π€ AI threats in the wild: The current state of prompt injections on the web β’ πͺ Persistence Atlas: 19 Techniques Nobody Talks About β’ π³ Securing GitHub: Wiz Research uncovers RCE in GitHub.com
π The zero-days are numbered β’ π High-Quality Chaos β’ πͺ‘ Needle in the haystack: LLMs for vulnerability research
Back when I worked in appsec, I wrote the same tool twice for two different companies. Both times it was a ...
π€ Lessons Learned From RITSEC CTF β’ πΌ Fail Open, Game Over: Turning a One-Line Tomcat Fix into Unauthenticated RCE β’ π€ I Let Claude Opus Write a Chrome Exploit
πΎ GDDRHammer and GeForge: GPU Rowhammer Now Achieves Full System Compromise β’ π€ Assessing Claude Mythos Previewβs cybersecurity capabilities
β¨ ImageMagick: From Arbitrary File Read to File Write In Every Policy β’ π§π»βπ» Leveling Up Secure Code Reviews with Claude Code β’ π€ Vulnerability Research Is Cooked
Everyone is panicking about AI-generated zero days. They should be paying attention to the other side of the equation. Anthropic recently ...
βοΈ Remote Command Execution in Google Cloud with Single Directory Deletion
π€ Testing AI for Vulnerability Research: 4 Approaches & Where I Failed β’ π οΈ Hyoketsu β Solving the Vendor Dependency Problem in RE β’ π§ Sashiko
As part of our CVE monitoring, we came across GHSA-pcq9-mq6m-mvmp (CVE-2025-68402), an authentication bypass in FreshRSS, a self-hosted RSS aggregator. It ...
π IronCurtain: A Personal AI Assistant Built Secure from the Ground Up β’ π₯ mitmproxy for fun and profit: Interception and Analysis of Application Traffic β’ βοΈβπ₯ Authentication Bypass in pac4j
π» Browser-Based Port Scanning in the Age of LNA β’ πͺ 100+ Kernel Bugs in 30 Days β’ βοΈ vinext: Vibe-Hacking Cloudflare's Vibe-Coded Next.js Replacement
More and more, with the progress of coding agents, people are rewriting software.And honestly, it looks easy. You write a good ...