The consensus seems to be: models don't matter...
A quick list of indirect prompt injection examples Google came across: AI threats in the wild: The current state of prompt injections on the web.
A great list of persistence methods for AD and Windows: Persistence Atlas: 19 Techniques Nobody Talks About.
RCE on github.com using a single git push.: Securing GitHub: Wiz Research uncovers RCE in GitHub.com.
Niels Provos leveraging IronCurtain (and its vuln-discovery workflow) to find vulnerabilities: Finding Zero-Days with Any Model.
A great write-up from liveoverflow on why small models may be a better solution: Why Mythos doesn't matter (for us).
␖ HAProxy HTTP/3 -> HTTP/1 Desync: Cross-Protocol Smuggling via a Standalone QUIC FIN (CVE-2026-33555)
0It's rare to see this level of details in a blog post. Too Long, Must Read: HAProxy HTTP/3 -> HTTP/1 Desync: Cross-Protocol Smuggling via a Standalone QUIC FIN (CVE-2026-33555).
📬 Never Miss Quality Security Research
Get these curated picks delivered to your inbox every week:
- Hand-picked vulnerability research
- Practical security insights
- CVE deep-dives worth your time
- No fluff, just signal
Want to build these skills hands-on?
PentesterLab has 700+ real-world labs on web hacking, code review, and vulnerability analysis. Start with a free account.
