Ruby Gadget, TOCTOU in C# and deserialisation ...
💎 New Method to Leverage Unsafe Reflection and Deserialisation to RCE on Rails
Great post from Elttam on a new Ruby-on-Rails gadget they discovered: New Method to Leverage Unsafe Reflection and Deserialisation to RCE on Rails.
﹟Understanding and Mitigating TOCTOU Vulnerabilities in C# Applications
A great article on Time of Check and Time of Use in C#: Understanding and Mitigating TOCTOU Vulnerabilities in C# Applications.
🪲 Sitecore: Unsafe Deserialisation Again! (CVE-2025-27218)
The AssetNote team published their first write-up in their new home: Sitecore: Unsafe Deserialisation Again! (CVE-2025-27218). Time to update your bookmarks...
Related Blog Posts