#Csrf

@swha.online

@swha-online.bsky.social

2 days ago

What is a Cross-Site Request Forgery (CSRF) attack – SWHA Learn what is a Cross-Site Request Forgery (CSRF) attack. Discover how CSRF attacks can occur and learn effective strategies to protect your web applications.

🔍 Understanding Cross-Site Request Forgery (CSRF) Attacks

What is a CSRF attack?
It's a type of attack that manipulates users into executing actions they didn't intend to on web applications where they're already logged in on a website.

blog.swha.online/what-is-a-cr...

Follow me.

#SWHA #CSRF

Offensive Sequence

@offseq.bsky.social

5 days ago

CVE-2026-1508: CWE-352 Cross-Site Request Forgery (CSRF) in Court Reservation CVE-2026-1508 identifies a Cross-Site Request Forgery (CSRF) vulnerability in the Court Reservation WordPress plugin prior to version 1.10.9. The vulnerability stems from the absence of CSRF token validation when processing event deletion r

Court Reservation WP plugin <1.10.9 has a HIGH severity CSRF bug — admins can be tricked into deleting events. Update promptly or add CSRF protections! 🛡️ radar.offseq.com/threat/cve-2026-1508-cwe... #OffSeq #WordPress #CSRF

kalvn

@kalvn.net

1 week ago

CSRF Protection without Tokens or Hidden Form Fields A couple of months ago, I received a request from a random Internet user to add CSRF protection to my little web framework Microdot, and I thought it was a fantastic idea.When I set off to do this…

Protection anti CSRF à l'aide du header `Sec-Fetch-Site`.

🔗 blog.miguelgrinberg.com/post/csrf-protection-wit...

#csrf #HTTP #sécurité

@ilyaswebwon.bsky.social

1 week ago

Cross-Site Request Forgery (CSRF) Testing Token Validation Labs YouTube video by WebWonders

Bypassing #CSRF token Validation:
[ youtu.be/_tkZIDlFuJ0 ]

Offensive Sequence

@offseq.bsky.social

1 week ago

CVE-2026-3589: CWE-352 Cross-Site Request Forgery (CSRF) in Automattic WooCommer CVE-2026-3589 is a security vulnerability classified under CWE-352 (Cross-Site Request Forgery) affecting the WooCommerce plugin for WordPress, specifically versions 5.4.0 through 10.5.2. The vulnerability stems from improper handling of ba

CRITICAL: WooCommerce (5.4.0 – 10.5.2) CSRF flaw (CVE-2026-3589) lets unauth attackers create admin users via REST API. Patch or restrict access now. Details: radar.offseq.com/threat/cve-2026-3589-cwe... #OffSeq #WooCommerce #CSRF

CodigoNautas

@codigonautas.bsky.social

2 weeks ago

Protección CSRF en Next.js 2026: ¿Realmente Sin Tokens? Descubre cómo Next.js maneja la protección CSRF sin tokens. Analizo las Server Actions, la verificación de Origin y cuándo necesitas medidas extra.

¿Sabías que Next.js se protege de CSRF sin usar tokens? 🤔 Me sumergí en su código para revelarte cómo funciona su seguridad en Server Actions y dónde debes tener cuidado. #NextJS #SeguridadWeb #CSRF

CodigoNautas

@codigonautas.bsky.social

1 month ago

Qué es un Ataque CSRF y Cómo Evitarlo (Ejemplos) ¿Sabes qué es un ataque CSRF? Te explico con ejemplo cómo funciona esta vulnerabilidad y cómo proteger tus aplicaciones en Django y Laravel.

¿Tu aplicación es vulnerable a un ataque CSRF? Te explico con un ejemplo práctico cómo funciona esta amenaza y cómo proteger tus proyectos en Django y Laravel. #CSRF #SeguridadWeb #DesarrolloWeb

David Leikam

@davidleikam.bsky.social

1 month ago

California Scottish Rite Foundation | Speech-Language Therapy | Donate Dedicated to support and assist children in California, The California Scottish Rite Foundation is a charitable organization that provides life-changing speech-language and literacy programs for child...

California Scottish Rite Foundation www.casrf.org

GIVE THE FUTURE A VOICE: 1 in 12 children face communication challenges. We provide best-in-class...

GIVE NOW: www.casrf.org/donate

SEE PROGRAMS: www.casrf.org/programs

#children #education #language #literacy #CSRF #California #ScottishRite

Giovanni Popolizio

@giovanni-popolizio.bsky.social

1 month ago

Cross Site Request Forgery: Eh si molto spesso con WordPress. - aiutocomputerhelp CRFS: WordPress è uno degli ambienti dove questo tipo di attacco ha avuto, storicamente, un’enorme superficie reale.

Cross Site Request Forgery: Eh si molto spesso con WordPress.

