#http — Public Fediverse posts

Disclosing new PebbleDash-based tools

Kaspersky researchers conducted an in-depth analysis of Kimsuky APT activity, revealing tactical shifts and new malware variants based on the PebbleDash platform. The group introduced HelloDoor, a Rust-based backdoor, httpMalice leveraging HTTP and Dropbox communications, and updated MemLoad and httpTroy variants. Kimsuky maintains persistence through legitimate tools including VSCode Tunneling with GitHub authentication and DWAgent remote management software. Initial access occurs via spear-phishing with malicious attachments disguised as documents. The group primarily targets South Korean entities across government and defense sectors, with additional PebbleDash attacks observed in Brazil and Germany. Infrastructure relies on free South Korean hosting services and tunneling services like Cloudflare Quick Tunnels and Ngrok. Both PebbleDash and AppleSeed malware clusters demonstrate ongoing development with shared distribution methods, stolen certificates, and overlapping targets, indicating single-actor c...

Pulse ID: 6a05af0979e3cc1214a50d4e
Pulse Link: https://otx.alienvault.com/pulse/6a05af0979e3cc1214a50d4e
Pulse Author: AlienVault
Created: 2026-05-14 11:16:25

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AppleSeed #BackDoor #Brazil #Cloud #CyberSecurity #Dropbox #Germany #GitHub #Government #HTTP #InfoSec #Kaspersky #Kimsuky #Korea #Malware #OTX #OpenThreatExchange #Phishing #RAT #Rust #SouthKorea #SpearPhishing #UK #bot #AlienVault

𝗠𝗼𝘁𝗿𝗶𝘅:

#DownloadManager #FTP #HTTP #BitTorrent #Motrix

https://thewhale.cc/posts/motrix

Motrix is a free, cross platform and open source full-featured download manager. Its design is clean and it supports downloading HTTP, FTP, BitTorrent, Magnet, Baidu Net Disk etc.

Kevin Boone has: In praise of HTTP. https://kevinboone.me/in_praise_of_http.html #HTTP

Honeypot reveals botnet exploiting scriptText to launch DDoS attacks on game servers

Analysts observed attackers exploiting a Jenkins honeypot to deploy a new DDoS botnet targeting video game servers. Leveraging Jenkins scriptText abuse, the threat actors achieved remote code execution by sending malicious Groovy scripts to intentionally misconfigured instances with weak passwords. The multi-platform payload targets both Windows and Linux systems, deploying malware that evades detection through process renaming and daemonization. The botnet supports multiple attack vectors including UDP floods, TCP attacks, HTTP requests, and game-specific techniques targeting Valve Source Engine servers. Infrastructure hosted in Vietnam serves dual purposes for payload distribution and command-and-control communications. The campaign demonstrates continued opportunistic exploitation of internet-facing services, with gaming industry servers being primary targets for distributed denial-of-service attacks.

Pulse ID: 6a0199674dd4cf450633dd32
Pulse Link: https://otx.alienvault.com/pulse/6a0199674dd4cf450633dd32
Pulse Author: AlienVault
Created: 2026-05-11 08:55:03

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #DDoS #DoS #HTTP #HoneyPot #InfoSec #Linux #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #RCE #RemoteCodeExecution #TCP #UDP #Vietnam #Windows #Word #bot #botnet #AlienVault

Honeypot reveals botnet exploiting scriptText to launch DDoS attacks on game servers

Analysts observed attackers exploiting a Jenkins honeypot to deploy a new DDoS botnet targeting video game servers. Leveraging Jenkins scriptText abuse, the threat actors achieved remote code execution by sending malicious Groovy scripts to intentionally misconfigured instances with weak passwords. The multi-platform payload targets both Windows and Linux systems, deploying malware that evades detection through process renaming and daemonization. The botnet supports multiple attack vectors including UDP floods, TCP attacks, HTTP requests, and game-specific techniques targeting Valve Source Engine servers. Infrastructure hosted in Vietnam serves dual purposes for payload distribution and command-and-control communications. The campaign demonstrates continued opportunistic exploitation of internet-facing services, with gaming industry servers being primary targets for distributed denial-of-service attacks.

Pulse ID: 6a0199674dd4cf450633dd32
Pulse Link: https://otx.alienvault.com/pulse/6a0199674dd4cf450633dd32
Pulse Author: AlienVault
Created: 2026-05-11 08:55:03

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #DDoS #DoS #HTTP #HoneyPot #InfoSec #Linux #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #RCE #RemoteCodeExecution #TCP #UDP #Vietnam #Windows #Word #bot #botnet #AlienVault

Honeypot reveals botnet exploiting scriptText to launch DDoS attacks on game servers

Analysts observed attackers exploiting a Jenkins honeypot to deploy a new DDoS botnet targeting video game servers. Leveraging Jenkins scriptText abuse, the threat actors achieved remote code execution by sending malicious Groovy scripts to intentionally misconfigured instances with weak passwords. The multi-platform payload targets both Windows and Linux systems, deploying malware that evades detection through process renaming and daemonization. The botnet supports multiple attack vectors including UDP floods, TCP attacks, HTTP requests, and game-specific techniques targeting Valve Source Engine servers. Infrastructure hosted in Vietnam serves dual purposes for payload distribution and command-and-control communications. The campaign demonstrates continued opportunistic exploitation of internet-facing services, with gaming industry servers being primary targets for distributed denial-of-service attacks.

