Chrome 140 introduces HTTP cookie prefix to combat client-side security threats https://ppc.land/chrome-140-introduces-http-cookie-prefix-to-combat-client-side-security-threats/ #Chrome140 #HTTPHeaders #WebSecurity #Cookies #ClientSideSecurity
#websecurity
8 posts8 participants0 posts today
Chrome 140 introduces HTTP cookie prefix to combat client-side security threats: Chrome 140 beta introduces __Http and __HostHttp cookie prefixes on August 6, 2025, enabling servers to distinguish server-set from client-set cookies. https://ppc.land/chrome-140-introduces-http-cookie-prefix-to-combat-client-side-security-threats/ #Chrome140 #HTTPHeaders #WebSecurity #Cookies #ClientSideSecurity
PPC Land · Chrome 140 introduces HTTP cookie prefix to combat client-side security threatsChrome 140 beta introduces __Http and __HostHttp cookie prefixes on August 6, 2025, enabling servers to distinguish server-set from client-set cookies.
Darknet Market Escrow Systems is Vulnerable to Administrator Exit Scams https://cybersecuritynews.com/darknet-market-escrow-systems-is-vulnerable-to-administrator-exit-scams/ #CyberSecurityNewsLive #TopCybersecurityNews #CyberSecurityNews #CyberSecurity #HackingNews #WebSecurity #HackerNews #DarkWeb #Darknet
Cyber Security News · Darknet Market Escrow Systems is Vulnerable to Administrator Exit ScamsDarknet markets, operating beyond the reach of traditional payment processors and legal systems, rely on escrow systems to secure cryptocurrency transactions between buyers and vendors.
»HTTP/1.1 Must Die – It's time to acknowledge HTTP/1.1 is insecure«
Admittedly, I know pers. not how seriously you have to take this but I am only developing web servers set to HTTP/2.0, because HTTP/3 is not yet extensively supported.
http1mustdie.comHTTP/1.1 Must DieUpstream HTTP/1.1 is inherently insecure, and routinely exposes millions of websites to hostile takeover. Join the mission to kill HTTP/1.1 now
Cybersecurity in 2025: Protect your digital assets with advanced multi-layered defense strategies. Six critical practices can shield your business from sophisticated online threats. Stay secure, stay vigilant. #Cybersecurity #WebSecurity
Semrush ist eines der bekanntesten SEO-Analyse-Tools auf dem Markt. Es durchsucht Websites regelmäßig mit seinem Bot (SemrushBot), um Daten wie Keywords, Backlinks, Rankings und vieles mehr von deiner Website zu erfassen und zu analysieren. Hier sind 5 effektive, schnell umzusetzende Methoden, wie du Semrush von deiner Website aussperren kannst. 
teufelswerk | IT-Sicherheit & Cybersecurity · SemrushBot blockieren – So schützt du jede Website, egal ob WordPress, Joomla, Typo3 oder HTMLSemrush ist eines der bekanntesten SEO-Analyse-Tools auf dem Markt. Wir zeigen dir, wie du den SemrushBot blockieren kannst.
KIMissbrauch
Cloudflare wirft dem KI-Anbieter ##Perplexity vor, sich mit undeklarierten Crawlern Zugang zu gesperrten Websites zu verschaffen.
Trotz robots.txt-Verboten und IP-Blockaden soll Perplexity mit wechselnden User-Agents und IPs Inhalte verdeckt auslesen.
Das wäre eine Verletzung etablierter Webstandards und Missachtung von Website-Präferenzen.
The Cloudflare Blog · Perplexity is using stealth, undeclared crawlers to evade website no-crawl directivesPerplexity is repeatedly modifying their user agent and changing IPs and ASNs to hide their crawling activity, in direct conflict with explicit no-crawl preferences expressed by websites.
Continued thread
I'm in Vegas for DEF CON and Google 0x0g this week. Hit me up if you want to chat about browser/web/extension security and privacy.
Cloudflare Accuses Perplexity of Using ‘Stealth Crawlers’ to Evade Web Standards
#AI #PerplexityAI #Cloudflare #DataScraping #AIEthics #WebSecurity
Ist euch auch in den Logfiles der User-Agent "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/118.0" aufgefallen? Von 25 Servern bei einem deutschen Provider kommen tausende solche Anfragen herein. Alle ziemlich sinnlos. Immer werden allen Resourcen der jeweiligen Webseite geladen.
