PentesterLab's Blog: Insights, weekly research highlights, and deep dives into web security, code review, and pentesting.

How "Strengthening Crypto" Broke Authentication: FreshRSS and bcrypt's 72-Byte Limit

As part of our CVE monitoring, we came across GHSA-pcq9-mq6m-mvmp (CVE-2025-68402), an authentication bypass in FreshRSS, a self-hosted RSS aggregator. It ...

By Louis Nyffenegger March 10, 2026 · 10 min read

Filter: All Research APPSEC AuthZ CAREER Code Review Insight JWT PENTESTING

Research Worth Reading Week 28/2025

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

PentesterLab Jul 14, 2025 · 1 min read

Research Worth Reading Week 25/2025

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

PentesterLab Jun 23, 2025 · 2 min read

Research Worth Reading Week 24/2025

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

PentesterLab Jun 15, 2025 · 2 min read

PENTESTING CAREER

Demonstrate Your Hacking Skills with N-Day Analysis & Security-Mechanism Deep Dives

TL;DR: You don’t need a fresh 0-day to prove you can hack. Break down existing vulnerabilities and security mechanisms instead. You’ll ...

Louis Nyffenegger Jun 9, 2025 · 5 min read

Research Worth Reading Week 23/2025

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

PentesterLab Jun 9, 2025 · 1 min read

PENTESTING

Sharpen Your Recon Skills for Free: Claim Our Free Recon Badge Today

Enumeration is where every great hack starts. Our Recon Badge gives you a realistic playground to master those first, crucial steps ...

PentesterLab Jun 3, 2025 · 5 min read

Research Worth Reading Week 22/2025

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

PentesterLab Jun 1, 2025 · 1 min read

Research Worth Reading Week 21/2025

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

PentesterLab May 25, 2025 · 1 min read

Research Worth Reading Week 20/2025

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

PentesterLab May 18, 2025 · 1 min read

Research Worth Reading Week 19/2025

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

PentesterLab May 11, 2025 · 1 min read

JWT

The Ultimate Guide to JWT Vulnerabilities and Attacks (with Exploitation Examples)

JSON Web Tokens (JWTs) are widely used for authentication, authorization, and secure information exchange in modern web applications. They're often used ...

Louis Nyffenegger May 5, 2025 · 33 min read

Research Worth Reading Week 18/2025

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

PentesterLab May 4, 2025 · 1 min read