CSRF, subdolo e efficace. CSRF – Qualche giorno fa mi è arrivata una mail di un lettore. Mi raccontava che il suo blog.....
www.aiutocomputerhelp.it?p=16550

#attacco_CSRF #Cross_Site_Request_Forgery #CSRF #WordPress

Cyber Samir

@cybersamir.bsky.social

2 months ago

CSRF, Open Redirect & Information Leakage Explained (Web Security) CSRF, Open Redirect &amp; Information Leakage Explained By Cybersamir | Explaining Web Security In the world of cybersecurity, we often hear about sophisticated hacks and complex malware. However, some of the most dangerous vulnerabilities are actually quite simple flaws in how websites handle your requests. Today, I want to demystify three common terms you might see in bug bounty reports or security news: &hellip;

Small web flaws can lead to BIG security risks ⚠️
Learn CSRF, Open Redirect, and Information Leakage explained in simple terms—with risks and prevention tips.
👉 Read now

#WebSecurity #CSRF #OpenRedirect #InfoSec #CyberSecurity #OWASP

Nicolas Fränkel 🇪🇺🇺🇦🇬🇪

@frankel.ch

2 months ago

#CSRF Protection without Tokens or Hidden Form Fields

https://blog.miguelgrinb

#infosec

David Senate

@david-senate.bsky.social

3 months ago

[2/2] ...blog.mailixa.io/strong-cross-site-reques...

#php #jquery #csrf #xss #cors #howto #blog #hashnode

[Originally posted: 2023-01-31 12:29 UTC]

Chema Alonso

@chemaalonso.com

4 months ago

HackedGPT: Cómo explotar "Weaknesses" en ChatGPT para hacer Phishing o Exfiltrar Datos Blog personal de Chema Alonso ( https://MyPublicInbox.com/ChemaAlonso ): Ciberseguridad, IA, Innovación, Tecnología, Cómics & Cosas Personasles.

El lado del mal - HackedGPT: Cómo explotar "Weaknesses" en ChatGPT para hacer Phishing o Exfiltrar Datos www.elladodelmal.com/2025/11/hack... #ChatGPT #GPT #Phishing #PromptInjection #Bing #CSRF #IA #AI #Ciberseguridad #Hacking

Chema Alonso

@chemaalonso.com

4 months ago

ChatGPT Atlas: Client-Side Attack CSRF para Contaminar la Memoria con un Prompt Injection que te hackea tu Windows con Vibe Coding Blog personal de Chema Alonso ( https://MyPublicInbox.com/ChemaAlonso ): Ciberseguridad, IA, Innovación, Tecnología, Cómics & Cosas Personasles.

El lado del mal - ChatGPT Atlas: Client-Side Attack CSRF para Contaminar la Memoria con un Prompt Injection que te hackea tu Windows con Vibe Coding www.elladodelmal.com/2025/10/chat... #ChatGPT #Atlas #CSRF #AI #IA #PromptInjection #VibeCoding #Hacking #Exploit #InteligenciaArtificial #Bug

Offensive Sequence

@offseq.bsky.social

4 months ago

Security threat visualization

CVE-2025-12479 (CRITICAL): Azure Access BLU-IC2/IC4 ≤1.19.5 vulnerable to CSRF—full system compromise possible. Deploy WAF, enforce header checks, restrict access! radar.offseq.com/threat/cve-2025-12479-cw... #OffSeq #CSRF #AzureSecurity

Checkmarx Zero

@checkmarxzero.bsky.social

4 months ago

🗞️ This week in #AppSec: a batch of fresh vulnerabilities you may have missed — including multiple high-impact issues in #GitLab and a serious #CSRF flaw in #ApacheGeode. Full details, fixes, and detection tips 👉 buff.ly/slk16bD
#ApplicationSecurity #Infosec #CyberSecurity #DevSecOps 🧵1/7

CyberNetSecIO

@netsecio.bsky.social

4 months ago

New ChatGPT exploit allows attackers to poison the AI's persistent memory via a CSRF flaw. This 'memory tainting' can lead to account takeover and code execution. 🤖🧠 #ChatGPT #AI #Vulnerability #CSRF

Sim4n6🐞

@sim4n6.bsky.social

4 months ago

If the server-side relies on the browser's incoming Content-Type as a #CSRF protection, you can omit the CT entirely using a Blob object as a fetch() body to perform the state-changing operation, and if #CORS is permitted, leak the unleakable.

nastystereo.com/security/cr... #BugBounty

TugaTech 🖥️

@tugate.ch

4 months ago

Microsoft corrige falha ‘mais grave de sempre’ no ASP.NET Core que permite roubo de credenciais

Microsoft corrige falha ‘mais grave de sempre’ no ASP.NET Core que permite roubo de credenciais

#ASPNET #ciberataque #computador #CSRF #cve #grave #http #microsoft #segurança #servidor #vulnerabilidade #vulnerabilidades #web #windows

Offensive Sequence

@offseq.bsky.social

4 months ago

Security threat visualization

WordPress admins: HIGH severity CSRF in mndpsingh287 Theme Editor (all versions ≤3.0) can lead to RCE if an admin clicks a malicious link. Limit admin access & monitor for fixes. radar.offseq.com/threat/cve-2025-9890-cwe... #OffSeq #WordPress #CSRF

Wilda Software

@wildasoftware.bsky.social

5 months ago

Cross-Site Request Forgery Cross-Site Request Forgery countermeasures can be greatly simplified using request metadata provided by modern browsers.

