26 Jan 2026

LLMs, WAF Bypass, LLMs...

🤯 On the Coming Industrialisation of Exploit Generation with LLMs
1

A great article, definitely worth a read. It’s also worth looking through the linked GitHub repository to learn a few tricks On the Coming Industrialisation of Exploit Generation with LLMs.

🚨 Cloudflare Zero-day: Accessing Any Host Globally
0

It feels like /.well-known/ isn’t that well known by WAFs… What I really like about this post is that it highlights one of the key tricks for finding vulnerabilities: “What routine tasks may open a security hole.” Cloudflare Zero-day: Accessing Any Host Globally.

🤖 Claude Magic String Denial of Service
0

I initially saw that trick on LinkedIn, but this article gets into much more detail. The magic string that "breaks" Claude Claude Magic String Denial of Service.

🤖 AI-supported vulnerability triage with the GitHub Security Lab Taskflow Agent
1

GitHub Security Lab explains how they built an LLM taskflow system to triage CodeQL alerts: small, repeatable tasks, stored intermediate state, MCP tools for deterministic checks, and GitHub Issues as review checkpoints AI-supported vulnerability triage with the GitHub Security Lab Taskflow Agent.

📬 Never Miss Quality Security Research

Get these curated picks delivered to your inbox every week:

  • Hand-picked vulnerability research
  • Practical security insights
  • CVE deep-dives worth your time
  • No fluff, just signal
Subscribe for Free →
Photo of PentesterLab
PentesterLab
The platform to learn web hacking and security code review
X LinkedIn
Related Posts