Pulse ID: 6a0199674dd4cf450633dd32
Pulse Link: https://otx.alienvault.com/pulse/6a0199674dd4cf450633dd32
Pulse Author: AlienVault
Created: 2026-05-11 08:55:03

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #DDoS #DoS #HTTP #HoneyPot #InfoSec #Linux #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #RCE #RemoteCodeExecution #TCP #UDP #Vietnam #Windows #Word #bot #botnet #AlienVault

Honeypot reveals botnet exploiting scriptText to launch DDoS attacks on game servers

Analysts observed attackers exploiting a Jenkins honeypot to deploy a new DDoS botnet targeting video game servers. Leveraging Jenkins scriptText abuse, the threat actors achieved remote code execution by sending malicious Groovy scripts to intentionally misconfigured instances with weak passwords. The multi-platform payload targets both Windows and Linux systems, deploying malware that evades detection through process renaming and daemonization. The botnet supports multiple attack vectors including UDP floods, TCP attacks, HTTP requests, and game-specific techniques targeting Valve Source Engine servers. Infrastructure hosted in Vietnam serves dual purposes for payload distribution and command-and-control communications. The campaign demonstrates continued opportunistic exploitation of internet-facing services, with gaming industry servers being primary targets for distributed denial-of-service attacks.

Pulse ID: 6a0199674dd4cf450633dd32
Pulse Link: https://otx.alienvault.com/pulse/6a0199674dd4cf450633dd32
Pulse Author: AlienVault
Created: 2026-05-11 08:55:03

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #DDoS #DoS #HTTP #HoneyPot #InfoSec #Linux #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #RCE #RemoteCodeExecution #TCP #UDP #Vietnam #Windows #Word #bot #botnet #AlienVault

Honeypot reveals botnet exploiting scriptText to launch DDoS attacks on game servers

Analysts observed attackers exploiting a Jenkins honeypot to deploy a new DDoS botnet targeting video game servers. Leveraging Jenkins scriptText abuse, the threat actors achieved remote code execution by sending malicious Groovy scripts to intentionally misconfigured instances with weak passwords. The multi-platform payload targets both Windows and Linux systems, deploying malware that evades detection through process renaming and daemonization. The botnet supports multiple attack vectors including UDP floods, TCP attacks, HTTP requests, and game-specific techniques targeting Valve Source Engine servers. Infrastructure hosted in Vietnam serves dual purposes for payload distribution and command-and-control communications. The campaign demonstrates continued opportunistic exploitation of internet-facing services, with gaming industry servers being primary targets for distributed denial-of-service attacks.

Pulse ID: 6a0199674dd4cf450633dd32
Pulse Link: https://otx.alienvault.com/pulse/6a0199674dd4cf450633dd32
Pulse Author: AlienVault
Created: 2026-05-11 08:55:03

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #DDoS #DoS #HTTP #HoneyPot #InfoSec #Linux #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #RCE #RemoteCodeExecution #TCP #UDP #Vietnam #Windows #Word #bot #botnet #AlienVault

"Better Browser Caching with No-Vary-Search" by @csswizardry

OK, this is really useful and I had absolutely zero clue about the existence of this response header. Thank you so much for this write-up and the great stuff you do for the web Harry!

https://csswizardry.com/2026/05/better-browser-caching-with-no-vary-search/

#performance #http

HTTP/1 vs HTTP/2 vs HTTP/3 This article provides a detailed, clear-cut analysis of HTTP/1 vs HTTP/2 vs HTTP/3, focusing on how each version improves (or fails to improve) web performance, efficiency, and modern use cases.
What is HTTP?
HTTP stands for Hypertext Transfer Protocol. It’s the foundation of data communication on the World Wide Web. When you visit a website, your browser uses #HTTP to request content (like text, images, videos) ...
Continued 👉 https://blog.radwebhosting.com/http-1-vs-http-2-vs-http-3/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social #quiccloud

Operation GriefLure: Dissecting an APT Campaign Targeting Vietnam's Military Telecom & Philippine Healthcare

A sophisticated spear phishing campaign dubbed Operation GriefLure targeted senior executives of Viettel Group, Vietnam's largest military-owned telecommunications provider, and St. Luke's Medical Center in the Philippines. The operation weaponized authentic legal documents from a genuine data breach dispute involving a Vietnamese citizen and Viettel, alongside fabricated whistleblower complaints targeting Philippine healthcare administrators. Attackers delivered malicious Windows LNK files within nested RAR archives, abusing native ftp.exe as a Living-off-the-Land dropper. Upon execution, the payload assembled polymorphic implants directly on disk from chunked .doc files, establishing persistence while displaying legitimate decoy PDFs. The malware enabled remote access through process injection, credential harvesting from browsers and remote access tools, screenshot capture, and file exfiltration via HTTPS C2 communication to infrastructure hosted on bulletproof Hong Kong servers.

Pulse ID: 69fc841d0cbc4c199d708315
Pulse Link: https://otx.alienvault.com/pulse/69fc841d0cbc4c199d708315
Pulse Author: AlienVault
Created: 2026-05-07 12:22:53

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #CredentialHarvesting #CyberSecurity #DataBreach #HTTP #HTTPS #Healthcare #HongKong #InfoSec #LNK #Malware #Military #OTX #OpenThreatExchange #PDF #Philippines #Phishing #RAT #SpearPhishing #Telecom #Telecommunication #UK #Vietnam #Windows #bot #AlienVault

#Development #Guides
Browser caching with No-Vary-Search · Better HTTP caching by ignoring irrelevant query parameters https://ilo.im/16crk2

_____
#Caching #URL #UrlParameters #HTTP #HttpCache #HttpHeaders #Browsers #WebPerf #WebDev #Frontend

🦖 Access-Control-Allow-Credentials header
✅ Widely available (from Jul 2015)

https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Access-Control-Allow-Credentials

The HTTP Access-Control-Allow-Credentials response header tells browsers whether the server allows credentials to be included in cross-origin HTTP requests.

