🤖 AI threats in the wild: The current state of prompt injections on the web • 🪟 Persistence Atlas: 19 Techniques Nobody Talks About • 😳 Securing GitHub: Wiz Research uncovers RCE in GitHub.com
💧 Cross-Site ETag Length Leak • 🛠️ Detect Go's silent arithmetic bugs with go-panikint • 💎 Ruby Array Pack Bleed
A quieter week that perfectly fits the two deep dives! 📚 ORM Leaking More Than You Joined For The latest opus ...
SAML bypasses & LLM-assisted crash triage. 🔒 The Fragile Lock: Novel Bypasses for SAML Authentication Ruby SAML falls again. An extraordinary ...
WAF bypasses, CVE research & constant-time crypto. ⏰ Introducing constant-time support for LLVM to protect cryptographic code Trail of Bits explains ...
Articles worth reading discovered last week. This week feels like a giant "how to find your own CVE"... 🤖 An Evening ...
Android, Request Smuggling and Markdown Sanitizer! 📸 Pixnapping Attack It has been a while since the last vulnerability with its own ...
Busy week: Android, Django and MCP! 🤖 Runtime Android Object Instrumentation A great write-up on runtime instrumentation for Android using SQLite ...
Passports, WIFI and AI-SAST! 🛂 The cryptography behind electronic passports A great write-up on the security of electronic passports using a ...
Another great week! 🧠 CSP Bypass Search What if there was a place you could copy/paste a CSP policy and instantly ...
Security code review doesn't have to be intimidating. In Go codebases, certain patterns appear repeatedly. These mistakes are easy to spot ...
AI, AI, SSRF-XSLT! 🤖 Building the Leading Open-Source Pentesting Agent: Architecture Lessons from XBOW Benchmark The latest write-up on how to ...
ADB and JWT, a quiet but interesting week! 🚙 Technical Advisory: Tesla Telematics Control Unit - ADB Auth Bypass Learn how ...