supply chain attack
This report provides a detailed analysis of a major, campaign attack that unfolded on 15 September 2025. One campaign, known as the "Shai-Halud attack," compromised packages belonging to cybersecurity firm CrowdStrike, targeting their internal CI/CD pipelines.
bug bounty
Amazon S3 bucket takeovers are a common and impactful vulnerability in web applications. When a JavaScript file references an S3 bucket that no longer exists (but is still expected to serve assets), attackers can claim ownership of that bucket and serve malicious content in its place.
bugbounty
When hunting for vulnerabilities or hidden endpoints in web applications, archived JavaScript files can be a goldmine. These scripts often contain forgotten or deprecated URLs, API endpoints, and internal services that might still be alive but are no longer linked from the main website. In this post, we’ll walk
bugbounty
When performing reconnaissance or source code reviews, JavaScript files are a goldmine of leaked credentials, secrets, tokens, and other sensitive artifacts. This blog post is a curated resource library of 100 regex patterns designed to help security researchers and engineers.
bugbounty
APIs are the backbone of modern applications, but they often leak sensitive information through JavaScript files, misconfigurations, and weak security measures. This checklist focuses on API hacking techniques, with special attention to JavaScript file analysis.
bugbounty
jsmon-cli is a fast and convenient tool (API client) for your JS hacking powered by jsmon.sh. jsmon.sh is a JS security framework made for security enthusiasts, bugbounty hunters, penetration testers
bug bounty
Mapbox is a powerful mapping platform that offers customizable maps, geocoding, and location-based services through its APIs and SDKs. However, when API tokens lack proper URL restrictions, they become a prime target for abuse. In this research, we