#webdev #HTTP

Operation Silent Rotor: Rust-Based Malware Targets Eurasian Unmanned Aviation Sector Ahead of Moscow Summit

A sophisticated spear phishing campaign targets professionals in the Eurasian unmanned aviation sector, timed to coincide with the XIII Eurasian International Forum 'Unmanned Aviation 2026' in Moscow. The attack delivers malicious archives containing Rust-based executables disguised as legitimate documents from the Russian Aeronautical Information Center. The malware displays aviation-themed decoy documents in Russian while collecting system information including hostnames, volume serial numbers, network adapter details, and environment variables. Collected data is encrypted via XOR and exfiltrated to a C2 server over HTTPS. The malware subsequently downloads and executes a second-stage payload using AES-256 decryption. The campaign demonstrates targeted social engineering with realistic aviation order documents, translation certificates, and product summaries to compromise victims in Russia, Tajikistan, Central Asia, Middle East and Europe.

Pulse ID: 69fb57e600c03f5a6ac63de0
Pulse Link: https://otx.alienvault.com/pulse/69fb57e600c03f5a6ac63de0
Pulse Author: AlienVault
Created: 2026-05-06 15:01:58

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Asia #CentralAsia #CyberSecurity #Europe #HTTP #HTTPS #InfoSec #Malware #MiddleEast #OTX #OpenThreatExchange #Phishing #RAT #Russia #Rust #SocialEngineering #SpearPhishing #bot #AlienVault

Salat Malware Uses Multiple Persistant Methods With Stealthy C2 Server

A new windows malware family named as Salat Stealer has been discoverd. It acts as a legitimate system process including explorer.exe, svchost.exe or Isass.exe. It supports to exfiltrate user sensitive data and critical credentials via HTTP/3 based Command and Control server.

Pulse ID: 69fbf302ea01bd20e28b040a
Pulse Link: https://otx.alienvault.com/pulse/69fbf302ea01bd20e28b040a
Pulse Author: cryptocti
Created: 2026-05-07 02:03:46

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #HTTP #InfoSec #Malware #OTX #OpenThreatExchange #RAT #Windows #bot #cryptocti

Apache HTTP Server: Highly critical flaws allow malicious code injection

In Apache HTTP Server 2.4.67, developers are patching several security vulnerabilities, some of which allow the injection of malicious code.

https://www.heise.de/en/news/Apache-HTTP-Server-Highly-critical-flaws-allow-malicious-code-injection-11284235.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#Apache #HTTP #IT #Security #Sicherheitslücken #Updates #news

Apache HTTP Server: Hochriskante Lücken ermöglichen Einschleusen von Schadcode

Im Apache HTTP Server 2.4.67 stopfen die Entwickler mehrere Sicherheitslücken, die teils das Einschleusen von Schadcode ermöglichen.

https://www.heise.de/news/Apache-HTTP-Server-Hochriskante-Luecken-ermoeglichen-Einschleusen-von-Schadcode-11284090.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#Apache #HTTP #IT #Security #Sicherheitslücken #Updates #news

Мифы про REST API. Часть 3

Привет всем, на связи снова Дарья Борисова, системный аналитик из ПСБ. Продолжаю развеивать мифы о REST API. Если вы пропустили первую и вторую часть, то советую заглянуть туда: ведь мы уже разобрали некоторые заблуждения о природе REST. Сегодня мы разберем нюансы транспортных и бизнес-ошибок, погрузимся в кеширование и узнаем, действительно ли REST должен быть прокси для базы данных. Переходите под кат, начинаем!

https://habr.com/ru/companies/psb/articles/1031002/

#rest #rest_api #restful_api #http #кеширование #ошибки #ошибки_на_сайте

That AI Extension Helping You Write Emails? It's Reading Them First

Researchers discovered 18 malicious AI browser extensions masquerading as productivity tools that deliver remote access trojans, meddler-in-the-middle attacks, and infostealers. These extensions exploit the rise of generative AI to target prompts, user behavior, and browser sessions through API interception, passive DOM observation, traffic proxying, and HTTPS response decryption. Examples include extensions that surveil emails during composition, intercept ChatGPT prompts, and exfiltrate passwords. Multiple samples contained AI-generated code indicating threat actors employed large language models to accelerate production. Google removed or issued warnings for all 18 reported extensions. These malicious tools specifically target sensitive data including AI API keys, authentication credentials, email content, and proprietary session information by exploiting user trust in AI-branded applications.