Das läuft schon seit Monaten. Belastet den Server nicht wirklich, ist aber letztlich eine Verschwendung. Eine gute Erklärung habe ich nicht. Ein KI-Bot?
Git-Dumped, DB-Hijacked, Shell-Dropped: The Accidental WordPress Takeover 
The Discovery I wasn’t even hunting. I came across a random site linked in a Facebook post — probably shared ...
#bug-hunting #bug-bounty #web-security #cybersecurity #penetration-testing
Origin | Interest | Match
The Discovery I wasn’t even hunting. I came across a random site linked in a Facebook post — probably shared ...#bug-hunting #bug-bounty #web-security #cybersecurity #penetration-testing
Origin | Interest | Match
System Weakness · Git-Dumped, DB-Hijacked, Shell-Dropped: The Accidental WordPress Takeover
Dass sich (KI-)Bots 
im Open-Data-Portal tummeln, ist nichts Neues. Doch heute ist mir ein besonders merkwürdiger Fall begegnet, über den ich berichten möchte.
open-north.deWildgewordner BotDass sich (KI-)Bots im Open-Data-Portal tummeln, ist nichts Neues.
Doch heute ist mir ein besonders merkwürdiger Fall begegnet, über den ich
berichten möchte.
CRITICAL stored XSS (CVE-2025-54298) in firecoders.com CommentBox for Joomla v1.0.0-1.1.0. Unauthenticated attackers can inject scripts—risking session hijack & data theft. Disable the plugin & deploy WAF/CSP asap! https://radar.offseq.com/threat/cve-2025-54298-cwe-79-improper-neutralization-of-i-f4298df0 #OffSeq #Joomla #XSS #WebSecurity
OpenAI’s ChatGPT Agent casually clicks through “I am not a robot” verification test - Maybe they should change the button to say, "I am a robot"?
... - https://arstechnica.com/information-technology/2025/07/openais-chatgpt-agent-casually-clicks-through-i-am-not-a-robot-verification-test/ #computer-usingagent #aidevelopmenttools #computerusemodel #machinelearning #authentication #websecurity #aibehavior #aisecurity #cloudflare #agenticai #aiagents #captcha #chatgpt #biz #openai #ai
Ars Technica · OpenAI’s ChatGPT Agent casually clicks through “I am not a robot” verification test
New Open-Source Tool Spotlight 
PrivateBin is a minimalist, open-source pastebin alternative where data is encrypted in the browser before uploading. The server never sees plaintext, ensuring full confidentiality. Ideal for sharing sensitive info securely. #WebSecurity #Encryption
Project link on #GitHub 
https://github.com/PrivateBin/PrivateBin
#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity
— 
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 
I'll be at DEF CON and Google 0x0g in a couple of weeks. Hit me up if you want to chat about browser/web/extension security and privacy.
It's my first DEF CON, so quite excited! I expect to be most of Friday at the Bug Bounty Village.
I no longer rely on Jetpack Protect. Instead, I’ve built a lean, hardened WordPress security stack using mod_security, Fail2Ban, WPScan, and a few carefully configured rules. No black boxes. No bloat. Just tools I trust.
#WordPress #Infosec #SelfHosting #WebSecurity #JetpackProtect #Fail2Ban #modSecurity #WPScan
https://islandinthenet.com/building-my-own-wordpress-security-stack/
Island in the Net · Building My Own WordPress Security Stack - Island in the Net
More from 
Khürt Williams
Unpopular opinion: to illustrate the presence of a #websecurity vulnerability, security researchers should rely, not on Rick Hastley's "Never Gonna Give You Up", but on Herb Alpert & the Tijuana Brass's "Spanish Flea". Way funnier!
How Does SafeLine WAF Handle Bots? Customize Your Bot Protection In today’s web environment, automated bots make up a significant portion of internet traffic. While some bots are beneficial —...
#firewall #bots #web-security #safeline-waf
Origin | Interest | Match
#firewall #bots #web-security #safeline-waf
Origin | Interest | Match
System Weakness · How Does SafeLine WAF Handle Bots? Customize Your Bot Protection
"We take security and privacy very seriously."
have long become code words for
"We won't bother fixing vulnerabilities that are reported to us."
