Daily Writeups
@Daily_Writeups
3.31K subscribers
1 photo
117K links
Daily Bug Bounty / Cybersecurity Writeups
Source Code : https://github.com/Spix0r/writeup-miner
Download Telegram
About
Blog
Apps
Platform
Join
Daily Writeups
3.31K subscribers
Daily Writeups
Title: CVE-2026-40175 (CVSS 10): Critical Axios Vulnerability and Exploit Code Disclosed Publicly
════════════════════════
𐀪 Author: Ddos
════════════════════════
Time: Sun, 12 Apr 2026 17:10:09 +0000
════════════════════════
Tags: #Vulnerability Report #AWS IMDSv2 #Axios #Cloud Security #CVE_2026_40175 #Header injection #infosec #javascript #Node.js #Prototype Pollution #rce #request smuggling
Daily CyberSecurity
CVE-2026-40175 (CVSS 10): Critical Axios Vulnerability and Exploit Code Disclosed Publicly
A critical CVSS 10 flaw in Axios (CVE-2026-40175) allows attackers to bypass AWS IMDSv2 and achieve RCE via header injection. Upgrade to v1.15.0 now!
43 views
Daily Writeups
Title: The Stealthy Evolution of the DesckVB RAT Infection Chain
════════════════════════
𐀪 Author: Ddos
════════════════════════
Time: Mon, 13 Apr 2026 01:34:25 +0000
════════════════════════
Tags: #Malware #.NET Reflection #C2 #cybersecurity #DesckVB RAT #Fileless Malware #In_Memory Attack #JavaScript Trojan #Lat61 #malware #powershell #Process Hijacking
Daily CyberSecurity
The Stealthy Evolution of the DesckVB RAT Infection Chain
Lat61 Team uncovers DesckVB RAT, a stealthy 2026 Trojan using in-memory .NET loaders & JS obfuscation to hijack systems and evade AV. Learn how it works.
8 views
Daily Writeups
Title: 25 Million Users at Risk: Fastify Publicly Discloses PoC Exploit for Single-Space Security Bypass
════════════════════════
𐀪 Author: Ddos
════════════════════════
Time: Wed, 15 Apr 2026 02:15:41 +0000
════════════════════════
Tags: #Vulnerability Report #25 Million Downloads #CVE_2026_33806 #Exploit Disclosure #Fastify #infosec #JavaScript Security #Node.js Security #Public PoC #Schema Validation Bypass #Web Framework Vulnerability
Daily CyberSecurity
25 Million Users at Risk: Fastify Publicly Discloses PoC Exploit for Single-Space Security Bypass
Fastify (25M+ downloads) reveals CVE-2026-33806. A public PoC exploit shows how a single space bypasses schema validation. Upgrade to v5.8.5 now to stay safe.
15 views
Daily Writeups
Title: No Patch Available: The CVSS 10 Flaw Turning AVideo into an Attacker’s Playground
════════════════════════
𐀪 Author: Ddos
════════════════════════
Time: Wed, 15 Apr 2026 12:40:39 +0000
════════════════════════
Tags: #Vulnerability Report #Account Takeover #AVideo #CVSS 10 #cybersecurity #infosec #JavaScript Injection #rce #WebSocket Vulnerability #YPTSocket #zero_day
Daily CyberSecurity
No Patch Available: The CVSS 10 Flaw Turning AVideo into an Attacker’s Playground
AVideo’s YPTSocket plugin faces a critical CVSS 10 vulnerability. Unauthenticated attackers can hijack every active session at once. No patch is available.
15 views
Daily Writeups
Title: IoT Under Fire: Critical CVSS 10 Expression Injection Hits OpenRemote Platform
════════════════════════
𐀪 Author: Ddos
════════════════════════
Time: Wed, 15 Apr 2026 14:03:06 +0000
════════════════════════
Tags: #Vulnerability Report #CVE_2026_39842 #CVSS 10 #Groovy #infosec #IoT Management #IoT security #JavaScript Injection #Nashorn Engine #OpenRemote #Patch Alert #rce
Daily CyberSecurity
IoT Under Fire: Critical CVSS 10 Expression Injection Hits OpenRemote Platform
OpenRemote CVE-2026-39842 is a critical CVSS 10 flaw allowing RCE via JavaScript and Groovy injection. Secure your IoT assets—upgrade to v1.22.0 now!
20 views
Daily Writeups
Title: 220 Million at Risk: Critical 9.4 CVSS Remote Code Execution Hits protobuf.js
════════════════════════
𐀪 Author: Ddos
════════════════════════
Time: Fri, 17 Apr 2026 02:54:07 +0000
════════════════════════
Tags: #Vulnerability Report #Arbitrary Code Execution #CVSS 9.4 #infosec #JavaScript Security #Node.js Security #Patch Alert #protobuf.js #Protocol Buffers #rce #web development
Daily CyberSecurity
220 Million at Risk: Critical 9.4 CVSS Remote Code Execution Hits protobuf.js
A critical 9.4 CVSS vulnerability in protobuf.js puts 220 million monthly downloads at risk of RCE. Patch your Node.js and browser apps to version 8.0.1+.