Pulse ID: 69f3e871eb2a73cd5c8bee7e
Pulse Link: https://otx.alienvault.com/pulse/69f3e871eb2a73cd5c8bee7e
Pulse Author: AlienVault
Created: 2026-04-30 23:40:33

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #ChatGPT #CyberSecurity #Email #Google #HTTP #HTTPS #InfoSec #InfoStealer #OTX #OpenThreatExchange #Password #Passwords #Proxy #RAT #RCE #RemoteAccessTrojan #Rust #Trojan #Word #bot #AlienVault

An In-Depth Analysis of Novel KarstoRAT Malware

KarstoRAT is a newly identified remote access trojan that emerged in early 2026, combining surveillance, credential theft, and remote command execution capabilities. The malware supports extensive post-compromise operations including system reconnaissance, screenshot and audio capture, webcam monitoring, keylogging, and token theft. It communicates with a C2 server at 212.227.65[.]132 using HTTP protocols with the user agent 'SecurityNotifier'. Distribution occurs through gaming-themed lure pages targeting Roblox players and FPS/GTA modders via fake cheat loaders. KarstoRAT employs multiple persistence mechanisms through registry keys, scheduled tasks, and startup folders, while featuring a UAC bypass using the fodhelper.exe technique. The malware has not been publicly advertised on cybercrime forums, suggesting private development and limited operator use rather than commodity distribution.

Pulse ID: 69f3653e6f25eb53d5d343b1
Pulse Link: https://otx.alienvault.com/pulse/69f3653e6f25eb53d5d343b1
Pulse Author: AlienVault
Created: 2026-04-30 14:20:46

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberCrime #CyberSecurity #HTTP #InfoSec #Malware #OTX #OpenThreatExchange #RAT #RemoteAccessTrojan #RemoteCommandExecution #SMS #Trojan #bot #AlienVault

[Перевод] FastCGI исполнилось 30 лет, и он до сих пор лучше HTTP для прокси-к-бэкенду

Знаете, кому 29 апреля стукнуло 30 лет? Спецификации FastCGI. Тридцать лет с 1996 года. Погодите. Эта заметка не про ностальгию по .fcgi -скриптам, которые на каждый запрос форкали отдельный процесс и которыми сегодня никто не пользуется. И не про CGI вообще. Разговор о другом. У нас всех в проде между прокси и бэкендом обычно стоит HTTP. nginx перед Go-приложением, Caddy перед Python-сервисом, Apache перед PHP-FPM, неважно, поверх там HTTP/1.1 или HTTP/2. И вот Эндрю Айер на agwa.name к юбилею FastCGI собрал аргументы, что этот участок инфраструктуры всё это время сидит на не самом удачном протоколе. Айер основатель SSLMate, и в SSLMate всё крутится на FastCGI в проде уже больше десяти лет. Так что пишет не теоретически. Заметка короткая и по делу. HN-тред собрал сотню комментариев , для 2026 года это не топ, но там пишут люди, которые знают, о чём говорят. Если попроще, аргумент такой: у HTTP как протокола между прокси и бэкендом есть два структурных бага, которых у FastCGI нет, и индустрия за тридцать лет так и не нашла повода переехать. А обсуждение в треде ушло дальше: почему вообще HTTP победил, если он хуже технически. И ответ оказался любопытнее самого аргумента.

https://habr.com/ru/articles/1030882/

#fastcgi #http #reverseproxy #request_smuggling #desync #nginx #webинфраструктура #прокси

DDoS Malware Exploiting Jenkins Servers to Attack Valve Source Gaming Infrastructure

A newly discovered DDoS botnet campaign abuses exposed Jenkins servers with weak authentication to deliver Windows and Linux payloads. The malware turns compromised hosts into bots and targets Valve Source Engine game servers using UDP floods, TCP push attacks, HTTP floods and query-based amplification attacks.

Pulse ID: 69f735ac2403f4a4cb9ca4c3
Pulse Link: https://otx.alienvault.com/pulse/69f735ac2403f4a4cb9ca4c3
Pulse Author: cryptocti
Created: 2026-05-03 11:46:52

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #DDoS #DoS #HTTP #InfoSec #Linux #Malware #OTX #OpenThreatExchange #RCE #TCP #UDP #Windows #bot #botnet #cryptocti

DDoS Malware Exploiting Jenkins Servers to Attack Valve Source Gaming Infrastructure

A newly discovered DDoS botnet campaign abuses exposed Jenkins servers with weak authentication to deliver Windows and Linux payloads. The malware turns compromised hosts into bots and targets Valve Source Engine game servers using UDP floods, TCP push attacks, HTTP floods and query-based amplification attacks.

Pulse ID: 69f735ac2403f4a4cb9ca4c3
Pulse Link: https://otx.alienvault.com/pulse/69f735ac2403f4a4cb9ca4c3
Pulse Author: cryptocti
Created: 2026-05-03 11:46:52

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #DDoS #DoS #HTTP #InfoSec #Linux #Malware #OTX #OpenThreatExchange #RCE #TCP #UDP #Windows #bot #botnet #cryptocti

DDoS Malware Exploiting Jenkins Servers to Attack Valve Source Gaming Infrastructure

A newly discovered DDoS botnet campaign abuses exposed Jenkins servers with weak authentication to deliver Windows and Linux payloads. The malware turns compromised hosts into bots and targets Valve Source Engine game servers using UDP floods, TCP push attacks, HTTP floods and query-based amplification attacks.

Pulse ID: 69f735ac2403f4a4cb9ca4c3
Pulse Link: https://otx.alienvault.com/pulse/69f735ac2403f4a4cb9ca4c3
Pulse Author: cryptocti
Created: 2026-05-03 11:46:52

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #DDoS #DoS #HTTP #InfoSec #Linux #Malware #OTX #OpenThreatExchange #RCE #TCP #UDP #Windows #bot #botnet #cryptocti

DDoS Malware Exploiting Jenkins Servers to Attack Valve Source Gaming Infrastructure

A newly discovered DDoS botnet campaign abuses exposed Jenkins servers with weak authentication to deliver Windows and Linux payloads. The malware turns compromised hosts into bots and targets Valve Source Engine game servers using UDP floods, TCP push attacks, HTTP floods and query-based amplification attacks.

