22 Feb 2026

Java x2, Go, JWT and a sprinkling of AI

🦫 CTFtime.org / justCTF [*] 2020 / Go-fs / Writeup
1

A cool Golang quirk via an unintended CTF solution CTFtime.org / justCTF [*] 2020 / Go-fs / Writeup.

☕️ Almost Impossible: Java Deserialization Through Broken Crypto in OpenText Directory Services
2

What an adventure in Java Deserialisation... Almost Impossible: Java Deserialization Through Broken Crypto in OpenText Directory Services.

😱 Vulnerability Disclosure: JWT Authentication Bypass in OpenID Connect Authenticator for Tomcat
3

The exact same vulnerability I found in HarbourJWT but in a much cooler target, still not fixed... Vulnerability Disclosure: JWT Authentication Bypass in OpenID Connect Authenticator for Tomcat.

☕️ CVE-2026-0603: Second-Order SQL Injection in Hibernate UPDATE/DELETE (InlineIdsOrClauseBuilder)
1

A bit of a stretch but an interesting insight into Hibernate: CVE-2026-0603: Second-Order SQL Injection in Hibernate UPDATE/DELETE (InlineIdsOrClauseBuilder).

🤖 Using threat modeling and prompt injection to audit Comet
2

The team at Trail of Bits is sharing some key learnings from their audit of Comet (AI browser) Using threat modeling and prompt injection to audit Comet.

📬 Never Miss Quality Security Research

Get these curated picks delivered to your inbox every week:

  • Hand-picked vulnerability research
  • Practical security insights
  • CVE deep-dives worth your time
  • No fluff, just signal
Subscribe for Free →
Photo of PentesterLab
PentesterLab
The platform to learn web hacking and security code review
X LinkedIn
Related Posts