Obecnie wiele frameworków "załatwia" za programistów sprawy prostych zabezpieczeń, takich jak #CSRF. Natomiast to nie oznacza, że nie warto wiedzieć, co się kryje pod tym skrótem i mechanizmem, którego dotyczy.

#CyberSec #Cyberbezpieczeństwo

words.filippo.io/csrf

swisspeace

@swisspeace.bsky.social

6 months ago

CSRF Blog: Community resilience in crisis-affected South Sudan: Bride price as a means to relocate and diversify critical livelihood assets - Conflict Sensitivity Resource Facility This blog by Martina Santschi and CSRF focusses on the critical importance of bride price for resilience and economic security in crisis-affected South Sudan and calls for a better informed and more…

💡 In her new #CSRF Blog article, Martina Santschi explains that the bride price in South Sudan isn’t only about marriage and how aid workers can benefit from considering the risks and benefits.
👉 Read:

h12o

@h12o.mastodon.tokyo.ap.brid.gy

6 months ago

大量の「はまちちゃん」を生み出したCSRFの脆弱性とは？ 「mixi」上で、あるURLをクリックすると「ぼくはまちちゃん！」という日記が勝手にアップされてしまうという現象が多発した。その原因はCSRFの脆弱性だ。

ふと、ぼくはまちちゃん事件がいつのことだったか調べたら、20年前の2005年4月のことだったので、びっくりしている。

www.itmedia.co.jp/enterprise/articles/0504...

#CSRF #ウェブセキュリティ #セキュリティ #ぼくはまちちゃん

enrico

@enriscap.bsky.social

6 months ago

It presents an algorithm to defend web applications running in 2025 updated browsers against #CSRF attacks, also discussing false positives and negatives.

Pretty interesting!

kalvn

@kalvn.net

6 months ago

Cross-Site Request Forgery

La façon de se protéger contre les attaques de type CSRF se sont diversifiées.

🔗 https://words.filippo.io/csrf/

#csrf #sécurité

Offensive Sequence

@offseq.bsky.social

6 months ago

Security threat visualization

CRITICAL: CSRF flaw in ads.txt Guru Connect (≤1.1.1). Review your deployments and monitor for updates—patch guidance not yet available. radar.offseq.com/threat/cve-2025-49381-cw... #OffSeq #CSRF #Vulnerability

Mozilla

@mozilla.activitypub.awakari.com.ap.brid.gy

6 months ago

Maintainers of Last Resort Maintainers of Last Resort Filippo Valsorda founded Geomys last year as an "organization of professional open source maintainers", providing maintenance and suppo...

#csrf #go #open-source #security #filippo-valsorda

Origin | Interest | Match

2rZiKKbOU3nTafniR2qMMSE0gwZ

@2rzikkbou3ntafnir2qmmse0gwz.activitypub.awakari.com.ap.brid.gy

6 months ago

Battling the Silent Threat: A Practical Guide to Preventing CSRF Attacks Cross-Site Request Forgery (CSRF, pronounced "sea-surf") is a sneaky and dangerous web vulnerability....

Battling the Silent Threat: A Practical Guide to Preventing CSRF Attacks Cross-Site Request Forgery (CSRF, pronounced "sea-surf") is a sneaky and dangerous web vulnerability. Classified as ...

#cybersecurity #webdev #csrf #security

Origin | Interest | Match

Sharp Coder Blog

@sharpcoderblog.com

7 months ago

Advanced Django Techniques for Scalable and Secure Applications Django is a powerful web framework that simplifies many aspects of web development. As your Django applications grow, scaling them effectively and ensuring security become cr...

Advanced Django Techniques for Scalable and Secure Applications #Django #Scalability #Security #Performance #Database #Caching #Async #Celery #Channels #Csrf #Https #Api

2rZiKKbOU3nTafniR2qMMSE0gwZ

@2rzikkbou3ntafnir2qmmse0gwz.activitypub.awakari.com.ap.brid.gy

7 months ago

CISA Adds Cisco ISE and PaperCut Vulnerabilities to Known Exploited Vulnerabilities Catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert, adding thre...

#Firewall #Daily #Cyber #News #Vulnerabilities #CISA […]

[Original post on thecyberexpress.com]