25 views
Daily Writeups
Title: High-Severity SSRF Flaw Uncovered in Angular’s Server-Side Rendering
════════════════════════
𐀪 Author: Ddos
════════════════════════
Time: Fri, 17 Apr 2026 02:32:21 +0000
════════════════════════
Tags: #Vulnerability Report #@angular/platform_server #Angular #CVE #infosec #javascript #Origin Hijacking #Server_Side Rendering #SSR #ssrf #TypeScript #Web Security
Daily CyberSecurity
High-Severity SSRF Flaw Uncovered in Angular’s Server-Side Rendering
Angular patches a critical 8.7 SSRF flaw in @angular/platform-server. Attackers can hijack SSR origins via URL normalization. Patch v19, v20, or v21 now!
16 views
Daily Writeups
Title: Reading Secrets Straight From the Browser: The NEXT_PUBLIC_ Trap
════════════════════════
𐀪 Author: OopsSec Store
════════════════════════
Time: Sat, 18 Apr 2026 21:56:33 GMT
════════════════════════
Tags: #javascript #hacking #programming #cybersecurity #nextjs
Medium
Reading Secrets Straight From the Browser: The NEXT_PUBLIC_ Trap
When your “secret” API key ships inside every user’s JavaScript bundle
10 views
Daily Writeups
Title: URL-Based XSS
════════════════════════
𐀪 Author: Marduk I Am
════════════════════════
Time: Wed, 22 Apr 2026 20:24:32 GMT
════════════════════════
Tags: #web_security #bug_bounty #cybersecurity #xss_vulnerability #javascript
Medium
URL-Based XSS
When JavaScript Hides the Vulnerability
13 views
Daily Writeups
Title: Workflow Warning: The n8n CVSS 10.0 Prototype Pollution Crisis
════════════════════════
𐀪 Author: Ddos
════════════════════════
Time: Fri, 24 Apr 2026 12:01:16 +0000
════════════════════════
Tags: #Vulnerability Report #Automation #CVSS 10 #infosec #JavaScript Security #n8n #Node.js #Patch Alert #Prototype Pollution #rce #Webhook Security #XML parsing
Daily CyberSecurity
Workflow Warning: The n8n CVSS 10.0 Prototype Pollution Crisis
Critical CVSS 10 and 9.4 vulnerabilities hit n8n. Prototype pollution in XML nodes can lead to full RCE. Patch to v2.18.1 or v1.123.32 immediately.
15 views
Daily Writeups
Title: The Illusion of Security: Why Your Frontend Is a Gift to Hackers
════════════════════════
𐀪 Author: Vasyl Oliinyk
════════════════════════
Time: Sat, 25 Apr 2026 18:52:03 GMT
════════════════════════
Tags: #javascript #frontend_security #cybersecurity #api_security #owasp
Medium
The Illusion of Security: Why Your Frontend Is a Gift to Hackers
I once watched a senior developer demo his “secure” admin panel to a room full of stakeholders. He proudly showed how regular users…
31 views
Daily Writeups
Title: CyberHeroes | TryHackMe Write-up
════════════════════════
𐀪 Author: iIyas
════════════════════════
Time: Mon, 27 Apr 2026 09:31:01 GMT
════════════════════════
Tags: #ctf #tryhackme_walkthrough #ctf_writeup #javascript #tryhackme
Medium
CyberHeroes | TryHackMe Write-up
Hello everyone! In this write-up, we’ll solve the CyberHeroes room on TryHackMe. The objective is simple: find a way to log into the…
9 views
Daily Writeups
Title: Ketika Website Jadi Senjata Peretas — Belajar XSS dari Nol Sampai Paham
════════════════════════
𐀪 Author: Putri Melati Ramadhaniati
════════════════════════
Time: Mon, 27 Apr 2026 10:18:14 GMT
════════════════════════
Tags: #web_security #xs #javascript #programming #cybersecurity
Medium
Ketika Website Jadi Senjata Peretas — Belajar XSS dari Nol Sampai Paham
Topik: Keamanan Web | Tahun: 2026
26 views
Daily Writeups
Title: Read JavaScript Lines Like Pro Hackers: A Practical Guide
════════════════════════
𐀪 Author: Cybersectoworld
════════════════════════
Time: Mon, 27 Apr 2026 16:26:04 GMT
════════════════════════
Tags: #penetration_testing #cybersecurity #javascript #ethical_hacking_training
Medium
Read JavaScript Lines Like Pro Hackers: A Practical Guide
When approaching bug bounty programs or security assessments, one of the most overlooked areas is JavaScript files. These files often hide…
14 views
Daily Writeups
Title: Analisis Eksperimen DOM-Based Cross-Site Scripting (XSS)
════════════════════════
𐀪 Author: Nvlysnanrzskaa
════════════════════════
Time: Tue, 28 Apr 2026 08:29:23 GMT
════════════════════════
Tags: #web_development #cybersecurity #xs #javascript #software_engineering
Medium
Analisis Eksperimen DOM-Based Cross-Site Scripting (XSS)
Pendahuluan
Keamanan aplikasi web merupakan aspek yang sangat penting dalam pengembangan sistem modern, terutama karena meningkatnya…
29 views
Daily Writeups
Title: Prototype Pollution
════════════════════════
𐀪 Author: Marduk I Am
════════════════════════
Time: Tue, 28 Apr 2026 21:23:12 GMT
════════════════════════
Tags: #xss_vulnerability #information_security #bug_bounty #javascript #cybersecurity
Medium
Prototype Pollution
Turning Property Lookups into Code Execution
13 views