Java x2, Go, JWT and a sprinkling of AI
đĻĢ CTFtime.org / justCTF [*] 2020 / Go-fs / Writeup
A cool Golang quirk via an unintended CTF solution CTFtime.org / justCTF [*] 2020 / Go-fs / Writeup. 0
âī¸ Almost Impossible: Java Deserialization Through Broken Crypto in OpenText Directory Services
What an adventure in Java Deserialisation... Almost Impossible: Java Deserialization Through Broken Crypto in OpenText Directory Services. 1
đą Vulnerability Disclosure: JWT Authentication Bypass in OpenID Connect Authenticator for Tomcat
The exact same vulnerability I found in HarbourJWT but in a much cooler target, still not fixed... Vulnerability Disclosure: JWT Authentication Bypass in OpenID Connect Authenticator for Tomcat. 2
âī¸ CVE-2026-0603: Second-Order SQL Injection in Hibernate UPDATE/DELETE (InlineIdsOrClauseBuilder)
A bit of a stretch but an interesting insight into Hibernate: CVE-2026-0603: Second-Order SQL Injection in Hibernate UPDATE/DELETE (InlineIdsOrClauseBuilder). 0
đ¤ Using threat modeling and prompt injection to audit Comet
The team at Trail of Bits is sharing some key learnings from their audit of Comet (AI browser) Using threat modeling and prompt injection to audit Comet. 1
đŦ Never Miss Quality Security Research
Get these curated picks delivered to your inbox every week:
- Hand-picked vulnerability research
- Practical security insights
- CVE deep-dives worth your time
- No fluff, just signal
