Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://chaos.social/@HonkHase" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>HonkHase</span></a></span> ja, die <a href="https://infosec.space/tags/OpSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpSec</span></a> jener <a href="https://infosec.space/tags/KRITIS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>KRITIS</span></a> ist quasi nichtexistent.</p><ul><li>Und nein, ich werde nicht in Details gehen.</li></ul><p>Nur soviel: Mich bezahlt keine*r die dazu authorisiert sind für's <a href="https://infosec.space/tags/Pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Pentesting</span></a>!</p>
Recent searches
No recent searches
Search options
Only available when logged in.
mamot.fr is one of the many independent Mastodon servers you can use to participate in the fediverse.
Mamot.fr est un serveur Mastodon francophone, géré par La Quadrature du Net.
Administered by:
Server stats:
3.3Kactive users
mamot.fr: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.4
#pentesting
10 posts · 10 participants · 2 posts today
5h15h<p>wow .. this is amazing: A handheld <a href="https://techhub.social/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> terminal (running <a href="https://techhub.social/tags/kali_linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>kali_linux</span></a>) using <a href="https://techhub.social/tags/RaspberryPi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RaspberryPi</span></a> Zero 2W as Core with 4" 720X720 TFT display and the original BlackBerry Keyboard <a href="https://github.com/ZitaoTech/Hackberry-Pi_Zero" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/ZitaoTech/Hackberry</span><span class="invisible">-Pi_Zero</span></a> </p><p><a href="https://techhub.social/tags/Pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Pentesting</span></a> <a href="https://techhub.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://techhub.social/tags/ethicalhacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ethicalhacking</span></a> <a href="https://techhub.social/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>linux</span></a> <a href="https://techhub.social/tags/kalilinux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>kalilinux</span></a></p>
CyberEthical.Me<p>I just pwned MisCloud on Hack The Box!<br><a href="https://labs.hackthebox.com/achievement/sherlock/555018/759" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">labs.hackthebox.com/achievemen</span><span class="invisible">t/sherlock/555018/759</span></a> <br><a href="https://infosec.exchange/tags/HackTheBox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HackTheBox</span></a> <a href="https://infosec.exchange/tags/htb" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>htb</span></a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/EthicalHacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EthicalHacking</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/PenTesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PenTesting</span></a></p>
0x40k<p>Yo, IT-Sec crowd! ✌️</p><p>Anyone else noticing how *everyone* seems to be talking about AI-powered security tools these days? Yeah, it's everywhere. But let's be real for a sec – are they *truly* as amazing as the hype suggests? 🤔</p><p>I mean, okay, AI can definitely be useful for spotting anomalies and patterns, no doubt about that. But here's a thought: what happens if the AI itself gets compromised? Or what about when it starts churning out false alarms simply because it doesn't *really* grasp the situation? 🤖</p><p>Honestly, I've got my reservations. While automation is certainly nice to have, I'm convinced a skilled pentester, you know, one with actual brainpower and a strategic approach, still outsmarts any AI – at least for the time being. 😎 And look, if AI eventually *does* get significantly better, well, that just means it's time for us to add another skill to our toolkit. 🤷♂️</p><p>So, what's your perspective on this? Do you see AI completely taking over the pentesting scene, or is that human touch going to remain irreplaceable? 🔥 Let the debate begin!</p><p><a href="https://infosec.exchange/tags/AISecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AISecurity</span></a> <a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Pentesting</span></a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> <a href="https://infosec.exchange/tags/Hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Hacking</span></a></p>
CyberEthical.Me<p>I just pwned Compromised on Hack The Box! <a href="https://labs.hackthebox.com/achievement/sherlock/555018/758" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">labs.hackthebox.com/achievemen</span><span class="invisible">t/sherlock/555018/758</span></a> </p><p><a href="https://infosec.exchange/tags/HackTheBox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HackTheBox</span></a> <a href="https://infosec.exchange/tags/htb" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>htb</span></a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/EthicalHacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EthicalHacking</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/PenTesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PenTesting</span></a></p>
