Your website has clickjacking idk why I wanted to contact you but couldn't find contact details. My Signal: samueldashadrach.02

🕵️‍♂️🔍🛠️ Ghost Eye | 14 módulos de recon y footprinting en un solo menú Python DNS Lookup, Whois, Nmap Port Scan, Clickjacking Test (X-Frame-Options), CMS Detection, Crawler Robots.txt, Certificate Transparency y más. #OSINT #EthicalHacking #Pentest #Cybersecurity #Python #Recon

Just my two cents . YOU'RE WELCOME Hardening Improvements Protection No website application firewall detected. Please install a cloud-based WAF to prevent website hacks and DDoS attacks. Security Headers Missing security header for ClickJacking Protection. Alternatively, you can use Content-Security-Policy: frame-ancestors 'none'. Missing security header to prevent Content Type sniffing. Missing Content-Security-Policy directive. We recommend to add the following CSP directives (you can use default-src if all values are the same): script-src, object-src, base-uri, frame-src

An attacker registers a domain that visually resembles a legitimate company’s website using similar-looking Unicode characters. What type of attack is this? A. ARP Spoofing B. Homograph Attack C. Clickjacking D. DNS Amplification

👨🏻‍💻 Did you know that it’s possible to perform RCE in Internet Explorer via clickjacking? Igor Sak-Sakovsky's (@Psych0tr1a) new article will explain how! swarm.ptsecurity.com/the-cli…

built HeaderGuard — paste any URL, instant HTTP security report free, no signup → header-scanner-e3s2.vercel.a… #webdev #appsec HTTP headers = first line of defence for any website missing one can expose you to XSS, clickjacking and more small config, big impact

An attacker publishes a package called “reqeust” hoping developers install it instead of “request”. What type of attack is this? A. Dependency Confusion B. Typosquatting C. DLL Hijacking D. Clickjacking

@AskVenice might be worth doing a DNS security audit and also disallowing embedding of your site via iframe. there was someone in your replies yesterday that was able to use a venice.ai domain as a redirect to a spam site. clickjacking could also be a concern.

🖥 RCE via Clickjacking in Internet Explorer A researcher from the PT SWARM team describes a chain of vulnerabilities in Internet Explorer and its WebBrowser component that enables remote code execution via clickjacking. The core issue lies in the fact that Internet Explorer allows interaction with local files ("file://") from the "http://localhost" context, as well as in the behavior of ActiveX components (e.g., "Shell.Explorer.2"). The exploitation combines XSS and clickjacking: an attacker places an invisible iframe (e.g., pointing to an SMB share or archive) that follows the user’s cursor. As a result, user clicks are effectively redirected to a hidden element, triggering execution of a file (for example, from a ZIP archive). Despite the presence of security prompts, the chain can be escalated to RCE with just a few clicks, and in some scenarios without additional restrictions when interacting with local resources. 📎 Article: swarm.ptsecurity.com/the-cli… #dbugs_attacks