Pulse ID: 69f735ac2403f4a4cb9ca4c3
Pulse Link: https://otx.alienvault.com/pulse/69f735ac2403f4a4cb9ca4c3
Pulse Author: cryptocti
Created: 2026-05-03 11:46:52

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #DDoS #DoS #HTTP #InfoSec #Linux #Malware #OTX #OpenThreatExchange #RCE #TCP #UDP #Windows #bot #botnet #cryptocti

DDoS Malware Exploiting Jenkins Servers to Attack Valve Source Gaming Infrastructure

A newly discovered DDoS botnet campaign abuses exposed Jenkins servers with weak authentication to deliver Windows and Linux payloads. The malware turns compromised hosts into bots and targets Valve Source Engine game servers using UDP floods, TCP push attacks, HTTP floods and query-based amplification attacks.

Pulse ID: 69f735ac2403f4a4cb9ca4c3
Pulse Link: https://otx.alienvault.com/pulse/69f735ac2403f4a4cb9ca4c3
Pulse Author: cryptocti
Created: 2026-05-03 11:46:52

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #DDoS #DoS #HTTP #InfoSec #Linux #Malware #OTX #OpenThreatExchange #RCE #TCP #UDP #Windows #bot #botnet #cryptocti

Переехал с Nginx на хосте на Traefik в контейнере на одном из серверов.

Потерял 4 миллисекунды.

На обычных запросах к типичным веб-приложениям это невозможно заметить. Но на моём самом быстром сервисе, который отвечал всего за 2 миллисекунды разница выглядит гораздо более радикально.

#server #HTTP #Nginx #Traefik #proxy #log #metrics #monitoring

Ein Paketverlust und plötzlich steht alles? HTTP/2 über TCP leidet an Head-of-Line-Blocking. Wanderson Xesquevixos erklärt, wie #HTTP/3/QUIC das löst & wie es in #Java26 aktiviert wird.

So simpel ist der Einstieg! Jetzt lesen: https://javapro.io/de/java-26-uebernimmt-http-3-mit-der-weiterentwicklung-des-httpclient/

#Java #HTTP3 #Performance

Peripetie #danielberanekCZ (Od pultu přes #ZUR a #PSY až k #SEO a #copy)

kapitola narvaná inf. o SEO, webu, serveru, #HTTP/#HTTPS, #penalizace #YMYL, #Mobilegeddon, #AMP, #cache, #LiteSpeed, #thincontent - a jejich řešení

https://danielberanek.cz/od-pultu-az-k-seo-a-copy-s-ostrymi-hroty-profesni-bio/#peripetie-danielberanekcz

The npm Threat Landscape: Attack Surface and Mitigations

The npm ecosystem experienced a critical shift in September 2025 with the Shai-Hulud worm, marking the transition from isolated attacks to systematic supply chain compromises. In April 2026, TeamPCP launched a coordinated campaign through a malicious @bitwarden/cli package targeting multiple distribution channels including Docker Hub, GitHub Actions, and VS Code extensions. The multi-stage payload employs advanced obfuscation, harvests credentials from cloud providers and developer workstations, exfiltrates data through encrypted HTTPS and GitHub repositories, and self-propagates by backdooring npm packages using stolen tokens. The malware implements GitHub's search API as a resilient command-and-control fallback mechanism and features anti-detection measures including Russian locale killswitches. This represents an evolution toward wormable propagation, infrastructure-level persistence, and dormant payloads that activate under specific conditions.

Pulse ID: 69ec0475e74facdf3bf89ce1
Pulse Link: https://otx.alienvault.com/pulse/69ec0475e74facdf3bf89ce1
Pulse Author: AlienVault
Created: 2026-04-25 00:01:57

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #Cloud #CyberSecurity #Docker #ELF #GitHub #HTTP #HTTPS #InfoSec #Malware #NPM #OTX #OpenThreatExchange #RAT #Russia #SupplyChain #Worm #bot #AlienVault

Next update will include the custom editor fonts also in the Proxygen Mac app! 🅰️

By the way, I just love the Nord theme for HTTP! 😍

#http #proxy #iosdev #macdev

Same packet, different magic: Hits India's banking sector and Korea geopolitics

A new variant of the LOTUSLITE backdoor, version 1.1, has been identified targeting India's banking sector and South Korean diplomatic circles. The backdoor is delivered via DLL sideloading using legitimate Microsoft-signed executables and initially through CHM files containing malicious JavaScript. It communicates with dynamic DNS-based command-and-control servers over HTTPS, supporting remote shell access, file operations and session management. Code-level analysis reveals direct lineage to LOTUSLITE v1.0, including identical command structures, shared persistence mechanisms, and residual exports from the original codebase. The campaign demonstrates incremental improvements including updated magic values, API resolution techniques, and delivery mechanisms evolving from CHM-based to JavaScript loaders to DLL sideloading. Infrastructure hosted under Dynu Systems shows continuity with previous operations.

