Marius Avram

Hi Robin, I’ve just tested it using a Romanian IP, and everything works fine on my end.

Notepad++ Hijacked by State-Sponsored Hackers notepad-plus-plus.org/news/hijacke...

Poland CERT Report: Coordinated Cyber Sabotage Hits 30+ Wind/Solar Farms & CHP Plant (Dec 29, 2025) cert.pl/en/posts/202...

We’re expanding localized pricing to Romania! 🇷🇴

Individual plan prices drop by 55%:
💸 Monthly: 20 USD → 9 USD
💸 Yearly: 200 USD → 90 USD

Know a hacker in Romania who’s been waiting? Tag them👇
caido.io/pricing?utm_...

Top 10 web hacking techniques of 2025 Welcome to the community vote for the Top 10 Web Hacking Techniques of 2025.

Voting is now live for the top ten web hacking techniques of 2025! Grab a brew, browse the 61 quality nominations and cast your vote on the most creative and ground-breaking techniques:
portswigger.net/polls/top-10...

Overview of the page.

📡 OWASP Secure Headers Project: We have added information and examples regarding the Trusted Types feature of the Content-Security-Policy header.

📖 owasp.org/www-project-...

#appsec #appsecurity #owasp_shp

Venezuela and Ukraine expose the clearest form of double standards in international politics,when similar actions are taken by different actors,they are judged by entirely different criteria.Those who condemn Russia for intervening in Ukraine often welcome or justify US intervention in Venezuela

Despite fixed borders, the United States claims ownership of the West. Trump says it openly, echoed by Marco Rubio, this is our hemisphere. Such words expose hegemony. Faced with Trump’s illegal acts, the EU behaves as a complicit impostor, submissive, silent, ready to drag the West into barbarism

When the US kidnaps a foreign president with Western applause, no law protects anyone. Iraq, Libya, Syria, Ukraine show wars are thefts of resources. Narco-terror claims mask oil and gold looting. Power rules, rights vanish, democracy is a lie!

I don't understand how these clubs are allowed to operate, why fireworks are permitted indoors, why the ceilings are so highly flammable, and, more importantly, why there are no proper emergency exits. It is as if they are designed to be death traps. 🤦‍♂️

It happened in Romania under almost identical circumstances: the ceiling caught fire due to fireworks, killing over 60 people.

Shlomo Kramer, co-founder of Check Point, Imperva, and Cato Networks, has stated that “it’s time to limit the First Amendment. We need to control all social platforms… and take control of what they are saying.”

Turning List-Unsubscribe into an SSRF/XSS Gadget security.lauritz-holtmann.de/post/xss-ssr...

How we pwned X (Twitter), Vercel, Cursor, Discord, and hundreds of companies through a supply-chain attack gist.github.com/hackermondev...

Bypass CSP in a single click using my new Custom Action, powered by @renniepak.nl's excellent CSP bypass project.

AutoVader - The Spanner Four years ago we released DOM Invader, I added a feature called callbacks that enabled you to execute JavaScript and log when sinks, messages or sources are found. This was so powerful but over the y...

Meet AutoVader. It automates DOM Invader with Playwright Java and feeds results back into Burp. Faster client side bug hunting for everyone. 🚀

thespanner.co.uk/autovader

Privacy concerns raised as Grok AI found to be a stalker's best friend Grok, the AI chatbot developed by Elon Musk's xAI, has been found to exhibit more alarming behaviour - this time revealing the home addresses of ordinary people upon request.

Grok - Elon Musk's AI chatbot - has been caught handing out home addresses of ordinary individuals... on demand. 

When asked, Grok was willing to provide step-by-step instructions on how to stalk these people...

Read more in my article on the Bitdefender blog: www.bitdefender.com/en-us/blog/h...

We now have a (draft) @metasploit-r7.bsky.social exploit module for the recent Fortinet FortiWeb vulns, chaining CVE-2025-64446 (auth bypass) + CVE-2025-58034 (command injection) to achieve unauthenticated RCE with root privileges: github.com/rapid7/metas...

Introducing the OWASP Top 10:2025
owasp.org/Top10/2025/0...

Tenable Research has discovered seven vulnerabilities and attack techniques in ChatGPT, including unique indirect prompt injections, exfiltration of personal user information, persistence, evasion, and bypass of safety mechanisms. www.tenable.com/blog/hackedg...

Phrack 72 Has Been Published phrack.org/issues/72/1

IP data on compromised instances shared in our Compromised Website report tagged 'fortiweb-compromised': www.shadowserver.org/what-we-do/n...

IP data on exposed instances is in our Device ID report: www.shadowserver.org/what-we-do/n... (device model is set to FortiWeb Management Interface)

true legend!

opossum-attack.com <- Opossum is a cross-protocol application layer desynchronization attack that affects TLS-based application protocols that rely on both opportunistic and implicit TLS. Among the affected protocols are HTTP, FTP, POP3, SMTP, LMTP and NNTP.

Serial Hacker “IntelBroker” Charged For Causing $25 Million In Damages To Victims The United States Attorney for the Southern District of New York, Jay Clayton, and the Assistant Director in Charge of the New York Field Office of the Federal Bureau of Investigation (“FBI”), Christo...

British Hacker ‘IntelBroker’ Faces $25M Cybercrime Charges www.justice.gov/usao-sdny/pr...

Looks like old age finally finished the job and wiped out whatever was left of his brain, not that there was much to begin with. 😬

GitHub - random-robbie/ec2free: AWS EC2 Pentesting Lab Setup Script AWS EC2 Pentesting Lab Setup Script. Contribute to random-robbie/ec2free development by creating an account on GitHub.

Free EC2 tool for pentesting or anything.
github.com/random-robbi...

Finding an SOQL Injection 0-Day in Salesforce How an un-exploitable SOQL injection turned into a 0-day in Salesforce itself affecting millions of user records

Finding an SOQL Injection 0-Day in Salesforce mastersplinter.work/research/sal...