Chrome 140 introduces HTTP cookie prefix to combat client-side security threats https://ppc.land/chrome-140-introduces-http-cookie-prefix-to-combat-client-side-security-threats/ #Chrome140 #HTTPHeaders #WebSecurity #Cookies #ClientSideSecurity
Chrome 140 introduces HTTP cookie prefix to combat client-side security threats https://ppc.land/chrome-140-introduces-http-cookie-prefix-to-combat-client-side-security-threats/ #Chrome140 #HTTPHeaders #WebSecurity #Cookies #ClientSideSecurity
Chrome 140 introduces HTTP cookie prefix to combat client-side security threats: Chrome 140 beta introduces __Http and __HostHttp cookie prefixes on August 6, 2025, enabling servers to distinguish server-set from client-set cookies. https://ppc.land/chrome-140-introduces-http-cookie-prefix-to-combat-client-side-security-threats/ #Chrome140 #HTTPHeaders #WebSecurity #Cookies #ClientSideSecurity
Darknet Market Escrow Systems is Vulnerable to Administrator Exit Scams https://cybersecuritynews.com/darknet-market-escrow-systems-is-vulnerable-to-administrator-exit-scams/ #CyberSecurityNewsLive #TopCybersecurityNews #CyberSecurityNews #CyberSecurity #HackingNews #WebSecurity #HackerNews #DarkWeb #Darknet
»HTTP/1.1 Must Die – It's time to acknowledge HTTP/1.1 is insecure«
Admittedly, I know pers. not how seriously you have to take this but I am only developing web servers set to HTTP/2.0, because HTTP/3 is not yet extensively supported.
Cybersecurity in 2025: Protect your digital assets with advanced multi-layered defense strategies. Six critical practices can shield your business from sophisticated online threats. Stay secure, stay vigilant. #Cybersecurity #WebSecurity
Semrush ist eines der bekanntesten SEO-Analyse-Tools auf dem Markt. Es durchsucht Websites regelmäßig mit seinem Bot (SemrushBot), um Daten wie Keywords, Backlinks, Rankings und vieles mehr von deiner Website zu erfassen und zu analysieren. Hier sind 5 effektive, schnell umzusetzende Methoden, wie du Semrush von deiner Website aussperren kannst.
KIMissbrauch
Cloudflare wirft dem KI-Anbieter ##Perplexity vor, sich mit undeklarierten Crawlern Zugang zu gesperrten Websites zu verschaffen.
Trotz robots.txt-Verboten und IP-Blockaden soll Perplexity mit wechselnden User-Agents und IPs Inhalte verdeckt auslesen.
Das wäre eine Verletzung etablierter Webstandards und Missachtung von Website-Präferenzen.
I'm in Vegas for DEF CON and Google 0x0g this week. Hit me up if you want to chat about browser/web/extension security and privacy.
Cloudflare Accuses Perplexity of Using ‘Stealth Crawlers’ to Evade Web Standards
#AI #PerplexityAI #Cloudflare #DataScraping #AIEthics #WebSecurity
Ist euch auch in den Logfiles der User-Agent "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/118.0" aufgefallen? Von 25 Servern bei einem deutschen Provider kommen tausende solche Anfragen herein. Alle ziemlich sinnlos. Immer werden allen Resourcen der jeweiligen Webseite geladen.
Das läuft schon seit Monaten. Belastet den Server nicht wirklich, ist aber letztlich eine Verschwendung. Eine gute Erklärung habe ich nicht. Ein KI-Bot?
Dass sich (KI-)Bots im Open-Data-Portal tummeln, ist nichts Neues. Doch heute ist mir ein besonders merkwürdiger Fall begegnet, über den ich berichten möchte.
CRITICAL stored XSS (CVE-2025-54298) in firecoders.com CommentBox for Joomla v1.0.0-1.1.0. Unauthenticated attackers can inject scripts—risking session hijack & data theft. Disable the plugin & deploy WAF/CSP asap! https://radar.offseq.com/threat/cve-2025-54298-cwe-79-improper-neutralization-of-i-f4298df0 #OffSeq #Joomla #XSS #WebSecurity
OpenAI’s ChatGPT Agent casually clicks through “I am not a robot” verification test - Maybe they should change the button to say, "I am a robot"?
... - https://arstechnica.com/information-technology/2025/07/openais-chatgpt-agent-casually-clicks-through-i-am-not-a-robot-verification-test/ #computer-usingagent #aidevelopmenttools #computerusemodel #machinelearning #authentication #websecurity #aibehavior #aisecurity #cloudflare #agenticai #aiagents #captcha #chatgpt #biz #openai #ai
New Open-Source Tool Spotlight
PrivateBin is a minimalist, open-source pastebin alternative where data is encrypted in the browser before uploading. The server never sees plaintext, ensuring full confidentiality. Ideal for sharing sensitive info securely. #WebSecurity #Encryption
Project link on #GitHub
https://github.com/PrivateBin/PrivateBin
#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity
— P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking
I'll be at DEF CON and Google 0x0g in a couple of weeks. Hit me up if you want to chat about browser/web/extension security and privacy.
It's my first DEF CON, so quite excited! I expect to be most of Friday at the Bug Bounty Village.
I no longer rely on Jetpack Protect. Instead, I’ve built a lean, hardened WordPress security stack using mod_security, Fail2Ban, WPScan, and a few carefully configured rules. No black boxes. No bloat. Just tools I trust.
#WordPress #Infosec #SelfHosting #WebSecurity #JetpackProtect #Fail2Ban #modSecurity #WPScan
https://islandinthenet.com/building-my-own-wordpress-security-stack/
Unpopular opinion: to illustrate the presence of a #websecurity vulnerability, security researchers should rely, not on Rick Hastley's "Never Gonna Give You Up", but on Herb Alpert & the Tijuana Brass's "Spanish Flea". Way funnier!
"We take security and privacy very seriously."
have long become code words for
"We won't bother fixing vulnerabilities that are reported to us."