Pulse ID: 69e827168edcf67707285b4e
Pulse Link: https://otx.alienvault.com/pulse/69e827168edcf67707285b4e
Pulse Author: AlienVault
Created: 2026-04-22 01:40:38

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #Bank #CyberSecurity #DNS #HTTP #HTTPS #ICS #India #InfoSec #Java #JavaScript #Korea #Microsoft #OTX #OpenThreatExchange #RAT #SMS #SideLoading #SouthKorea #bot #AlienVault

Using KATA and KEDR to detect the AdaptixC2 agent

AdaptixC2 is an emerging open-source post-exploitation framework rapidly adopted by threat actors in APT attacks and ransomware campaigns. Written in Go and C++, it supports Windows, macOS, and Linux with extensive modularity through Beacon Object Files (BOFs). The framework enables diverse command-and-control channels including HTTP/S, TCP, mTLS, DNS, DoH, and SMB with RC4 encryption throughout. It implements sophisticated evasion techniques targeting both network detection systems and endpoint defenses. Despite advanced obfuscation capabilities, network-level detection remains viable through analysis of distinctive communication patterns, header structures, and behavioral indicators. The framework supports credential harvesting via LSASS dumping, LAPS exploitation, and Kerberos attacks, alongside defense evasion through process injection and lateral movement via WinRM and PsExec. Combined NDR and EDR solutions provide effective multi-layered detection coverage against AdaptixC2 operations across network ...

Pulse ID: 69e2824daddc65cc4bab207d
Pulse Link: https://otx.alienvault.com/pulse/69e2824daddc65cc4bab207d
Pulse Author: AlienVault
Created: 2026-04-17 18:56:13

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CredentialHarvesting #CyberSecurity #DNS #EDR #Encryption #Endpoint #HTTP #InfoSec #Linux #Mac #MacOS #OTX #OpenThreatExchange #PsExec #RAT #RCE #RansomWare #SMB #TCP #TLS #Windows #bot #AlienVault

Tracking Mirai Variant Nexcorium: A Vulnerability-Driven IoT Botnet Campaign

Nexcorium is a multi-architecture Mirai variant exploiting CVE-2024-3721 in TBK DVR devices to build a botnet for distributed denial-of-service attacks. The campaign, attributed to Nexus Team based on custom HTTP headers, uses OS command injection to deliver malware across ARM, MIPS, and x86-64 architectures. The malware implements multiple persistence mechanisms including init configuration, startup scripts, systemd services, and cron jobs. It features XOR-encoded configurations, self-integrity checks, and self-replication capabilities. Attack capabilities include UDP flood, TCP SYN flood, TCP ACK flood, and VSE query flood among others. The botnet spreads through brute-force attacks using default credentials and exploits CVE-2017-17215 targeting Huawei HG532 devices, demonstrating typical IoT-focused botnet characteristics.

Pulse ID: 69e2824d25c0dbc3e1de156b
Pulse Link: https://otx.alienvault.com/pulse/69e2824d25c0dbc3e1de156b
Pulse Author: AlienVault
Created: 2026-04-17 18:56:13

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ELF #GRIT #HTTP #ICS #InfoSec #IoT #Malware #Mirai #OTX #OpenThreatExchange #RAT #RCE #SMS #TCP #UDP #Vulnerability #bot #botnet #AlienVault

Tracking Mirai Variant Nexcorium: A Vulnerability-Driven IoT Botnet Campaign

Nexcorium is a multi-architecture Mirai variant exploiting CVE-2024-3721 in TBK DVR devices to build a botnet for distributed denial-of-service attacks. The campaign, attributed to Nexus Team based on custom HTTP headers, uses OS command injection to deliver malware across ARM, MIPS, and x86-64 architectures. The malware implements multiple persistence mechanisms including init configuration, startup scripts, systemd services, and cron jobs. It features XOR-encoded configurations, self-integrity checks, and self-replication capabilities. Attack capabilities include UDP flood, TCP SYN flood, TCP ACK flood, and VSE query flood among others. The botnet spreads through brute-force attacks using default credentials and exploits CVE-2017-17215 targeting Huawei HG532 devices, demonstrating typical IoT-focused botnet characteristics.

Pulse ID: 69e2824d25c0dbc3e1de156b
Pulse Link: https://otx.alienvault.com/pulse/69e2824d25c0dbc3e1de156b
Pulse Author: AlienVault
Created: 2026-04-17 18:56:13

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ELF #GRIT #HTTP #ICS #InfoSec #IoT #Malware #Mirai #OTX #OpenThreatExchange #RAT #RCE #SMS #TCP #UDP #Vulnerability #bot #botnet #AlienVault

Tracking Mirai Variant Nexcorium: A Vulnerability-Driven IoT Botnet Campaign

Nexcorium is a multi-architecture Mirai variant exploiting CVE-2024-3721 in TBK DVR devices to build a botnet for distributed denial-of-service attacks. The campaign, attributed to Nexus Team based on custom HTTP headers, uses OS command injection to deliver malware across ARM, MIPS, and x86-64 architectures. The malware implements multiple persistence mechanisms including init configuration, startup scripts, systemd services, and cron jobs. It features XOR-encoded configurations, self-integrity checks, and self-replication capabilities. Attack capabilities include UDP flood, TCP SYN flood, TCP ACK flood, and VSE query flood among others. The botnet spreads through brute-force attacks using default credentials and exploits CVE-2017-17215 targeting Huawei HG532 devices, demonstrating typical IoT-focused botnet characteristics.

