@lbherrera_ seems like the link is down, unless that's part of the challenge haha

@joaxcar @kevin_mizu (and false negatives)

@garethheyes Ohh interesting! Btw, I replaced `$[chr]` with `String.fromCodePoint($[i])` in the templates, as otherwise it causes incorrect results because the characters aren't escaped.

@stevekrouse @NotionHQ using a ccTLD like this seems like a security risk, especially that has seized a domain before

@stevekrouse @alyankovic @thelonelyisland @boburnham @gabegundacker

RT @ndevtk: Bug write-up for Google Extensions thanks @ThomasOrlita and others for the help :) this writeup does in…

Overview of different vulnerabilities in Google's new web-based collaboration tool Threadit: XSS, Clickjacking, ACL bypass, Info leak... #BugBounty #InfoSec

@ShitUserStory

@missoum1307 @PortSwigger Sign in regular Chrome, intercept and copy the Set-Cookie header from the response. In the embedded browser open intercept the response and include the copied Set-Cookie header.

@AvidSec @filedescriptor Since the build is failing for some people, I've added the compiled version under the Releases tab. I'll also post a link to the extension on the Chrome Web Store once it's approved there, however that might take several weeks.

@TeslaTheGod @filedescriptor This means you didn't build the extension. First you need to install the dependencies using `npm i` and then build it with `npm run build`. After that load the `public` folder.

@TeslaTheGod @filedescriptor Can you elaborate?

@h4x0r_dz @filedescriptor Hey, please make sure you ran `npm run build`

RT @filedescriptor: Untrusted Types just got a new UI with better filtering options and features thanks to @ThomasOrlita! Check it out! h…

Getting confidential information about upcoming Google Cloud products from unrestricted draft blog post images. #BugBounty #InfoSec

Getting all 32000 email addresses of every registered user on s Crisis Map thanks to IDOR and incremental IDs. #BugBounty #InfoSec

@spazef0rze Mě spíš zaujalo, že mi řekli, že správce hesel nedoporučují kvůli nějakému principu o alespoň dvou různých typů bezpečnostních faktorů, který musejí dodržovat ze zákona. Ale jak jsem se teď dočetl, správce hesel v tom článku sami doporučují.