Payload: Ứng dụng tạo ghi chú định dạng đa dạng lưu trữ NGAY TRONG URL! ✨ Mọi dữ liệu tự chứa trong liên kết - không qua máy chủ, hoạt động offline.
✅ Tự chứa toàn bộ nội dung
✅ Chỉ lưu trên trình duyệt
✅ Không tài khoản, không theo dõi
✅ Tối giản, miễn phí
Phù hợp nội dung ngắn/tb, tạo mã QR dễ dàng. Không dùng AI!
#Payload #Notes #Privacy #Offline #Markdown #NoServer
#TựChứaDữLiệu #GhiChú #RiêngTư #NgoạiTuyến #WebApp
https://www.reddit.com/r/SideProject/comments/1q6cofv/payload_c
XSSNow is a Practical Tool for Ethical XSS Testing and Learning
https://orendra.com/blog/xssnow-is-a-practical-tool-for-ethical-xss-testing-and-learning/ #opensource #xss #payload #hacking #ethicalhacking
#blue_team #malware #payload #browser #image #steganography #exif #clickfix #filefix #cahche_smuggling
Использовать Exif для скрытия данных — не новая идея. Но раньше это делали в сценариях, где само вредоносное ПО скачивает картинку и достает из неё payload. Добавляем Cache Smuggling и любой софт, кэширующий изображения и не удаляющий Exif - пассивный канал доставки второго этапа, без сетевой активности со стороны вредоноса.
А это - загрузчики, которым не нужно связаться с командным сервером (C2-less loaders). Загрузчик может не выполнять веб-запросы, а просто мониторить локальный кэш в поисках файлов, содержащих заранее определенные сигнатуры.
Отсюда вытекает главный вывод для безопасников: нельзя полагаться на предпосылку «если скрипт не делает сетевых запросов, значит, он не получил payload». Если второй этап уже «доставлен» в систему через кэширование, любые меры безопасности, ограничивающие способность скрипта делать веб-запросы, окажутся неэффективными.
#red_team #malware #payload #browser #image #steganography
В кэше — фотка, в ней payload: новый метод скрытой доставки зловредов.
Атака, комбинирующая две техники: принуждение к локальному исполнению (ClickFix/FileFix) и контрабанду кэша (Cache Smuggling).
При этом используется стеганография для внедрения вредоносного payload-а в изображение, которое загружается браузером и сохраняется в его кэше. Вредонос маскируется в байтах графического файла, что позволяет обходить СЗИ и системы детектирования сетевого трафика. При последующем обращении к странице или по команде скрипта происходит извлечение и исполнение скрытого кода из кэшированного изображения.
Поскольку кэш браузера обычно не подвергается глубокому инспектированию, а изображения считаются легитимными статическими ресурсами, техника имеет на редкость высокую эффективность и простоту реализации.
Botnet RondoDox explora falha crítica na plataforma XWiki para lançar ataques
🔗 https://tugatech.com.pt/t74401-botnet-rondodox-explora-falha-critica-na-plataforma-xwiki-para-lancar-ataques
#botnet #criptomoedas #cve #endpoint #grave #Groovy #Hacking #http #java #malware #partido #payload #segurança #servidor #servidores #vulnerabilidade #vulnerabilidades
Facebook phishing pages
Last spring, I resurrected my https://www.inoreader.com/ account to get RSS feed subscriptions for news sources. My email accounts are so over run that I’m not likely to track what’s happening local through them. So, I made a change.
Today, looking through, I noticed an article about a suspicious death and police soliciting for more information. Knowing many of the local Facebook groups are super gossipy, I searched on the victim’s name seeking for find more information.
Instead, I got what looks like a bunch of phishing in the search results. They looks like news articles, but they are fake news organizations. “6 News Mk” is just article after article with the same couple of photos of a “police line do not cross” yellow tape for different events to spam Facebook. The oldest one is from Friday and newest is from Saturday. I would bet they used AI to spew a bunch of posts at Facebook. Some kind of throttling shut down the postings, but no moderation has deleted them. Safely capturing the URL portraying as the full article, it looks like it has a payload.
There’s not really a Facebook option to report that a page is attempting to infect or compromise visitors. (I didn’t link to them because I don’t want my readers to accidentally compromise their computers.)