Pulse ID: 69e2824d25c0dbc3e1de156b
Pulse Link: https://otx.alienvault.com/pulse/69e2824d25c0dbc3e1de156b
Pulse Author: AlienVault
Created: 2026-04-17 18:56:13

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ELF #GRIT #HTTP #ICS #InfoSec #IoT #Malware #Mirai #OTX #OpenThreatExchange #RAT #RCE #SMS #TCP #UDP #Vulnerability #bot #botnet #AlienVault

Tracking Mirai Variant Nexcorium: A Vulnerability-Driven IoT Botnet Campaign

Nexcorium is a multi-architecture Mirai variant exploiting CVE-2024-3721 in TBK DVR devices to build a botnet for distributed denial-of-service attacks. The campaign, attributed to Nexus Team based on custom HTTP headers, uses OS command injection to deliver malware across ARM, MIPS, and x86-64 architectures. The malware implements multiple persistence mechanisms including init configuration, startup scripts, systemd services, and cron jobs. It features XOR-encoded configurations, self-integrity checks, and self-replication capabilities. Attack capabilities include UDP flood, TCP SYN flood, TCP ACK flood, and VSE query flood among others. The botnet spreads through brute-force attacks using default credentials and exploits CVE-2017-17215 targeting Huawei HG532 devices, demonstrating typical IoT-focused botnet characteristics.

Pulse ID: 69e2824d25c0dbc3e1de156b
Pulse Link: https://otx.alienvault.com/pulse/69e2824d25c0dbc3e1de156b
Pulse Author: AlienVault
Created: 2026-04-17 18:56:13

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ELF #GRIT #HTTP #ICS #InfoSec #IoT #Malware #Mirai #OTX #OpenThreatExchange #RAT #RCE #SMS #TCP #UDP #Vulnerability #bot #botnet #AlienVault

Tracking Mirai Variant Nexcorium: A Vulnerability-Driven IoT Botnet Campaign

Nexcorium is a multi-architecture Mirai variant exploiting CVE-2024-3721 in TBK DVR devices to build a botnet for distributed denial-of-service attacks. The campaign, attributed to Nexus Team based on custom HTTP headers, uses OS command injection to deliver malware across ARM, MIPS, and x86-64 architectures. The malware implements multiple persistence mechanisms including init configuration, startup scripts, systemd services, and cron jobs. It features XOR-encoded configurations, self-integrity checks, and self-replication capabilities. Attack capabilities include UDP flood, TCP SYN flood, TCP ACK flood, and VSE query flood among others. The botnet spreads through brute-force attacks using default credentials and exploits CVE-2017-17215 targeting Huawei HG532 devices, demonstrating typical IoT-focused botnet characteristics.

Pulse ID: 69e2824d25c0dbc3e1de156b
Pulse Link: https://otx.alienvault.com/pulse/69e2824d25c0dbc3e1de156b
Pulse Author: AlienVault
Created: 2026-04-17 18:56:13

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ELF #GRIT #HTTP #ICS #InfoSec #IoT #Malware #Mirai #OTX #OpenThreatExchange #RAT #RCE #SMS #TCP #UDP #Vulnerability #bot #botnet #AlienVault

This is a crucial program on my Android devices. The more Open Source communication software I use the more I need Open Source notification systems; this works flawless

#ntfy #notifications #programming #Android #Linux #sh #bash #csh #ksh #zsh #fish #curl #http #javascript #golang #powershell #python #php #technology #OpenSource #POSIX

@Radio_Azureus

https://github.com/xsawyerx/curl-doom #HTTP server rendering #DOOM frames into #ANSI half-blocks, streamed to the terminal over HTTP with #curl

No install, no dependencies except #curl and #bash ( #linux )

It is incorrect to "normalize" // in HTTP URL paths

https://runxiyu.org/comp/doubleslash/

#HackerNews #normalize #HTTP #URL #paths #doubleslash #webdevelopment #technews #coding

Direct-Sys Loader and CGrabber Stealer Five-Stage Malware Chain

A sophisticated five-stage malware operation delivers two new malware families: Direct-Sys Loader and CGrabber Stealer. The attack begins with ZIP archives distributed via GitHub user attachment URLs, exploiting a legitimate Microsoft-signed binary (Launcher_x64.exe) for DLL sideloading. Direct-Sys Loader employs ChaCha20 encryption, direct syscall execution, and multiple anti-analysis checks including text file verification, enumeration of 67 analysis tool processes, and hypervisor detection. CGrabber Stealer collects extensive system metadata, browser credentials, cryptocurrency wallets, password managers, VPN configurations, and application artifacts from over 150 applications and extensions. The stealer excludes CIS region systems and uses ChaCha20 encryption with HMAC SHA256 authentication for data exfiltration via custom HTTP headers. Both families share identical cryptographic implementations, suggesting common development origin and representing operationally mature infrastructure designed for larg...

Pulse ID: 69e1fb9b3bbb36c5db446094
Pulse Link: https://otx.alienvault.com/pulse/69e1fb9b3bbb36c5db446094
Pulse Author: AlienVault
Created: 2026-04-17 09:21:31

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #ChaCha20 #CyberSecurity #Encryption #GitHub #HTTP #InfoSec #Mac #Malware #Microsoft #OTX #OpenThreatExchange #Password #RAT #SideLoading #VPN #Word #ZIP #bot #cryptocurrency #AlienVault

Sniffnet sieht prima aus und zeigt dir in Echtzeit, was dein Gerät im Netz treibt: Verbindungen, Ziele, Traffic-Muster. Open Source, plattformübergreifend, ohne Cloud-Zwang. 👍

Aber: Inhalte liest es nicht mit. HTTPS bleibt verschlüsselt. Für echte Analyse brauchst du Tools wie Wireshark oder MitM-Ansätze.