nickbearded<p>From day one, TShark has been an essential part of <a href="https://mastodon.social/tags/BashCore" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BashCore</span></a>. It’s not just a substitute for Wireshark—it’s the same powerful engine, but fully command-line. If you’re serious about network analysis and pentesting, mastering TShark is a must.</p><p>It has nothing less than Wireshark, just no GUI. Learn it, and you’ll have full control over packet capture and analysis, even on minimal systems.</p><p><a href="https://www.wireshark.org/docs/man-pages/tshark.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">wireshark.org/docs/man-pages/t</span><span class="invisible">shark.html</span></a></p><p><a href="https://mastodon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mastodon.social/tags/Networking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Networking</span></a> <a href="https://mastodon.social/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <a href="https://mastodon.social/tags/TShark" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TShark</span></a> <a href="https://mastodon.social/tags/Pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Pentesting</span></a> <a href="https://mastodon.social/tags/NoGUI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NoGUI</span></a></p>
halil deniz<p>SQL Injection Cheat Sheet: A Comprehensive Guide<br><a href="https://denizhalil.com/2025/04/02/sql-injection-cheat-sheet/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">denizhalil.com/2025/04/02/sql-</span><span class="invisible">injection-cheat-sheet/</span></a></p><p><a href="https://mastodon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.social/tags/websecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>websecurity</span></a> <a href="https://mastodon.social/tags/sql" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sql</span></a> <a href="https://mastodon.social/tags/sqlinjection" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sqlinjection</span></a> <a href="https://mastodon.social/tags/webapplicationsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>webapplicationsecurity</span></a> <a href="https://mastodon.social/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a> <a href="https://mastodon.social/tags/ethicalhacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ethicalhacking</span></a> <a href="https://mastodon.social/tags/blogger" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>blogger</span></a></p>
0x40k<p>FIN7 *again*? Seriously, these guys just don't quit, do they? 🙄</p><p>Heads up – they've cooked up an Anubis backdoor using Python. And nope, *it's not* the Android Trojan people know. It's pretty wild what this thing packs: we're talking remote shell capabilities, file uploads, messing with the registry... 🤯 Basically, the keys to the kingdom!</p><p>And let me tell you from a pentester's perspective: Just relying on AV? That's *definitely* not gonna cut it anymore. We all know that, right?</p><p>Looks like they're slipping in through compromised SharePoint sites now? Yikes. The nasty part? A Python script decrypts the payload *directly in memory*, making it incredibly tough to spot! 🥴 Plus, their command and control chats happen over a Base64-encoded TCP socket.</p><p>So, keep a *sharp eye* on those ZIP attachments! Double-check your SharePoint sites' integrity. You'll also want to monitor network traffic closely (especially that TCP activity!). And make sure your endpoint security is actually up to snuff – remember, they love finding ways to bypass defenses!</p><p>How are *you* tackling threats like this one? What are your go-to tools and strategies for defense? 🤔 Let's share some knowledge!</p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/FIN7" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FIN7</span></a> <a href="https://infosec.exchange/tags/APT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>APT</span></a> <a href="https://infosec.exchange/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://infosec.exchange/tags/SharePoint" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SharePoint</span></a> <a href="https://infosec.exchange/tags/WindowsSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WindowsSecurity</span></a></p>
