Monday, December 30, 2024
DoubleClickjacking: A New Era of UI Redressing
›
“Clickjacking” is becoming less practical as modern browsers set all cookies to “SameSite: Lax” by default. Even if an ...
Sunday, February 4, 2024
Cross Window Forgery: A New Class of Web Attack
›
I've uncovered a technique that exposes a new class of client side web vulnerability. By leveraging two seemingly unrelated browser feat...
Friday, April 2, 2021
This man thought opening a TXT file is fine, he thought wrong. macOS CVE-2019-8761
›
CVE-2019-8761 is an interesting macOS bug I found that lets attackers execute HTML within a TXT file, leak files, and do all sorts of other ...
›
Home
View web version
