Depending on the target and the severity of the vulnerability the vendor might consider fixing the vulnerability even if EOL.

If the target is an IOT device the vulnerability will likely be mass exploited to create a botnet.

The U.S. government recently ‘took control’ of a botnet run by Chinese government hackers made of 260,000 Internet of Things devices... (Source: https://techcrunch.com/2024/09/18/u-s-government-took-contro...)

"Although the term "zero-day" initially referred to the time since the vendor had become aware of the vulnerability, zero-day vulnerabilities can also be defined as the subset of vulnerabilities for which no patch or other fix is available." - Source: https://en.wikipedia.org/wiki/Zero-day_vulnerability

I found that Anthony Fu's QR Toolkit is a great alternative: https://qrcode.antfu.me/

Is there a ublock origin list that can be used to filter those websites ?

There is uBlacklist you can use to remove all these sites from search results

Martin Vigo's article discusses the security vulnerabilities in password reset options for various websites and how these can lead to the exposure of personal phone numbers. Vigo highlights that during a password reset process, websites often partially reveal the user's phone number. This partial display varies across websites; some show the last four digits, others the first, and so on. By initiating password resets across different sites, one can potentially piece together most of the digits of a phone number just from an email address.

... just an email address, and publicly available information on the phone numbering system assignments + strategies.

It's clearly AI generated, blatantly so.

It is but it was proofread by a human with expertise in the domain, and honestly I wouldn't have done better in such a short amount of words. If someone wants to know more they better read the article which I did to make sure the generated text wasn't bullcrap :)

I came to say the same thing ^^ Check: https://galactic.run/ for a web implementation :)

I love this game and made a web-based solver that can also be used as a game board in a pinch.

https://ricochetrobots.kevincox.ca/

“using advanced cloud-specific knowledge to exploit complex cloud infrastructure" = Checking if an environment variable is set

If you are using an up to date version of Firefox, Edge or Chrome it defaults to Lax. The exceptions are Safari, IE and Safari for IOS. I don't think this is worth a 8.1 CVSS.

Source: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Se...

How to solve why the server crashed using the 5 Whys: https://vooza.com/videos/the-5-whys/

An example would be to be able to read source code in different languages (Java, PHP, JavaScript, C#) and be able to identify, chain vulnerabilities and write an exploit script to automate everything.

You can find the syllabus here: https://www.offensive-security.com/awae-oswe/

You're suggesting you might consider getting OSWE in order to learn appsec?

I would not recommend OSWE to learn appsec since it is teaching "Advanced Web Attacks" and assume that you know the basics.

Something that is really interesting I think is the whitebox approach that some people in infosec might be missing if they don't come from a developer background and never botherered looking at the code introducing the vulnerabilities.

If you want to learn appsec I recommend Web Security Academy: https://portswigger.net/web-security

PortSwigger is great. Certifications, on the other hand, are not a good way to learn appsec.