OWASP Foundation<p>Master Modern Web App Security at OWASP Global AppSec EU 2025 in Barcelona!</p><p>2-Day Training | May 27-28, 2025 <br>Level: Intermediate | Trainer: Abraham Aranguren </p><p>Take a 100% hands-on deep dive into the OWASP Security Testing Guide and Application Security Verification Standard (ASVS) in this action-packed course. </p><p>Register now ⬇️ <br><a href="https://owasp.glueup.com/event/123983/register/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">owasp.glueup.com/event/123983/</span><span class="invisible">register/</span></a></p><p><a href="https://infosec.exchange/tags/OWASP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OWASP</span></a> <a href="https://infosec.exchange/tags/AppSecEU2025" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AppSecEU2025</span></a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/PenTesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PenTesting</span></a> <a href="https://infosec.exchange/tags/WebSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WebSecurity</span></a> <a href="https://infosec.exchange/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DevSecOps</span></a> <a href="https://infosec.exchange/tags/NodeJS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NodeJS</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/Barcelona" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Barcelona</span></a></p>
0x40k<p>Whoa, talk about déjà vu! Seems like Firefox is playing catch-up right after Chrome dropped a fix for a sandbox escape. 🤯 Keep an eye out for CVE-2025-2857.</p><p>So, what's the deal? In short, this nasty bug could let an attacker break right out of the browser's protective sandbox. And *that* means they could potentially gain full access to your system. Yeah, pretty scary stuff. 😱</p><p>If you're running Firefox on Windows, heads up! This affects versions 136.0.4, ESR 115.21.1, and ESR 128.8.1. This whole situation feels familiar because Chrome *just* patched CVE-2025-2783, a similar issue that attackers were already actively exploiting out in the wild!</p><p>Make no mistake, sandbox escapes are a huge deal. As a pentester, I can tell you: vulnerabilities like this get weaponized *fast*. Don't wait around.</p><p>Seriously, update your Firefox ASAP! Trust me, you don't want to deal with the fallout if someone exploits this. It could get costly, fast.</p><p>Ever seen a browser exploit do its thing live? Wild, right? Drop your stories below!</p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a> <a href="https://infosec.exchange/tags/firefox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>firefox</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/updateNOW" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>updateNOW</span></a></p>
LMG Security<p>Learn how to pentest your own network in our new step-by-step guide from Senior Cybersecurity Consultant Bryan Bijonowski Jr. Bryan explains why penetration testing is crucial for identifying weaknesses before attackers do, then guides IT professionals through the process of pentesting their own networks to strengthen their organization's defenses and significantly reduce cybersecurity risks!</p><p>Check it out: <a href="https://www.lmgsecurity.com/how-to-pentest-your-own-network-a-7-step-guide-for-it-pros/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">lmgsecurity.com/how-to-pentest</span><span class="invisible">-your-own-network-a-7-step-guide-for-it-pros/</span></a></p><p><a href="https://infosec.exchange/tags/Pentest" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Pentest</span></a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a> <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://infosec.exchange/tags/riskmanagement" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>riskmanagement</span></a> <a href="https://infosec.exchange/tags/ITsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ITsecurity</span></a> <a href="https://infosec.exchange/tags/IT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IT</span></a> <a href="https://infosec.exchange/tags/CISO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CISO</span></a></p>
0x40k<p>Whoa, just stumbled onto something pretty wild: "Atlantis AIO." Heard it called the Swiss Army knife for credential stuffing! 🔪</p><p>Not sure what that is? Okay, picture this: hackers grab massive batches of leaked passwords. Then, they just systematically try those logins *everywhere*. Atlantis AIO basically automates that whole nasty process, making it super efficient for them.</p><p>And yeah, that means your Netflix, your email, even your online banking could be in the crosshairs! 🎯</p><p>Now, speaking from my experience as a pentester, it's frighteningly common to see how effective credential stuffing is, *especially* when people aren't using MFA. Sure, complex password rules are a start, but honestly, they often just aren't enough on their own.</p><p>Multi-Factor Authentication (MFA)? *That's* the real gamechanger here. 🔑 Seriously, turning it on wherever you can makes a massive difference.</p><p>Anyway, curious to hear from you all – have any of you run into attacks like this before, or seen the fallout? What happened? Drop your stories below!</p><p><a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Pentesting</span></a></p>