Also, I found a dozen different ones impersonating a news organizations doing the same for stories about this victim. There’s more of this stuff than results I’d deem legitimate.
I don’t know that staying away from the dark corners of Facebook will help. The goal of these phishing pages is to get them into the news feeds of victims. Facebook needs to do better.
Top Advanced XSS Payloads That Still Work in 2025
This article explores advanced Cross-Site Scripting (XSS) payloads that remain effective in 2025 despite modern security defenses. XSS continues to be a persistent vulnerability due to the complexity of modern web frameworks (React, Vue, Angular) that generate dynamic content with intricate JavaScript behavior patterns. The advanced payloads discussed focus on bypass techniques that overcome common defenses like Content Security Policy (CSP) filters and sanitization libraries. These sophisticated attack vectors leverage encoding obfuscation, DOM event manipulation, and framework-specific vulnerabilities to evade traditional filter-based defenses. The exploitation techniques include payload variations that target complex JavaScript execution contexts, utilizing obscure DOM events, and exploiting implementation flaws in client-side security controls. Modern XSS payloads often combine multiple evasion techniques including character encoding manipulation, filter bypass through context switching, and leveraging browser-specific parsing behaviors. The tools and methodologies mentioned focus on advanced testing frameworks that can identify XSS vulnerabilities in complex web applications. The significance of these payloads lies in their continued effectiveness against inadequate input validation and sanitization implementations. The impact ranges from session hijacking and credential theft to complete client-side system compromise. Bug bounty hunters and penetration testers need to understand these advanced techniques as they represent real-world threats that traditional security measures often fail to detect. The article emphasizes that despite framework improvements, XSS remains a critical vulnerability requiring continuous research and adaptation of both attack and defense strategies. #infosec #BugBounty #Cybersecurity #XSS #WebSecurity #Payload #Exploit #CSRF
https://medium.com/@xmxa-tech/top-advanced-xss-payloads-that-still-work-in-2025-58f11191df8f?source=rss------bug_bounty-5
ClickFix: O ciberataque que o guia por vídeo para infetar o seu PC
🔗 https://tugatech.com.pt/t73979-clickfix-o-ciberataque-que-o-guia-por-video-para-infetar-o-seu-pc
#ataque #bots #ciberataque #cloudflare #computador #detetado #edr #endpoint #engenhariasocial #google #internet #javascript #linux #macos #navegador #online #payload #plugins #SEO #software #tutoriais #windows #WordPress
Почему я выбрал Warp, а не Cursor или Claude Code: мои инструменты, MCP, подход и конкретные приёмы разработки с LLM
15 лет я не писал код, полностью погрузившись в менеджмент. Но LLM вернули мне сверхспособности: в одиночку за два месяца я переписал легаси-проект с 20 тысячами юзеров, который мучил команды разработчиков годами. Всё благодаря правильной связке инструментов, которые превращают AI в младшего разработчика, архитектора и DevOps одновременно. Делюсь конкретикой: почему терминал лучше IDE для AI-разработки, как управлять контекстом через Rules и MCP, какие модели выбирать для разных задач, и почему фреймворки — ваша защита от галлюцинаций LLM.
Satellite Payload Market Expanding Steadily!
The global satellite payload market was valued at USD 10.73 billion in 2024 and is expected to reach USD 16.04 billion by 2032, growing at a CAGR of 3.5%. North America led the market with a 44.92% share in 2024.
