| | Compromising Angular via expired NPM publisher email domains (thehackerblog.com) |
|
194 points by fransr on Feb 20, 2022 | past | 75 comments
|
|
| | Compromising Angular via expired NPM publisher email domains (thehackerblog.com) |
|
1 point by mandatory on Feb 13, 2022 | past
|
|
| | Compromising Angular via expired NPM publisher email domains (thehackerblog.com) |
|
3 points by fransr on Feb 11, 2022 | past
|
|
| | Taking Over 20K DigitalOcean Domains via a Lax Domain Import System (2016) (thehackerblog.com) |
|
114 points by johnx123-up on Nov 26, 2020 | past | 51 comments
|
|
| | Chrome Galvanizer – Harden Chrome via enterprise policy (thehackerblog.com) |
|
1 point by migueldemoura on April 23, 2020 | past
|
|
| | tarnish – The Chrome Extension Analyzer (thehackerblog.com) |
|
2 points by mandatory on Nov 21, 2019 | past
|
|
| | Video Downloader Extension Hijack Exploit – UXSS via CSP Bypass (~16 Mil Users) (thehackerblog.com) |
|
1 point by mandatory on March 14, 2019 | past
|
|
| | Still Not Fixed: Taking over 20K DigitalOcean Domains via Lax Domain System (thehackerblog.com) |
|
8 points by Max-20 on Feb 28, 2019 | past
|
|
| | Gaining Control of a .int Domain Name with DNS Trickery (thehackerblog.com) |
|
1 point by amingilani on Dec 20, 2018 | past
|
|
| | Kicking the Rims – A Guide for Securely Writing and Auditing Chrome Extensions (thehackerblog.com) |
|
1 point by mandatory on June 13, 2018 | past
|
|
| | Steam, Fire, and Paste- UXSS via DOM-XSS and Clickjacking Steam Inventory Helper (thehackerblog.com) |
|
1 point by vuln on June 8, 2018 | past
|
|
| | Same Origin Policy Bypass (~8M Users Affected) (thehackerblog.com) |
|
3 points by vuln on June 6, 2018 | past
|
|
| | Reading Your Emails with a Read&Write Chrome Extension SOP Bypass (~8M Affected) (thehackerblog.com) |
|
1 point by mandatory on June 5, 2018 | past
|
|
| | ZenMate VPN Extension Deanonymization and Hijacking Exploit (3.5M Affected) (thehackerblog.com) |
|
1 point by mandatory on May 30, 2018 | past
|
|
| | Accidentally Finding RCE in Signal Desktop via HTML Injection in Quoted Replies (thehackerblog.com) |
|
5 points by mandatory on May 16, 2018 | past
|
|
| | TLDR Beta – TLD DNS Zone Files Made Available to the General Public (thehackerblog.com) |
|
2 points by pjf on Jan 25, 2018 | past
|
|
| | The International Incident – Gaining Control of a .int Domain Name (2016) (thehackerblog.com) |
|
2 points by amingilani on Nov 1, 2017 | past
|
|
| | Taking control of all .io domains with a targeted registration (thehackerblog.com) |
|
1404 points by koenrh on July 10, 2017 | past | 246 comments
|
|
| | The Journey to Hijacking a Country’s TLD – The Hidden Risks of Domain Extensions (thehackerblog.com) |
|
55 points by 0x0 on June 5, 2017 | past | 7 comments
|
|
| | The Journey to Hijacking a Country's DNS – The Hidden Risks of Domain Extensions (thehackerblog.com) |
|
2 points by mandatory on June 5, 2017 | past
|
|
| | The Journey to Hijacking a Country’s TLD (thehackerblog.com) |
|
4 points by wielebny on June 5, 2017 | past
|
|
| | Hacking Guatemala’s DNS (thehackerblog.com) |
|
2 points by moloch on Feb 4, 2017 | past
|
|
| | Spying on Active Directory Users by Exploiting a TLD Misconfiguration (thehackerblog.com) |
|
1 point by spaceboy on Feb 1, 2017 | past
|
|
| | Hacking Guatemala’s DNS – Spying on Active Directory Users via a TLD Misconfig (thehackerblog.com) |
|
3 points by mandatory on Jan 31, 2017 | past
|
|
| | TLDR Beta – View DNS Zone Data Dumps for Countries and Other TLDs (thehackerblog.com) |
|
1 point by mandatory on Jan 18, 2017 | past
|
|
| | Respect My Authority – Hijacking Broken Nameservers to Compromise Your Target (thehackerblog.com) |
|
2 points by maxt on Jan 12, 2017 | past
|
|
| | The Orphaned Internet – Taking Over 120K Domains via a DNS Vulnerability (thehackerblog.com) |
|
117 points by mandatory on Dec 6, 2016 | past | 28 comments
|
|
| | Breaching a CA using XSS (thehackerblog.com) |
|
1 point by aburan28 on Sept 1, 2016 | past
|
|
| | Breaching a CA – Blind XSS in the GeoTrust SSL Operations Panel Using XSS Hunter (thehackerblog.com) |
|
1 point by mandatory on Sept 1, 2016 | past
|
|
| | Sonar.js – A Framework for Scanning and Exploiting Internal Hosts with a Webpage (thehackerblog.com) |
|
1 point by gadtfly on Aug 26, 2016 | past
|
|
|
|
More |