0x40k<p>Seriously, Broadcom... what's the deal lately? 🤯</p><p>First up, we've got CVE-2025-22230 hitting VMware Tools for Windows. This nasty bug basically lets standard users inside a VM escalate their privileges to admin level. Yikes! 😬 With a CVSS score of 7.8, you'll want to jump on this fix ASAP. It impacts versions 11.x.x and 12.x.x, so upgrading to 12.5.1 needs to be right at the top of your list!</p><p>But wait, there's more. CrushFTP is also sounding the alarm about unauthenticated access vulnerabilities lurking on HTTP(S) ports in versions 10 and 11. It's definitely time to double-check those DMZ configurations. Rapid7 has confirmed that exploits are out there, allowing unauthorized access. Pretty intense, right?</p><p>Stuff like this is a stark reminder: while automated scans have their place, they just don't cut it alone. Real-deal penetration testing is absolutely essential. Those manual checks are what uncover the sneaky issues that automated tools often breeze right past.</p><p>What's your take on this recent wave? How are you keeping your own environments locked down tight? Let's talk 👇</p><p><a href="https://infosec.exchange/tags/ITSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ITSecurity</span></a> <a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Pentesting</span></a> <a href="https://infosec.exchange/tags/VMware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VMware</span></a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/VulnerabilityManagement" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VulnerabilityManagement</span></a></p>
IT News<p>Physical Key Copying Starts With a Flipper Zero - A moment’s inattention is all it takes to gather the information needed to make a ... - <a href="https://hackaday.com/2025/03/25/physical-key-copying-starts-with-a-flipper-zero/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">hackaday.com/2025/03/25/physic</span><span class="invisible">al-key-copying-starts-with-a-flipper-zero/</span></a> <a href="https://schleuss.online/tags/lockpickinghacks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>lockpickinghacks</span></a> <a href="https://schleuss.online/tags/duplicating" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>duplicating</span></a> <a href="https://schleuss.online/tags/flipperzero" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>flipperzero</span></a> <a href="https://schleuss.online/tags/lockpicking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>lockpicking</span></a> <a href="https://schleuss.online/tags/locksports" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>locksports</span></a> <a href="https://schleuss.online/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a></p>
Florian<p>When I started the IC_Null channel the idea was to cover topics primarily about <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a>, <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a>, <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a> etc. from a <a href="https://infosec.exchange/tags/blind" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>blind</span></a> perspective. Blind as in <a href="https://infosec.exchange/tags/screenReader" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>screenReader</span></a> user, that is. But an overarching topic is showing off what jobs are (up to a point) doable for this demographic and where the obstacles are. Today's stream leans that way: we'll be looking at the premier <a href="https://infosec.exchange/tags/translation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>translation</span></a> and <a href="https://infosec.exchange/tags/localization" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>localization</span></a> tool, Trados Studio. Supposedly they have upped their <a href="https://infosec.exchange/tags/accessibility" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>accessibility</span></a> as of late. I'll be the judge of that 💀<br>I'll see you all on <a href="https://infosec.exchange/tags/youtube" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>youtube</span></a> and <a href="https://infosec.exchange/tags/twitch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>twitch</span></a> just under 1.5 hours from now. https://twitch.tvic_null <a href="https://youtube.com/@blindlyCoding" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">youtube.com/@blindlyCoding</span><span class="invisible"></span></a> <a href="https://infosec.exchange/tags/selfPromo" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>selfPromo</span></a> <a href="https://infosec.exchange/tags/stream" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>stream</span></a> <a href="https://infosec.exchange/tags/trados" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>trados</span></a></p>
