As part of our CVE monitoring, we came across GHSA-pcq9-mq6m-mvmp (CVE-2025-68402), an authentication bypass in FreshRSS, a self-hosted RSS aggregator. It ...
π€― On the Coming Industrialisation of Exploit Generation with LLMs β’ π¨ Cloudflare Zero-day: Accessing Any Host Globally β’ π€ Claude Magic String Denial of Service
I didn't know Harbour even existed as a language when I found this bug. The fun part is that I also ...
π€ AI models are showing a greater ability to find and exploit vulnerabilities on realistic cyber ranges β’ π΄ββ οΈ Pwning Claude Code in 8 Different Ways β’ π The State of OpenSSL for pyca/cryptography
π§ Cross-Site ETag Length Leak β’ π οΈ Detect Go's silent arithmetic bugs with go-panikint β’ π Ruby Array Pack Bleed
A quieter week that perfectly fits the two deep dives! π ORM Leaking More Than You Joined For The latest opus ...
SAML bypasses & LLM-assisted crash triage. π The Fragile Lock: Novel Bypasses for SAML Authentication Ruby SAML falls again. An extraordinary ...
WAF bypasses, CVE research & constant-time crypto. β° Introducing constant-time support for LLVM to protect cryptographic code Trail of Bits explains ...
Articles worth reading discovered last week. This week feels like a giant "how to find your own CVE"... π€ An Evening ...
Android, Request Smuggling and Markdown Sanitizer! πΈ Pixnapping Attack It has been a while since the last vulnerability with its own ...
Busy week: Android, Django and MCP! π€ Runtime Android Object Instrumentation A great write-up on runtime instrumentation for Android using SQLite ...
Passports, WIFI and AI-SAST! π The cryptography behind electronic passports A great write-up on the security of electronic passports using a ...
Another great week! π§ CSP Bypass Search What if there was a place you could copy/paste a CSP policy and instantly ...