Key growth drivers:
Rising demand for communication & Earth observation satellites
Increasing government & commercial satellite launches
Source: https://www.fortunebusinessinsights.com/industry-reports/satellite-payload-market-101829
#SatelliteMarket #SpaceTech #Payload #Aerospace #Telecommunications
Operação DreamJob: Hackers norte-coreanos atacam setor de defesa europeu para roubar segredos de drones
🔗 https://tugatech.com.pt/t73315-operacao-dreamjob-hackers-norte-coreanos-atacam-setor-de-defesa-europeu-para-roubar-segredos-de-drones
#API #criptomoedas #drones #engenhariasocial #hackers #malware #microsoft #payload #servidores #software #tecnologia #trojan
PhantomCaptcha: O ataque que usou um falso CAPTCHA para espiar o governo ucraniano
🔗 https://tugatech.com.pt/t73269-phantomcaptcha-o-ataque-que-usou-um-falso-captcha-para-espiar-o-governo-ucraniano
#android #ataque #ciberataque #ciberespionagem #cloudflare #computador #gabinete #google #hackers #json #localização #navegador #payload #segurança #servidor #spearphishing #spyware #trojan #web #windows #zoom
GlassWorm: O novo worm que usa código invisível para atacar developers no VS Code
🔗 https://tugatech.com.pt/t73188-glassworm-o-novo-worm-que-usa-codigo-invisivel-para-atacar-developers-no-vs-code
#ataque #blockchain #criptomoedas #endpoint #git #Github #google #javascript #malware #marketplace #marketplaces #microsoft #npm #payload #proxy #rust #segurança #sem #servidores #VSCode
Hackers usam blockchain para distribuir malware que rouba dados em Windows e macOS
🔗 https://tugatech.com.pt/t73114-hackers-usam-blockchain-para-distribuir-malware-que-rouba-dados-em-windows-e-macos
#armazenamento #ataque #blockchain #browser #detetado #engenhariasocial #google #hackers #javascript #Lumma #macos #malware #payload #proxy #sem #servidor #software #windows #WordPress
Chinese Gang Used ArcGIS As A Backdoor For A Year – And No One Noticed
[State sponsored] Crims turned trusted [#ESRI] mapping software into a hideout - no traditional malware required
--
https://www.theregister.com/2025/10/14/chinese_hackers_arcgis_backdoor/ <-- shared media article
--
https://www.scworld.com/brief/novel-flax-typhoon-campaign-exploited-arcgis-for-extended-persistence <-- shared technical media article
--
https://reliaquest.com/blog/threat-spotlight-inside-flax-typhoons-arcgis-compromise <-- shared security technical article
--
https://securityaffairs.com/183398/apt/flax-typhoon-apt-exploited-arcgis-server-for-over-a-year-as-a-backdoor.html <-- shared security technical article
--
“A Chinese state-backed cybergang known as Flax Typhoon spent more than a year burrowing inside an ArcGIS server, quietly turning the trusted mapping software into a covert backdoor..."
#GIS #spatial #mapping #security #malware #exploit #ArcGIS #server #China #statesponsored #FlaxTyphoon #espionage #SOE #objectextension #hidden #payload #backups #risk #hazard #restapi #credentials #flaw #malicious #persistence
Alerta programadores: Extensões maliciosas no VSCode roubam criptomoedas e código-fonte
🔗 https://tugatech.com.pt/t72940-alerta-programadores-extensoes-maliciosas-no-vscode-roubam-criptomoedas-e-codigo-fonte
#API #ataque #computador #criptomoedas #Github #http #javascript #malware #marcas #marketplace #microsoft #Opera #payload #PCA #ransomware #segurança #sem #VSCode
“Podes testar o meu jogo?”: o novo malware que se espalha pelo Discord com páginas falsas do Itch.io
🔗 https://tugatech.com.pt/t72571-podes-testar-o-meu-jogo-o-novo-malware-que-se-espalha-pelo-discord-com-paginas-falsas-do-itch-io
#ataque #BIOS #brave #chrome #computador #criptomoedas #Discord #Edge #firefox #fraude #game #malware #navegador #Opera #payload #sem #software #steam #windows
⚠️ The click isn’t “Join meeting”, it’s Join compromise
That “urgent meeting” in your inbox?
Might be carrying a #payload.
Attackers are now hiding base64 HTML code inside .ics files, using client quirks to slip past filters.
#CyberSecurity #Phishing #Infosec #RedTeam #BlueTeam
#PacketHunters - HTML smugglin...
Ficheiros SVG: a nova arma dos hackers para esconder malware perigoso
🔗 https://tugatech.com.pt/t72174-ficheiros-svg-a-nova-arma-dos-hackers-para-esconder-malware-perigoso
#ataque #computador #detetado #digital #engenhariasocial #hackers #internet #judicial #malware #mundo #navegador #payload #phishing #PNG #segurança #sem #servidores #software #svg #trojan #xml