0x40k<p>Whoa, 112 SaaS apps per company? Seriously?! 🤯 Most folks don't even realize what's going on...</p><p>SaaS security is a *huge* deal. I mean, who's actually patching Office 365 correctly? And are you really keeping an eye on permissions? Probably not.</p><p>We've got Shadow IT, misconfigurations, and third-party risks – the whole shebang! Every app's different. One wrong setting? It is Jackpot time for attackers!</p><p>As a pentester, I often see how much SaaS is underestimated. I had a client once tell me, "We've got a firewall!" Yeah, but that doesn't cover, well, *everything*.</p><p>Your SaaS security needs a holistic approach. AI can help, sure, but it's not a magic bullet. Data is crucial for AI, as we know! And AI likes to, shall we say, make stuff up sometimes!</p><p>So, go check your SaaS configs! Keep an eye out for Shadow IT and third-party vendors. AI tools are cool for monitoring. But, you know, keep it real! Don't forget about those penetration tests!</p><p>How are *you* securing your SaaS environment? What red flags have you spotted? Let's hear it!</p><p><a href="https://infosec.exchange/tags/SaaS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SaaS</span></a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AI</span></a> <a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Pentesting</span></a> <a href="https://infosec.exchange/tags/CloudSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudSecurity</span></a></p>
0x40k<p>Wow, things are getting wild in the Kubernetes world! The name alone – "IngressNightmare" – gives me chills! 🤯 It's crucial to know this affects the Ingress NGINX Controller, *not* the NGINX Ingress Controller. That's a big difference!</p><p>Wiz really uncovered something huge. We're talking over 6,500 vulnerable clusters, with the potential for some serious Remote Code Execution (RCE). Ouch! They found that a scary 43% of cloud environments are impacted.</p><p>It appears, that these kinds of vulnerabilities often slip past standard scans. You really need manual penetration testing to catch them. And as a pentester myself, I can tell you, it's frequently like digging for buried treasure! 😅</p><p>Here are the CVEs to watch out for: CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, CVE-2025-1974. These have a CVSS score of 9.8! So, you'll want to update to 1.12.1, 1.11.5, or 1.10.7 *immediately*. Another crucial step? See if your Admission Webhook Endpoint is exposed. Make sure you're limiting access. Don't need it? Then, turn it off!</p><p>So, what are your experiences with K8s security? I'm curious, what tools do you swear by? 🤔</p><p><a href="https://infosec.exchange/tags/kubernetes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>kubernetes</span></a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a> <a href="https://infosec.exchange/tags/devsecops" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>devsecops</span></a> <a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cloudsecurity</span></a></p>
0x40k<p>Whoa, the IT security world was on FIRE this week! 🤯 Open source supply chain attacks, malware sneaking into the Play Store, ransomware bypassing EDR... and is AI just pouring gasoline on the phishing flames?! Seriously intense! 😳 Cloud security's getting a raw deal and let's be real, backups are only as good as their security.</p><p>It's wild how rapidly the threat landscape's evolving, isn't it? Gotta stay sharp, folks! Automated vulnerability scans? They're definitely nice, but manual penetration tests are still essential. And AI? Awesome tech, but also seriously risky. Disinformation and manipulation are spiraling out of control. We've gotta stay vigilant!</p><p>So, what are *your* biggest IT security pain points right now? Spill the beans!</p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a> <a href="https://infosec.exchange/tags/offensiveSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>offensiveSecurity</span></a></p>
Konstantin :C_H:<p>With <a href="https://infosec.exchange/tags/CVE_2025_29927" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE_2025_29927</span></a>, Next.js has now suffered its second major vulnerability in just three months, following <a href="https://infosec.exchange/tags/CVE_2024_51479" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE_2024_51479</span></a>.</p><p>I originally built CVE Crowd with <a href="https://infosec.exchange/tags/NextJS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NextJS</span></a>.</p><p>However, as the application became more complex (especially with authentication), I decided to switch to a framework I was more familiar with.</p><p>Honestly, I’m feeling a bit relieved about that right now...</p><p><a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Pentesting</span></a> <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AppSec</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/BugBounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BugBounty</span></a> <a href="https://infosec.exchange/tags/Hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Hacking</span></a> <a href="https://infosec.exchange/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE</span></a> <a href="https://infosec.exchange/tags/CVECrowd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVECrowd</span></a></p>
Teri Radichel<p>Seeking signs of <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> posts on this platform. Or information on <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a> <a href="https://infosec.exchange/tags/bugbounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bugbounty</span></a> what’s causing <a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>databreach</span></a> es and how to stop them.</p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload