Wrote a simple CSP report violations listener in GO.

RT @RachelTobac: 🔑How does a FIDO security key limit the hacks we're seeing in the news now?🔑.Beyond fun to work with @Yubico & partner wit….

Huge shoutout to @ropnop on this article of SOP, CORS and CSRF. I don't know how many times I have referred to this blog to make sure I understand these concepts properly. Looking forward to more of these.🙌.

RT @briankrebs: Atlassian is warning about a zero-day in Confluence (CVE-2022-26134). This is a pre-auth, remote code execution bug. No pat….

RT @_r_netsec: Unauthenticated Remote Code Execution in Atlassian Confluence (CVE-2022-26134)

RT @manicode: Absolutely my favorite #AppSec publication and news source. Outstanding blog from @clintgibler.

RT @praetorianlabs: We have a working exploit for the new spring rce vulnerability .

RT @marcioalm: FIX: Here is a PoC in how to bypass allowedLdapHost and allowedClasses checks in Log4J 2.15.0. to achieve RCE: ${jndi:ldap:/….

RT @pwntester: CVE-2021-45046 is vulnerable when attackers can control **non-message** parts of the pattern layout. Here are some examples 🧵.

RT @NCCGroupInfosec: We've updated the blog post on Log4Shell: Reconnaissance and post exploitation network detection. - New vulnerable .cl….

RT @SteveLasker: More details on the @CloudNativeFdn #Notaryv2 Alpha 1 release, supporting #signing of @docker images and other #securesupp….

RT @arstechnica: Apple users warned: Clicking this attachment will take over your macOS

RT @TwitterEng: Calling all bounty hunters - it’s officially go time! We’ve just released the full details of our algorithmic bias bounty c….

RT @manicode: I’m teaching a secure coding masterclass at GOTOpia Chicago on April 19th, this Monday! If you care to join please use discou….

RT @_tessr: Is this a phishing attempt? Goes to " and asks for username and pw . (if so, it nearly got me!) . /cc @….

RT @sethvargo: I wrote a highly-extensible #golang library for parsing environment variables into struct fields: ht….

RT @briankrebs: For 327 days, the impostor site has been stealing traffic/privacy/users from .

RT @XssPayloads: An FF only event from @PortSwiggerRes cheatsheet: <image src=validimage.png onloadend=alert(1)>.

RT @0xtakemyhand: Just published "[SSTI] Breaking Go's template engine to get XSS". I believe this to be the first payload for SSTI to comp….

RT @USCERT_gov: Shield your system from a malicious takeover: update Google Chrome! #Cyber #Cybersecurity #InfoSec.

RT @The_Pi_Hole: After a successful beta testing and development period (many thanks to the beta testers!), we are pleased to announce the….