TLDR While looking for a way to stream the India vs Pakistan cricket match on 14th September 2025, I stumbled across a suspicious search result on a europa.eu dev subdomain. It was being abused for blackhat SEO and redirecting users to scam streaming sites. I traced similar behavior across other high-profile domains, reported the issue to CERT-EU via email (after some Twitter help) and the problem was later confirmed as fixed on 6th November 2025.

TLDR I have recieved a legit Zoom doc email from HR “while on job hunt” . It redirected to a site with a fake “bot protection” gate and then to a Gmail credential phish. The attackers exfiltrate creds live over WebSocket and even validate them in the backend. Keep reading for detailed analysis. look mom HR application look mom no job Okay, this is kind of funny (in a “please tell me this is not my life” way).

Practical guide for hunters and defenders: hunting webhooks, detection, PoC examples and mitigations.

A 2-minute browser game to practice spotting typosquatted domains numbers for letters, Unicode homoglyphs and Punycode.

LLM generated code can ships demo logic with security issues not defenses. Here is a real world example and how it could be abused.

A beginner’s journey into secure code review, and how I accidentally rediscovered an 11-year-old vulnerability in libpng.