Research Worth Reading Week 36/2025

Published: 08 Sep 2025

A good mix of everything to please everyone: CVEs, AI, Integrity Bypass and Unicode

🛠 ksmbd - Fuzzing Improvements and Vulnerability Discovery (2/3)

The Doyensec team is following up on their research against ksmbd. It’s raining CVEs! https://blog.doyensec.com/2025/09/02/ksmbd-2.html

🔐 Subverting Code Integrity Checks to Locally Backdoor Signal, 1Password, Slack, and More

Another great post from the Trail of Bits team on attacking code integrity in Electron-based applications: https://blog.trailofbits.com/2025/09/03/subverting-code-integrity-checks-to-locally-backdoor-signal-1password-slack-and-more/

📰 In4m: Keeping up with the Latest Infosec News

The Kulkan team just released a new tool to help you keep up with the Kardashian^wlatest infosec news: https://blog.kulkan.com/in4m-keeping-up-with-the-latest-infosec-news-ff4a045cf8a9

🤖 Executive Offense - Building AI Hackbots, Part 1

A great post from Jason Haddix’s newsletter on how to build Hackbots: https://executiveoffense.beehiiv.com/p/ai-hackbots-part-1

🍪 Cookie Chaos: How to Bypass __Host and __Secure Cookie Prefixes

A great post on bypassing __Host cookies by leveraging Unicode: https://portswigger.net/research/cookie-chaos-how-to-bypass-host-and-secure-cookie-prefixes

Photo of PentesterLab
Written by PentesterLab
The platform to learn web hacking and security code review
Related Blog Post