Fazit: Gutes Monitoring-Tool – aber kein Forensik-Werkzeug. 👇

https://github.com/GyulyVGC/sniffnet

#HTTP #HTTPS #Wireshark #Sniffnet #MITM #Netzwerk #Network #Security #Sicherheit #Datenschutz #Privacy

/kuk

[Перевод] Создаём брандмауэр при помощи eBPF и контрольных групп

Технология eBPF — интересная штука. С её помощью можно без труда внедрять в ядро Linux фрагменты кода, которые затем компилируются в коды операций (опкоды), которые гарантированно не обрушат работу ядра. Набор допустимых инструкций ограничен, переходы назад не допускаются (поэтому не будет никаких неопределённых циклов). При этом вы не можете разыменовывать указатели, но вместо этого можете выполнять проверяемые операции считывания через указатели, которые потенциально могут оказаться неудачными, но при этом не спровоцируют паник на всю систему. eBPF в ядре Linux можно закреплять в тысячах хуков (точек перехвата), в качестве которых могут выступать u-пробы, k-пробы, точки трассировки и даже такие штуки как отказы страниц. У eBPF есть целый спектр захватывающих возможностей, которые при этом очень активно разрабатываются. Фичи, поддерживаемые в каждой конкретной версии ядра, перечислены в виде списка по этому адресу .

https://habr.com/ru/companies/timeweb/articles/1022028/

#timeweb_статьи_перевод #ebpf #linux #брандмауэр #mkdir #ядро_linux #tls #интернет #http #программирование

REST API: гайд по проектированию от принципов до боевых кейсов

Проектируете REST API и всё ещё используете 200 OK для ошибок? А знаете, почему неправильные статус-коды могут убить производительность и как всего один кейс с TSB Bank показал цену плохого анализа? В этой статье разбираем реальные принципы REST, модель зрелости Ричардсона.Полезно всем, кто пишет бэкенд или проектирует микросервисы.

https://habr.com/ru/companies/otus/articles/1008370/

#архитектура #REST_API #проектирование_API #HTTP #микросервисы #OpenAPI #статускоды

Как тестировать API прямо в IDE, или почему я больше не использую Postman

Postman используют миллионы разработчиков — и не зря. Удобный интерфейс, коллекции, окружения, командный доступ. О чём еще мечтать? Но если вы большую часть дня проводите в IDE, у этого подхода есть один постоянный friction point: нужно переключаться. Открыть Postman, вспомнить, где нужный запрос, скопировать токен из консоли, вставить руками. Потом вернуться обратно. И так по кругу. В этой статье разберем альтернативный HTTP-клиент, который встроен прямо в IDE и его возможности для тестирования API.

https://habr.com/ru/companies/haulmont/articles/1018588/

#java #spring #openide #httpклиент #тестирование #rest #http #kotlin #автотесты #qa

Как тестировать API прямо в IDE, или почему я больше не использую Postman

Postman используют миллионы разработчиков — и не зря. Удобный интерфейс, коллекции, окружения, командный доступ. О чём еще мечтать? Но если вы большую часть дня проводите в IDE, у этого подхода есть один постоянный friction point: нужно переключаться. Открыть Postman, вспомнить, где нужный запрос, скопировать токен из консоли, вставить руками. Потом вернуться обратно. И так по кругу. В этой статье разберем альтернативный HTTP-клиент, который встроен прямо в IDE и его возможности для тестирования API.

https://habr.com/ru/companies/haulmont/articles/1018588/

#java #spring #openide #httpклиент #тестирование #rest #http #kotlin #автотесты #qa

Как тестировать API прямо в IDE, или почему я больше не использую Postman

Postman используют миллионы разработчиков — и не зря. Удобный интерфейс, коллекции, окружения, командный доступ. О чём еще мечтать? Но если вы большую часть дня проводите в IDE, у этого подхода есть один постоянный friction point: нужно переключаться. Открыть Postman, вспомнить, где нужный запрос, скопировать токен из консоли, вставить руками. Потом вернуться обратно. И так по кругу. В этой статье разберем альтернативный HTTP-клиент, который встроен прямо в IDE и его возможности для тестирования API.

https://habr.com/ru/companies/haulmont/articles/1018588/

#java #spring #openide #httpклиент #тестирование #rest #http #kotlin #автотесты #qa

Как тестировать API прямо в IDE, или почему я больше не использую Postman

Postman используют миллионы разработчиков — и не зря. Удобный интерфейс, коллекции, окружения, командный доступ. О чём еще мечтать? Но если вы большую часть дня проводите в IDE, у этого подхода есть один постоянный friction point: нужно переключаться. Открыть Postman, вспомнить, где нужный запрос, скопировать токен из консоли, вставить руками. Потом вернуться обратно. И так по кругу. В этой статье разберем альтернативный HTTP-клиент, который встроен прямо в IDE и его возможности для тестирования API.

https://habr.com/ru/companies/haulmont/articles/1018588/

#java #spring #openide #httpклиент #тестирование #rest #http #kotlin #автотесты #qa

Model Context Protocol (MCP) je dnes jedním z nejrychleji rostoucích standardů pro integraci LLM modelů s nástroji a servery. Oficiální C# SDK právě dosáhlo stabilní verze 1.0 s plnou podporou specifikace 2025-11-25. Pojďme se podívat, co nového přináší.