As part of our CVE monitoring, we came across GHSA-pcq9-mq6m-mvmp (CVE-2025-68402), an authentication bypass in FreshRSS, a self-hosted RSS aggregator. It ...
As we gear up for the new year, many of us reflect on how we can improve and grow. For those ...
Bug bounty hunting has become an exciting way to develop security skills, earn some extra income, and contribute to securing applications ...
h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...
My friend Luke recently published a great blog post titled: The Ruby on Rails _json Juggling Attack. Please make sure you ...
I've read the source code of many JWT libraries—some might say, too many. In doing so, I've seen patterns of both ...
After my recent article on CORS Vulnerabilities in Go: Vulnerable Patterns and Lessons, I started exploring similar issues in Rust. Interestingly, ...
If you read this blog regularly, you know that I like looking at CVE. I do that to create labs and ...
When talking with aspiring hackers, bug bounty hunters, or application security engineers, it often feels that there’s some misunderstanding around encoding. ...
Web hacking is a domain that rewards curiosity, persistence, and a hands-on approach to learning. To master the intricacies of web ...
If you want to take your web skills to the next level, one tool you really need to master is curl. ...