Meet clickjacking's slicker cousin, 'gesture jacking,' aka 'cross window forgery' dlvr.it/T50DlT

This is just a month after the VPN bypass bug I found on the same Cisco ASA/Firewall device (CVE-2024-20337). For everyone asking me why not release a PoC: its bc it's a very dangerous bug. Just on shodan, you can see 178k different organizations use this device. It just requires

Can I just say Paulos Yibelo has been dropping some bangers lately. We'll mention them on the pod this upcoming Thursday, but both of these client-side techniques are really innovative and sick: paulosyibelo.com/2024/02/cross-… octagon.net/blog/2022/05/2…

You can now bypass CSP on any website that allows https://*.facebook.com in a default or script-src 🔥🌊? PoC: <script src=graph.facebook.com/?id=1337%26cal…></script> Exploitation is only possible using a novel technique we published: octagon.net/blog/2022/05/2… #bugbountytip #BugBounty

Iconv, set the charset to RCE (part 2): Charles Fol exploits direct iconv() calls to hack the PHP engine, and its most popular webmail, @Roundcube (CVE-2024-2961). ambionics.io/blog/iconv-cve…

Gareth discovered a huge attack surface affecting email parsers. There are a ton of surprising, widespread and absolutely insane rfc specs he exploits to get super impactful bugs. Worth reading the blog post!

Introducing DoubleClickjacking 🧌: a widespread timing-based vulnerability class that slips between your first & second click — evading modern mitigations leading to account takeover vulnerabilities in almost all major websites. paulosyibelo.com/2024/12/double… #bugbountytips #infosec

⚠️ Click. Click. Hacked? DoubleClickjacking: A new clickjacking variant that stealthily exploits timing gaps between clicks to hijack accounts. This attack bypasses protections like X-Frame-Options and SameSite cookies. Read the article: thehackernews.com/2025/01/new-do…

Shoutout to Paulos Yibelo for this writeup and help him reach 0x38D7EA4C68000 followers on X. Read more 👉 s.mtrbio.com/zbpdwquyac

Don’t Click Twice—New Chrome, Edge, Safari Hack Attack Warning trib.al/1z6GOnz

Looks like two of my new attack vectors from last year have been nominated for the Top Ten Web Hacking Techniques of 2024! If you like them, please vote for DoubleClickjacking and Cross Window Forgery here: portswigger.net/polls/top-10-w…

This week we're announcing our new co-host! Accompanied by an excellent episode, if I do say so myself. youtu.be/3rkg1CUDpjA

Absolutely humbled & honored to join the Top ten web hacking techniques of 2024! Thank you to the people who voted (and the panelists). Let's gooo! We up🔥🌞

Inspired by Paulos Yibelo, I thought about what improvements I could make to trick users into pressing buttons that perform sensitive actions. Finding some vulnerable targets along the way! Read the details in my latest blog post below: jorianwoltjer.com/blog/p/hacking…

Double-Clickjacking, or "press buttons on other sites without preconditions". After seeing and experimenting with this technique for a while, I cooked up a variation that combines many small tricks and ends up being quite convincing. Here's a flexible PoC: jorianwoltjer.com/blog/p/hacking…

With little help with @pwndotai , which is an agentic hacking ecosystem we are building, we are able to get 1-click RCE in Cluely (Cluely). The exploit takes time to setup but it's straight forward and can be reached via many techniques, and an indirect prompt injection. The

This is insane! @Pwndotai has autonomously discovered an unauthenticated remote command execution vulnerability affecting over 70,000 servers. It found the entry point, developed the entire chain, created a proof of concept, iterated through the right issues and entirely on its

AI agents like operator can also be used to exploit vulnerability classes such as doubleclickjacking and cross window forgery as a zero-click. If an operator agent shows up on your website, without any prompt injection, you can basically give it a set of instructions such as

Takes likes this are a bit naive and come from not having researched why computers are inherently vulnerable in the first place. In the best case scenario of having solved known vulnerable classes for a given product, the unknown attacks remains at large. These novel techniques,

🎄🎁 Here is a 0day unauthenticated root RCE affecting over 70,000 devices on the internet. pwn.ai/blog/cve-2025-… For our first post, we show how pwnai autonomously found a root rce affecting XSpeeder, over 8 months ago. To our knowledge, this is the first agent-found,