Marius Avram

Goodbye innerHTML, Hello setHTML: Stronger XSS Protection in Firefox 148 hacks.mozilla.org/2026/02/good...

Total.js RCE gadgets all around lab.ctbb.show/research/tot...

the watchers: How openai, the US government, and persona built an identity surveillance machine that files reports on you to the feds vmfunc.re/blog/persona

MCP Server Security: The Hidden AI Attack Surface MCP server security is a critical blind spot in AI integration. Our researchers demonstrated code execution, data theft, and response manipulation — all invisible to users.

MCP Server Security: The Hidden AI Attack Surface:
www.praetorian.com/blog/mcp-ser...

Hi Robin, I’ve just tested it using a Romanian IP, and everything works fine on my end.

Notepad++ Hijacked by State-Sponsored Hackers notepad-plus-plus.org/news/hijacke...

Poland CERT Report: Coordinated Cyber Sabotage Hits 30+ Wind/Solar Farms & CHP Plant (Dec 29, 2025) cert.pl/en/posts/202...

We’re expanding localized pricing to Romania! 🇷🇴

Individual plan prices drop by 55%:
💸 Monthly: 20 USD → 9 USD
💸 Yearly: 200 USD → 90 USD

Know a hacker in Romania who’s been waiting? Tag them👇
caido.io/pricing?utm_...

Top 10 web hacking techniques of 2025 Welcome to the community vote for the Top 10 Web Hacking Techniques of 2025.

Voting is now live for the top ten web hacking techniques of 2025! Grab a brew, browse the 61 quality nominations and cast your vote on the most creative and ground-breaking techniques:
portswigger.net/polls/top-10...

Overview of the page.

📡 OWASP Secure Headers Project: We have added information and examples regarding the Trusted Types feature of the Content-Security-Policy header.

📖 owasp.org/www-project-...

#appsec #appsecurity #owasp_shp

Venezuela and Ukraine expose the clearest form of double standards in international politics,when similar actions are taken by different actors,they are judged by entirely different criteria.Those who condemn Russia for intervening in Ukraine often welcome or justify US intervention in Venezuela

Despite fixed borders, the United States claims ownership of the West. Trump says it openly, echoed by Marco Rubio, this is our hemisphere. Such words expose hegemony. Faced with Trump’s illegal acts, the EU behaves as a complicit impostor, submissive, silent, ready to drag the West into barbarism

When the US kidnaps a foreign president with Western applause, no law protects anyone. Iraq, Libya, Syria, Ukraine show wars are thefts of resources. Narco-terror claims mask oil and gold looting. Power rules, rights vanish, democracy is a lie!

I don't understand how these clubs are allowed to operate, why fireworks are permitted indoors, why the ceilings are so highly flammable, and, more importantly, why there are no proper emergency exits. It is as if they are designed to be death traps. 🤦‍♂️

It happened in Romania under almost identical circumstances: the ceiling caught fire due to fireworks, killing over 60 people.

Shlomo Kramer, co-founder of Check Point, Imperva, and Cato Networks, has stated that “it’s time to limit the First Amendment. We need to control all social platforms… and take control of what they are saying.”

Turning List-Unsubscribe into an SSRF/XSS Gadget security.lauritz-holtmann.de/post/xss-ssr...

How we pwned X (Twitter), Vercel, Cursor, Discord, and hundreds of companies through a supply-chain attack gist.github.com/hackermondev...

Bypass CSP in a single click using my new Custom Action, powered by @renniepak.nl's excellent CSP bypass project.

AutoVader - The Spanner Four years ago we released DOM Invader, I added a feature called callbacks that enabled you to execute JavaScript and log when sinks, messages or sources are found. This was so powerful but over the y...

Meet AutoVader. It automates DOM Invader with Playwright Java and feeds results back into Burp. Faster client side bug hunting for everyone. 🚀

thespanner.co.uk/autovader

Privacy concerns raised as Grok AI found to be a stalker's best friend Grok, the AI chatbot developed by Elon Musk's xAI, has been found to exhibit more alarming behaviour - this time revealing the home addresses of ordinary people upon request.

Grok - Elon Musk's AI chatbot - has been caught handing out home addresses of ordinary individuals... on demand. 

When asked, Grok was willing to provide step-by-step instructions on how to stalk these people...

Read more in my article on the Bitdefender blog: www.bitdefender.com/en-us/blog/h...

We now have a (draft) @metasploit-r7.bsky.social exploit module for the recent Fortinet FortiWeb vulns, chaining CVE-2025-64446 (auth bypass) + CVE-2025-58034 (command injection) to achieve unauthenticated RCE with root privileges: github.com/rapid7/metas...

Introducing the OWASP Top 10:2025
owasp.org/Top10/2025/0...

Tenable Research has discovered seven vulnerabilities and attack techniques in ChatGPT, including unique indirect prompt injections, exfiltration of personal user information, persistence, evasion, and bypass of safety mechanisms. www.tenable.com/blog/hackedg...

Phrack 72 Has Been Published phrack.org/issues/72/1

IP data on compromised instances shared in our Compromised Website report tagged 'fortiweb-compromised': www.shadowserver.org/what-we-do/n...

IP data on exposed instances is in our Device ID report: www.shadowserver.org/what-we-do/n... (device model is set to FortiWeb Management Interface)

true legend!

opossum-attack.com <- Opossum is a cross-protocol application layer desynchronization attack that affects TLS-based application protocols that rely on both opportunistic and implicit TLS. Among the affected protocols are HTTP, FTP, POP3, SMTP, LMTP and NNTP.