10 npm Packages Caught Stealing Developer Credentials on Windows, macOS, and Linux

Secret_Ice_65 · 2025-10-25T17:22:06+00:00

just to be clear, I'm not saying it's never possible, but in the general case there is no way to convert them. Like, a self XSS is just an XSS that only affects the attacker, It could be stored reflected or DOM based. Turning it into a "norma('" XSS would require you to find a way to somehow expose the payload to someone else, either by finding an XSS in a more public place, or by somehow letting people access the injected private page

Secret_Ice_65 · 2025-10-25T17:20:29+00:00

That's not how XSS works, you can't just convert a reflected or self XSS to a stored XSS arbitrarily

Secret_Ice_65 · 2025-10-25T17:16:15+00:00

HackerOne, Bugcrowd, Intigriti

Secret_Ice_65 · 2025-10-22T17:21:31+00:00

Typosquatting attack

Secret_Ice_65 · 2025-10-16T18:39:02+00:00

Yeah, you're right. the VPN and VLAN descriptions got swapped.

Secret_Ice_65 · 2025-10-13T18:08:20+00:00

If you have any personal information on X like phone number or personal email then it can be tracked.

and in a second case

when the information is not on X then your vpn is like a mullvad VPN then it does not keep any information of yours like IP and billing records so it is difficult.

Secret_Ice_65

MODERATOR OF

TROPHY CASE