@shellsharks Hey, do you happen to know of any #IndieSec webrings? 👀

Just posted my new article on another client-side remote code execution bug I found in Google Web Designer back in February, tracked as CVE-2025-4613, fixed in an April release. Enjoy the write-up!

https://bm.gy/gwdrce2

#Cybersecurity #Security #InfoSec #IndieSec #Vulnerability #CVE

New article with many personal firsts:
- First bug on Google's Vulnerability Reward Program
- First remote code execution bug
- First 5-figure bug bounty
- First CVE

What a ride.

https://bm.gy/gwdrce

#Cybersecurity #InfoSec #Security #Vulnerability #BugBounty #IndieSec #IndieWeb #SmallWeb

Ok, I scrambled and am getting the v1 of this Fedi-native starter pack out. Here is my “#IndieSec" #starterpack.

https://fedidevs.com/s/MjQ/

It features #infosec / #cybersecurity folks that are active here. No corpo accounts, no bots, no influencers.

I KNOW I've missed people, so ping me if you want to be added. Or just post something as you usually would and Ill probably grab ya. If you want to be removed, ping me. The list maxes at 150 so eventually I'll have to start a sequel pack.

@tchambers @stefan I've been toying with a bunch of "starter pack” ideas for a while now...

- The #fediroll: https://shellsharks.com/notes/2024/04/22/fediroll (https://shellsharks.social/@shellsharks/112316258053751977)
- My Masto "Starter Pack": https://shellsharks.com/notes/2023/10/20/infosec-mastodon-starter-pack
- The #indiesec #mammoth "Smart List” (and .csv export) https://shellsharks.com/notes/2024/03/21/mammoth-indiesec-smart-list (admittedly I need to udpate this)
- Fedi Power-boosters: https://shellsharks.com/notes/2024/03/26/power-boosters-of-the-fediverse
- Fedi artists: https://shellsharks.com/notes/2024/08/30/favorite-fedi-artists
- Fav bots: https://shellsharks.com/notes/2024/01/06/bots-in-space
- Cool instance accounts: https://shellsharks.com/notes/2024/03/29/the-whimsical-corners-of-the-fediverse

If you are in #infosec / #cybersecurity and looking for an easier way to follow interesting infosec accounts that are relatively high signal-to-noise without having to scour the Fediverse, consider checking out the #mammoth Mastodon client and subscribing to the new #indiesec Smart List! Smart Lists are a unique feature pioneered by Mammoth which offers curated lists of accounts in a number of different subject areas.

To start, the IndieSec Smart List (curated by yours truly) features 50 independent security researchers /professionals across many infosec sub-disciplines. I will continue to maintain this list and add new accounts in the coming weeks (I have a whole backlog of accounts I'd like to see added). Over time, this list will seek to feature many accounts that are lower-volume, but high-quality in terms of content. Surfacing harder-to-find accounts (by doing hours of scrolling and curation) is one more way we as a community are improving #discoverability across the network.

Thanks to the @mammoth team and @bart for working with me on this new list. If you have any questions about the list feel free to drop me a message!

Edit: I should add - you can see everyone who is featured on this list here https://github.com/shellsharks/assorted/blob/master/resources/mammoth-indiesec.csv. When new accounts are added, they too will be represented there.