Iran is taking cybersecurity awareness month seriously.
Root escalation for PHP-FPM (all nginx PHP and some apache PHP installs) from low privilege users, like www-data!
The QUIC API OpenSSL will not provide https://daniel.haxx.se/blog/2021/10/25/the-quic-api-openssl-will-not-provide/ - my write-up about the current situation.
block tracking cookies in the name of privacy, but actually just block non-google tracking cookies. forcing everyone to advertise through Google, in return getting access to data from chrome and android. Google inserts itself into basically every internet business. chilling.
New browser Sanitizer API removes dangerous content like scripts from HTML. Won't the obvious use case be "user types in comment to news site, onsubmit runs it through sanitizer before upload" in which case "hacker just skips the client-side sanitization"?
so there are magical hidden magic text code shortcuts which just randomly do things and aren't documented or surfaced in the interface, and Sagan help you if you actually WANTED to type '###' as your literally text content
that's not an annoying modern UI trend at all