As part of our CVE monitoring, we came across GHSA-pcq9-mq6m-mvmp (CVE-2025-68402), an authentication bypass in FreshRSS, a self-hosted RSS aggregator. It ...
It all started with a CVE. It feels like it always does đ. CVE-2025-54887 (CVSS 9.1) disclosed a missing GCM authentication ...
TL;DR: You donât need a fresh 0-day to prove you can hack. Break down existing vulnerabilities and security mechanisms instead. Youâll ...
Enumeration is where every great hack starts. Our Recon Badge gives you a realistic playground to master those first, crucial steps ...
The Perceived HierarchyIn the world of offensive security, many people view security research as the ultimate goal, a prestigious badge of ...
When talking with security folks about the benefits of running an internal Capture the Flag (CTF) event or signing developers up ...
I often get asked about pentesting and code review methodologies. It seems like people are hoping for a secret sauce that ...
We recently released a lab on MongoDB IDOR and how to guess ObjectIds. Basically, you need to find the ObjectId of ...
With the new version of the famous OWASP Top 10 on the horizon, itâs a great time to talk about its ...
A secure password reset process is a cornerstone of account security for any web application. If not implemented correctly, it can ...
As we gear up for the new year, many of us reflect on how we can improve and grow. For those ...
Bug bounty hunting has become an exciting way to develop security skills, earn some extra income, and contribute to securing applications ...
Web hacking is a domain that rewards curiosity, persistence, and a hands-on approach to learning. To master the intricacies of web ...