MS Edge – HTTP Access Control (CORS) Bypass

This is a short post about a vulnerability that Prakash Sharma from our web app pentesting team, found in Microsoft Edge. TL;DR Edge failed to recognize HTTP Authentication information (i.e. Authorization Header) as credential information…

Monero mined from OnlineKhabar

It has been discovered that OnlineKhabar, a reputed Nepali news website was abusing users’ trust by using readers computing resources’ without consent for mining Monero, a famous cryptocurrency. While this issue certainly was ethically and…