Practical guide for hunters and defenders: hunting webhooks, detection, PoC examples and mitigations.

Starting Point It all began with a tweet: sdcyberresearch on X This tweet hinted at a Magecart-style campaign involving malicious JavaScript injection to skim payment data. Initial Sample The script was hosted at: https://www.cc-analytics[.]com/app.js The original code was heavily obfuscated: (function() { function _0x1B3A1(_0x1B563, _0x1B3FB, _0x1B455, _0x1B509, _0x1B4AF, _0x1B5BD) { _0x1B4AF = function(_0x1B3A1) { return (_0x1B3A1 < _0x1B3FB ? '' : _0x1B4AF(parseInt(_0x1B3A1 / _0x1B3FB))) + ((_0x1B3A1 = _0x1B3A1 % _0x1B3FB) > 35 ?

A 2-minute browser game to practice spotting typosquatted domains numbers for letters, Unicode homoglyphs and Punycode.

LLM generated code can ships demo logic with security issues not defenses. Here is a real world example and how it could be abused.

A lightweight, fast, and easy-to-use service for detecting LLM prompt injection attempts before they reach your model. No extra latency, no extra LLM calls — just a simple API that returns true or false.

A beginner’s journey into secure code review, and how I accidentally rediscovered an 11-year-old vulnerability in libpng.

We are excited to announce the launch of our new API for Cloud Intel Atomic Indicators, a tool designed to provide essential data on malicious IP addresses. This API is a step forward in our commitment to enhancing cybersecurity and is available free of charge. Behind the Scenes: Cloudflare Infrastructure Our API leverages the robust Cloudflare infrastructure, utilizing Cloudflare Workers for efficient handling of API requests, Cloudflare KV Store for secure key management, and Cloudflare R2 for reliable data storage.

Announcing AWSAttacks - a curated repository on GitHub dedicated to AWS threat intelligence. Explore, share feedback, and contribute to enhance our collective cybersecurity knowledge!

Meet FriendlyIR, your innovative cybersecurity ally on Slack! It streamlines your tracking of the latest cybersecurity news, blog posts, and social media updates in real-time.

Introducing Blocked Books: A New Feature on LegallyBlocked.