🔥 CVE-2025-13282 (HIGH): Chunghwa Telecom TenderDocTransfer allows unauth'd file deletion via CSRF & path traversal flaws. Block app/API ports, educate users, and back up data! No patch yet. Details: https://radar.offseq.com/threat/cve-2025-13282-cwe-352-cross-site-request-forgery--6b3e8d3f #OffSeq #CSRF #infosec #vuln

⚠️ CVE-2025-13283 (HIGH): Chunghwa Telecom TenderDocTransfer has a CSRF & path traversal vuln—lets unauth attackers copy/paste files via APIs. Phishing = risk of data leaks & DoS. Restrict & monitor now! https://radar.offseq.com/threat/cve-2025-13283-cwe-352-cross-site-request-forgery--0bcb621a #OffSeq #Vuln #CSRF #InfoSec

Mastodon!   Intentando configurar #linkding con #docker y #nginx como #reverseProxy pero me da errores de #csrf
😩

El lado del mal - HackedGPT: Cómo explotar "Weaknesses" en ChatGPT para hacer Phishing o Exfiltrar Datos https://www.elladodelmal.com/2025/11/hackedgpt-como-explotar-weaknesses-en.html #ChatGPT #GPT #Phishing #PromptInjection #Bing #CSRF #IA #AI #Ciberseguridad #Hacking

Top Advanced XSS Payloads That Still Work in 2025
This article explores advanced Cross-Site Scripting (XSS) payloads that remain effective in 2025 despite modern security defenses. XSS continues to be a persistent vulnerability due to the complexity of modern web frameworks (React, Vue, Angular) that generate dynamic content with intricate JavaScript behavior patterns. The advanced payloads discussed focus on bypass techniques that overcome common defenses like Content Security Policy (CSP) filters and sanitization libraries. These sophisticated attack vectors leverage encoding obfuscation, DOM event manipulation, and framework-specific vulnerabilities to evade traditional filter-based defenses. The exploitation techniques include payload variations that target complex JavaScript execution contexts, utilizing obscure DOM events, and exploiting implementation flaws in client-side security controls. Modern XSS payloads often combine multiple evasion techniques including character encoding manipulation, filter bypass through context switching, and leveraging browser-specific parsing behaviors. The tools and methodologies mentioned focus on advanced testing frameworks that can identify XSS vulnerabilities in complex web applications. The significance of these payloads lies in their continued effectiveness against inadequate input validation and sanitization implementations. The impact ranges from session hijacking and credential theft to complete client-side system compromise. Bug bounty hunters and penetration testers need to understand these advanced techniques as they represent real-world threats that traditional security measures often fail to detect. The article emphasizes that despite framework improvements, XSS remains a critical vulnerability requiring continuous research and adaptation of both attack and defense strategies. #infosec #BugBounty #Cybersecurity #XSS #WebSecurity #Payload #Exploit #CSRF
https://medium.com/@xmxa-tech/top-advanced-xss-payloads-that-still-work-in-2025-58f11191df8f?source=rss------bug_bounty-5