Do you find consistent use of "security.txt" on web servers?
After too many years of running web servers I've been doing a curiosity review of web server log files to gather a list of common exploit attempts. Among the many common patterns found so far, there are consistent hits for the file "/.well-known/security.txt" or simply "/security.txt". (It is a text
ORIGINAL SOURCE →via Reddit r/cybersecurity
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] GHSA-9J88-VVJ5-VHGR: GHSA-9j88-vvj5-vhgr: STARTTLS Response Injection and SASL Downgrade in MailKit
- [CYBER] Apple account change alerts abused to send phishing emails
- [CYBER] Vercel Says Internal Systems Hit in Breach
- [CYBER] Vercel Says Internal Systems Hit in Breach
- [CYBER] Three Vulnerabilities That Quietly Rewrote the Threat Model in 2025
- [CYBER] Found and reported a Second-Order SQL Injection in mailcow (CVE-2026-40871) – High severity