kingthorin_rmHey Fediverse. Can you get @zaproxy to 15k โญ๏ธ?
#OpenSource #DAST #AppSec #WebAppSec #ITSec #CyberSec #PenTest #BugBountyTips
Current Stars 14500
Michael GarwegI completed the Web Security Academy lab:
2FA simple bypass
#authentication_bypass #WebAppSec
https://portswigger.net/web-security/authentication/multi-factor/lab-2fa-simple-bypass
I just completed the Web Security Academy lab:
Authentication bypass via OAuth implicit flow
#AuthenticationBypass #WebAppSec #Cybersecurity
https://portswigger.net/web-security/oauth/lab-oauth-authentication-bypass-via-oauth-implicit-flow
pentest-tools.comEver found /backup.zip five minutes before your report was due?
Yeah - this oneโs for you.
We just gave our URL Fuzzer a good refresh - cleaner look, more detailed specs, and faster results you can truly act on.
Because attackers love the stuff no one remembers to lock down:
๐ /backup.zip
๐ง /admin-old/
๐ฆ /staging/
โฆyou get the idea.
Now itโs even easier to:
โ
Uncover unlinked or forgotten resources
โ
Spot exposed config files, DB dumps, and admin panels
โ
Cut through static and surface real exposure - fast
๐ Try the new experience ๐ https://pentest-tools.com/website-vulnerability-scanning/discover-hidden-directories-and-files
jackie (ze/hir | she/her)Auch heuer geb ich bei der ditact wieder einen Workshop zur "Web Application Security". Als hands-on intro, bei der wir uns interaktiv in das ethical hacking von Web-Apps einarbeiten.
Quick facts:
* 1.-2. Sept.
* Vor Ort am TechnoZ Campus der Uni Salzburg
* kurze Intro in Web Application Security
* dann iterativ 4 verbreitete Vulnerabilities kennenlernen, exploiten probieren und diskutieren, wie wir sie verhindern
Mehr Details hier: https://ditact.ac.at/course/2615-kurs-web-application-security-hands-on-intro
Okay let's talk #WednesdayWin. Please share your stories no matter how big or small. Our community: #InfoSec #CyberSec needs to hear some positive stories. All accomplishments count.
For me: 11 years in Open Source #OpenSource
According to LinkedIn I've been working in/on Open Source for 11 years. I suspect that's on the low side, between ZAP and OWASP, but whatever.
Huge thanks to Checkmarx for making possible for me to work on it full time as of last fall. It's been just over 200 days, and it's wonderful!
The @zaproxy team did some stuff in March ๐ You can get the details here:
https://www.zaproxy.org/blog/2025-04-02-zap-updates-march-2025/
Opalsec 
malicious npm packages (again) targeting cryptocurrency projects, CEOs cranky over CVEs, and BlackLock gets pantsed - here's your Friday wrap up in Infosec News ๐
๐ https://opalsec.io/daily-news-update-friday-march-28-2025-australia-melbourne/
Here's a quick rundown of what's inside:
๐ฆ npm Package Nightmare: 10 packages compromised by an infostealer campaign targeting developer environments. Sensitive data was siphoned off to a remote host. Most of the packages are still available on npm, so be careful!
๐ฆ Firefox Flaw: A critical sandbox escape vulnerability (CVE-2025-2857) patched in Firefox 136.0.4. Windows users, update ASAP! This one's similar to a Chrome zero-day used in espionage campaigns.
๐ฅ Ransomware Reckoning: Advanced, a UK healthcare IT provider, slapped with a ยฃ3.1 million fine after a LockBit ransomware attack. Lack of vulnerability scanning and poor patch management were key factors.
๐ Extension Exploitation: Browser extensions can be bought and repurposed, posing a sneaky threat to enterprises. An extension was bought for $50 and was quickly repurposed to redirect traffic.
โก Solar Scare: Dozens of vulnerabilities in solar inverters could let attackers disrupt power grids. Remote code execution, device takeover, and more are possible.
๐ CrushFTP Clash: CEO responds aggressively to VulnCheck after critical unauthenticated access vulnerability (CVE-2025-2825) is released. Vulnerability disclosure and patching processes need to be improved!
๐ต๏ธโโ๏ธ Pegasus in Serbia: Journalists targeted with Pegasus spyware, marking the third time in two years that Amnesty has found Pegasus deployed against Serbian civil society.
๐ค Mamont Malware: Russian authorities arrest three for developing the Mamont Android banking trojan. This malware steals financial data and spreads through Telegram.
๐ฆน Ransomware Reverse: Resecurity infiltrates the BlackLock ransomware gang, gathering intel to help victims. LFI vulnerability exploited, and data shared with authorities.
Stay vigilant out there, folks! ๐ก๏ธ
#Cybersecurity #InfoSec #Vulnerability #Ransomware #Malware #npm #Firefox #Pegasus #SolarInverters #DataBreach #ThreatIntel #CyberThreats #SecurityNews #WebAppSec #ZeroDay #PatchManagement #infostealer #blacklock #crushftp #mamont
Daily News Update: Friday, March 28, 2025 (Australia/Melbourne)
Infostealer Campaign Compromises 10 npm Packages Ten npm packages were updated with malicious code to steal environment variables and other sensitive data from developers' systems. The campaign targeted multiple cryptocurrency-related packages, and the popular 'country-currency-map' package was downloaded thousands of times a week. All these packages, except for country-currency-map, are
๐ฐ @zaproxy โก release 2.16.1 just landed: https://www.zaproxy.org/blog/2025-03-25-zap-2-16-1/
Giant set of #zaproxy add-on releases this morning. Including many fixes and improvements.