
OverTheWire
https://overthewire.org/wargames/
Hacking Lab
https://hacking-lab.com/index.html
IO
http://io.netgarage.org
smashthestack
http://smashthestack.org
microcorruption
https://microcorruption.com/login
ExploitMe Mobile
http://securitycompass.github.io/AndroidLabs/index.html
Hax.Tor
http://hax.tor.hu/welcome/
Java Vulnerable Lab
https://github.com/CSPF-Founder/JavaVulnerableLab
Pwnos
http://pwnos.com
Ringzero
https://ringzer0team.com/challenges
Avatao
https://avatao.com
GameOver
https://sourceforge.net/projects/null-gameover/
HSCTF3
http://hsctf.com
#ThreatX
#ThreatXSecurity
tryhackme
https://tryhackme.com
bWAPP
http://itsecgames.com
flAWS Cloud
http://flaws.cloud
Hack Yourself First
http://hackyourselffirst.troyhunt.com
OWASP Juice Shop
http://juice-shop.herokuapp.com
Google Gruyere
https://google-gruyere.appspot.com
Hack Me
https://hack.me
HackTheBox
https://hackthebox.eu
Root-Me
https://root-me.org
XSS Game
https://xss-game.appspot.com
Pentesterlab
https://pentesterlab.com
OverTheWire
https://overthewire.org/wargames/
Hacking Lab
https://hacking-lab.com/index.html
IO
http://io.netgarage.org
smashthestack
http://smashthestack.org
microcorruption
https://microcorruption.com/login
ExploitMe Mobile
http://securitycompass.github.io/AndroidLabs/index.html
Hax.Tor
http://hax.tor.hu/welcome/
Java Vulnerable Lab
https://github.com/CSPF-Founder/JavaVulnerableLab
Pwnos
http://pwnos.com
Ringzero
https://ringzer0team.com/challenges
Avatao
https://avatao.com
GameOver
https://sourceforge.net/projects/null-gameover/
HSCTF3
http://hsctf.com
#ThreatX
#ThreatXSecurity
TryHackMe
TryHackMe | Cyber Security Training
TryHackMe is a free online platform for learning cyber security, using hands-on exercises and labs, all through your browser!
👍2
Forwarded from The Hacker News
🚨 Chrome users: a new zero-day is under active attack.
CVE-2025-10585 targets Chrome’s V8 engine—Chrome’s 6th zero-day of 2025.
Details → https://thehackernews.com/2025/09/google-patches-chrome-zero-day-cve-2025.html
⚡ Update now: 140.0.7339.185/.186 (Win/macOS), 140.0.7339.185 (Linux).
If you use Edge/Brave/Opera/Vivaldi, patch too.
CVE-2025-10585 targets Chrome’s V8 engine—Chrome’s 6th zero-day of 2025.
Details → https://thehackernews.com/2025/09/google-patches-chrome-zero-day-cve-2025.html
⚡ Update now: 140.0.7339.185/.186 (Win/macOS), 140.0.7339.185 (Linux).
If you use Edge/Brave/Opera/Vivaldi, patch too.
👍4
Linux and DevOps
just wanted to rehearse the basics and i feel i didn't do enough labs there so ....yeah i'm not here for shortcut just building strong foundations will share the labs and some reports 😊
not to end up being a noscript kiddie😁
not to end up being a noscript kiddie😁
👍3
Forwarded from 《MELEX IT®》
🚨 Big News for Hackers in Ethiopia! 🚨
Introducing Bug Sphere 🕵️♂️💻 — Ethiopia’s FIRST Bug Bounty Platform!
A place where ethical hackers, security researchers, and tech enthusiasts come together to hack, secure, and earn rewards. 🏆
🔒 Help companies stay safe.
💰 Get rewarded for your skills.
🌍 Be part of Ethiopia’s cybersecurity revolution.
👉 Join the Waitlist today and be among the first hackers to get access!
📌 https://www.bug-sphere.com/
⚡️ Don’t just watch the future happen — hack it with Bug Sphere!
#BugSphere #Ethiopia #BugBounty #HackTheFuture
@MelaSec
Introducing Bug Sphere 🕵️♂️💻 — Ethiopia’s FIRST Bug Bounty Platform!
A place where ethical hackers, security researchers, and tech enthusiasts come together to hack, secure, and earn rewards. 🏆
🔒 Help companies stay safe.
💰 Get rewarded for your skills.
🌍 Be part of Ethiopia’s cybersecurity revolution.
👉 Join the Waitlist today and be among the first hackers to get access!
📌 https://www.bug-sphere.com/
⚡️ Don’t just watch the future happen — hack it with Bug Sphere!
#BugSphere #Ethiopia #BugBounty #HackTheFuture
@MelaSec
Bug Sphere
Bug Sphere - Ethiopia's Premier Cybersecurity Platform | Bug Bounty & Security Research
Bug Sphere connects Ethiopian organizations with top security researchers through our comprehensive cybersecurity platform. Discover vulnerabilities, enhance digital security, and protect your assets with ethical hacking and professional security assessments.…