LWN is currently under the heaviest scraper attack seen yet
https://social.kernel.org/notice/B2JlhcxNTfI8oDVoyO
#HackerNews #LWN #Scraper #Attack #Heavy #Traffic #Cybersecurity #OpenSource #News
Democracy Is Under Attack
#HackerNews #Democracy #Is #Under #Attack #democracy #democracy2023 #politicalfreedom #civicengagement #activism
How much do you want to bet that Congress will whine and scream about this whole #Venezuela #Attack but will do jack shit.
Yogthos
boosted
Sneak Preview for clj-threats - we have released the first version.
https://repo.prod.meissa.de/meissa/clj-threats
clj-threats is devops style tool for continuous threat analysis.
The system definition is compatible with threagile, but we added attack trees.
We will enhance the attack tree library while using this tool for the threat analysis for federated forgejo.
#clojure #forgejo #threat-modelling #attack-tree #federation
Sneak Preview for clj-threats - we have released the first version.
https://repo.prod.meissa.de/meissa/clj-threats
clj-threats is devops style tool for continuous threat analysis.
The system definition is compatible with threagile, but we added attack trees.
We will enhance the attack tree library while using this tool for the threat analysis for federated forgejo.
#clojure #forgejo #threat-modelling #attack-tree #federation
Puget Sound Anarchists: **Social War Bulletin #1 – Against Flock and its World**
https://pugetsoundanarchists.org/social-war-bulletin-1-against-flock-and-its-world/
anonymous submission – The first issue of the Social War Bulletin – Against Flock and Its World This is an irregular print counter-info…
#Analysis #Attack #Surveillance #Automatedlicenseplatereaders #Flock #Publication
We are currently fighting against a DDoS attack against our service and our status page. We are analyzing network traffic with the help of our ISP at the moment and let you know once we have updates to share.
Good luck! In the long run, there is only one serious defense against DDoS and other attacks: federation. I’m really looking forward to @forgejo
supporting federation for repository forks and pull requests.
STOP OCCUPATION 🍉 S. Costa
boosted
Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages
Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave the way for a supply chain compromise on the Python Package Index (PyPI) via a domain takeover attack.
https://thehackernews.com/2025/11/legacy-python-bootstrap-scripts-create.html
#python #bootstrap #pypi #itsecurity #py #domaintakeover #domain #takeover #coding #cybersecurity #supplychain #attack #packaging #itsec #infosec
Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages
Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave the way for a supply chain compromise on the Python Package Index (PyPI) via a domain takeover attack.
https://thehackernews.com/2025/11/legacy-python-bootstrap-scripts-create.html
#python #bootstrap #pypi #itsecurity #py #domaintakeover #domain #takeover #coding #cybersecurity #supplychain #attack #packaging #itsec #infosec
Azure hit by 15 Tbps DDoS attack using 500k IP addresses
#HackerNews #Azure #DDoS #Attack #15Tbps #Cybersecurity #Cloud #Computing #Tech #News
Und nun geht's los
Yogthos
boosted
(2/2) We used one of the threats seen in federation for forgejo as first real world example.
The example report output can be found here: https://repo.prod.meissa.de/meissa/clj-threats/src/branch/main/report/report.pdf
It is just a first "hello world" but the core concepts are quite working.
#clojure #forgejo #federation #threat-modelling #attack-tree #security
(2/2) We used one of the threats seen in federation for forgejo as first real world example.
The example report output can be found here: https://repo.prod.meissa.de/meissa/clj-threats/src/branch/main/report/report.pdf
It is just a first "hello world" but the core concepts are quite working.
#clojure #forgejo #federation #threat-modelling #attack-tree #security
alcinnz
boosted
Brash: Chromium Browser DoS Attack via document.title Exploitation
Brash is a critical vulnerability in Blink, the rendering engine that powers Google's Chromium-based browsers. It allows any Chromium browser to collapse in 15-60 seconds by exploiting an architectural flaw in how certain DOM operations are managed.
#chromium #webbrowser #dosattack #blink #attack #dos #websecurity #brash #web #poc #documenttitle #websecurity #itsec #itsecurity #browser #google
Brash: Chromium Browser DoS Attack via document.title Exploitation
Brash is a critical vulnerability in Blink, the rendering engine that powers Google's Chromium-based browsers. It allows any Chromium browser to collapse in 15-60 seconds by exploiting an architectural flaw in how certain DOM operations are managed.
#chromium #webbrowser #dosattack #blink #attack #dos #websecurity #brash #web #poc #documenttitle #websecurity #itsec #itsecurity #browser #google
»Crash, Boom, Bang—Offene Sicherheitslücke lässt fast alle aktuellen Browser abstürzen:
Das Problem betrifft sämtliche Chromium-basierten Browser und zeigt damit, wie weit die Monokultur in diesem Bereich vorangeschritten ist«
Vorher hatte ich oben den original Link getootet. Hier noch ein deutscher Artikel erklärend darüber.
#chromium #webbrowser #dosattack #blink #attack #dos #websecurity #brash #web #poc #documenttitle #websecurity #itsec #browser #google #chrome
Brash: Chromium Browser DoS Attack via document.title Exploitation
Brash is a critical vulnerability in Blink, the rendering engine that powers Google's Chromium-based browsers. It allows any Chromium browser to collapse in 15-60 seconds by exploiting an architectural flaw in how certain DOM operations are managed.
#chromium #webbrowser #dosattack #blink #attack #dos #websecurity #brash #web #poc #documenttitle #websecurity #itsec #itsecurity #browser #google
Joachim
boosted
“GlassWorm isn't just another supply chain attack. It's using stealth techniques we've never seen before - invisible Unicode characters that make malicious code literally disappear from code editors. Combine that with blockchain-based C2 infra that can't be taken down, Google Calendar as a backup command server, and a full remote access trojan that turns every infected dev into a criminal proxy node.”
#technology #attack #security #cybersecurity #malware #vscode
“GlassWorm isn't just another supply chain attack. It's using stealth techniques we've never seen before - invisible Unicode characters that make malicious code literally disappear from code editors. Combine that with blockchain-based C2 infra that can't be taken down, Google Calendar as a backup command server, and a full remote access trojan that turns every infected dev into a criminal proxy node.”
#technology #attack #security #cybersecurity #malware #vscode
Stefano Marinelli
boosted
Where The Wild Things Are: Brute-Force SSH Attacks In The Wild And How To Stop Them
This document was shared here by @ricci I've not gotten to study the document in detail. JUst saw it again in my download dir of my now defunct miniPC by gigabyte
Of course I will link you to his page so you can download the paper yourself. THe research covers 4 years and 500+ (512?) servers
Go to his post here read and learn.
You can learn a LOT from this research
Where The Wild Things Are: Brute-Force SSH Attacks In The Wild And How To Stop Them
This document was shared here by @ricci I've not gotten to study the document in detail. JUst saw it again in my download dir of my now defunct miniPC by gigabyte
Of course I will link you to his page so you can download the paper yourself. THe research covers 4 years and 500+ (512?) servers
Go to his post here read and learn.
You can learn a LOT from this research