As part of our CVE monitoring, we came across GHSA-pcq9-mq6m-mvmp (CVE-2025-68402), an authentication bypass in FreshRSS, a self-hosted RSS aggregator. It ...
In every field, people eventually hit plateaux in their progression. Security code review is no different. In this article, we explore ...
Tell a bit more about yourself? My name is Ryan Montgomery, also known in the cybersecurity world as 0day. I’ve been ...
JSON Web Tokens (JWT) are widely used for authentication in modern applications. As their use increases, so does the importance of ...
In this blog post, we are going to cover a strategy to help you get a job as a pentester or ...
Too often (me included), savvy code reviewers recommend to get started into code review by “Just reading code” and that is ...
I recently found a small issue in some TLS clients. More precisely, it is more of a difference between what happens ...
After reading this blog post on a bug in Github and Unicode, I started playing more and more with Unicode (even ...
Every week, our twitter account @PentesterLab publishes a list of articles worth-reading. This is the list of all the articles for ...
For a long time, I have been looking at solving a simple problem: be more efficient when scaling vulnerability research/bug hunting. ...
When building a Capture-The-Flag (for a conference), you need to have a good mix of very easy challenges and very hard ...
One of the common advice when trying to improve security at scale is to invest in QA. In this article, we ...
Since it’s something I’m really passionate about, I have decided to spend more time writing about application security at scale. Today ...