⚡️ Ignite Rises from the Ashes: A New Deep-Tech Innovation

https://undercodenews.com/ignite-rises-from-the-ashes-a-new-deep-tech-innovation/

@Undercode_News

🚨 Critical Vulnerabilities Added to CISA's Known Exploited Vulnerabilities Catalog

https://undercodenews.com/critical-vulnerabilities-added-to-cisas-known-exploited-vulnerabilities-catalog/

@Undercode_News

🛡️ Israeli Defense Tech's American Dream: The Paragon Sale

https://undercodenews.com/israeli-defense-techs-american-dream-the-paragon-sale/

@Undercode_News

🔐 #Ransomware Attacks on Healthcare and Consulting Firms

https://undercodenews.com/ransomware-attacks-on-healthcare-and-consulting-firms/

@Undercode_News

🔧 Weaponizing Convenience: #Python Script Turns AnyDesk into a RAT

https://undercodenews.com/weaponizing-convenience-python-script-turns-anydesk-into-a-rat/

@Undercode_News

⚡️ Meta's Ray-Ban Stories Get a Smart Upgrade

https://undercodenews.com/metas-ray-ban-stories-get-a-smart-upgrade/

@Undercode_News

CoinLurker: A Stealthy Stealer Leverages Advanced Techniques

https://undercodenews.com/coinlurker-a-stealthy-stealer-leverages-advanced-techniques/

@Undercode_News

🎮 India's Crackdown on Offshore Online #Gaming for Tax Evasion

https://undercodenews.com/indias-crackdown-on-offshore-online-gaming-for-tax-evasion/

@Undercode_News

💳 Rapyd's Ambitious Move to Disrupt the Israeli Credit Card Market

https://undercodenews.com/rapyds-ambitious-move-to-disrupt-the-israeli-credit-card-market/

@Undercode_News

⚡️ The Magic Mouse Gets a Much-Needed Upgrade

https://undercodenews.com/the-magic-mouse-gets-a-much-needed-upgrade/

@Undercode_News

🔍 #Google's Stealthy Win: How the Search Giant Outmaneuvered #Microsoft

https://undercodenews.com/googles-stealthy-win-how-the-search-giant-outmaneuvered-microsoft/

@Undercode_News

📱 #Apple's AR Glasses: A Glimpse into the Future, Delayed

https://undercodenews.com/apples-ar-glasses-a-glimpse-into-the-future-delayed/

@Undercode_News

#Samsung #Galaxy S25 Ultra: The Thinnest Bezel King?

https://undercodenews.com/samsung-galaxy-s25-ultra-the-thinnest-bezel-king/

@Undercode_News

🌐 FunkSec #Ransomware Targets Pakistani Government Website

https://undercodenews.com/funksec-ransomware-targets-pakistani-government-website/

@Undercode_News

🌐 FunkSec #Ransomware Targets Mongolian Government Website

https://undercodenews.com/funksec-ransomware-targets-mongolian-government-website/

@Undercode_News

Russia's Sinister Game: Recruiting Ukrainian Teens for #Espionage

https://undercodenews.com/russias-sinister-game-recruiting-ukrainian-teens-for-espionage/

@Undercode_News

🦑𝐗𝐒𝐒 𝐓𝐡𝐫𝐨𝐮𝐠𝐡 𝐇𝐑𝐄𝐅 𝐔𝐑𝐋𝐬 👇

I often see applications that let their users control URLs which are reflected back in the DOM as part of the HREF tag

Most of the time these features let you:

• set the integration URL with a 3rd party service
• customize your profile page with a link to your own blog/website
• link your account to you social media profile

While sometimes developers use HTML encoding on quotes to block attackers from escaping the tag, there are several ways to trigger XSS inside href tags <without> escaping them.

One of them is to provide a valid URL format (to bypass server-side validation) but use the javascript protocol (instead of http which is what most developers would expect)

Note however that this won't work if the target="_blank" is specified

Ref: Andrei Agape
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

⚡️ #Apple in the Enterprise: A New Perspective

https://undercodenews.com/apple-in-the-enterprise-a-new-perspective/

@Undercode_News

🔒 Interlock #Ransomware Targets Heritage Bank

https://undercodenews.com/interlock-ransomware-targets-heritage-bank/

@Undercode_News