4F404 Foundersin404-founders.comCoruna: How Your iPhone Can Be Hacked Without a Click (And How to Protect Yourself)Imagine opening a completely ordinary web page. You are reading news or visiting a local portal. And in that very moment, without downloading a single file or clicking a suspicious link, your iPhone i4d ago·4 min read
MCMohamed Chadlyinn1ghtm4r3.hashnode.devPayment Page XSS: Bypassing Strict Sanitization through URI StructureSometimes, the best lessons in web development and security come from staring at a seemingly bulletproof application until its underlying mechanics finally crack. We had been deep in the trenches with5d ago·5 min read
OIOghenemaro Ikelegbeincybersage.hashnode.devHow Developers Are Being Targeted Through Bogus Coding TestsSoftware developers hunting for their next job opportunity are being targeted by a sophisticated hacking campaign that turns routine technical assessments into malware delivery systems. Microsoft has 6d ago·9 min read
AAdhamincyberlabhelp.hashnode.devHackTheBox Cap (Linux Room) — Full WalkthroughIn this write-up, we walk through Cap, an easy-rated machine that demonstrates how sensitive data exposure and poor service configuration can lead to full system compromise. The box highlights: PackeMar 1·6 min read
SRSatyam Rastogiinsatyamrastogi.hashnode.devClawJacked WebSocket Hijack: AI Agent Command Injection TTPsOriginally published on satyamrastogi.com ClawJacked vulnerability enables malicious websites to hijack local OpenClaw AI agents via WebSocket connection abuse, allowing remote command execution on victim systems. Executive Summary The ClawJacked v...Mar 1·6 min read
JTJeff Tonginwind010.hashnode.devPathfinderI've been meaning to consolidate scripts I've been using to call various reconnaissance tools for Hack-the-Box and CTFs. The tools (first of each list) are usually the ones I use for pre-liminary scanFeb 24·2 min read
MSMoustafa S. Kamelinblog.klivvr.comThe Silent ScanPicture this… A stranger walks up to your house at 3 AM. They quietly check your windows, test the door handle, then slip away. Your security cameras recorded everything. But the screen that shows thFeb 24·6 min read
SRSatyam Rastogiinsatyamrastogi.hashnode.devCVE-2026-2329: Grandstream VoIP RCE Attack Chain AnalysisOriginally published on satyamrastogi.com CVE-2026-2329 allows attackers to achieve remote code execution on Grandstream VoIP phones without authentication, leading to complete device compromise and call surveillance capabilities. Executive Summary...Feb 23·5 min read
00xryzinn1ghtm4r3.hashnode.devIDOR Fallout: Leaking 2 Million Sensitive Files with a Simple TrickWhen you see a public bug bounty program that has been running for over a decade, the assumption is usually that it's been picked completely clean. Every obvious endpoint has been hammered, and every Feb 21·8 min read
SRSatyam Rastogiinsatyamrastogi.hashnode.devShields Up Defense Tech: Red Team Attack Surface ExpansionOriginally published on satyamrastogi.com Analysis of how cybersecurity defense technologies introduce new attack surfaces. Red team perspective on exploiting AI-powered security tools, cloud-native defenses, and zero trust architectures for initial...Feb 22·5 min read
