PentesterLab's Blog: Insights, weekly research highlights, and deep dives into web security, code review, and pentesting.

RSS
Filter: All Research APPSEC AuthZ CAREER Code Review Insight JWT PENTESTING
Weekly Research

Research Worth Reading - Week 14, 2026

✨ ImageMagick: From Arbitrary File Read to File Write In Every Policy β€’ πŸ§‘πŸ»β€πŸ’» Leveling Up Secure Code Reviews with Claude Code β€’ πŸ€– Vulnerability Research Is Cooked

PentesterLab Apr 13, 2026
Weekly Research

Research Worth Reading - Week 13, 2026

☁️ Remote Command Execution in Google Cloud with Single Directory Deletion

PentesterLab Mar 29, 2026
Weekly Research

Research Worth Reading - Week 12, 2026

πŸ€– Testing AI for Vulnerability Research: 4 Approaches & Where I Failed β€’ πŸ› οΈ Hyoketsu – Solving the Vendor Dependency Problem in RE β€’ 🐧 Sashiko

PentesterLab Mar 22, 2026
Weekly Research

Research Worth Reading - Week 10, 2026

πŸ”’ IronCurtain: A Personal AI Assistant Built Secure from the Ground Up β€’ πŸš₯ mitmproxy for fun and profit: Interception and Analysis of Application Traffic β€’ ⛓️‍πŸ’₯ Authentication Bypass in pac4j

PentesterLab Mar 8, 2026
Weekly Research

Research Worth Reading - Week 9, 2026

πŸ’» Browser-Based Port Scanning in the Age of LNA β€’ πŸͺŸ 100+ Kernel Bugs in 30 Days β€’ β›ˆοΈ vinext: Vibe-Hacking Cloudflare's Vibe-Coded Next.js Replacement

PentesterLab Mar 1, 2026
Weekly Research

Research Worth Reading - Week 8, 2026

🦫 CTFtime.org / justCTF [*] 2020 / Go-fs / Writeup β€’ β˜•οΈ Almost Impossible: Java Deserialization Through Broken Crypto in OpenText Directory Services β€’ 😱 Vulnerability Disclosure: JWT Authentication Bypass in OpenID Connect Authenticator for Tomcat

PentesterLab Feb 22, 2026
Weekly Research

Research Worth Reading - Week 7, 2026

⨐ Breaking Down CVE-2026-25049: How TypeScript Types Failed n8n's Security β€’ βš’οΈ Introducing Augustus: Open Source LLM Prompt Injection Tool β€’ 🀺 When Two Parsers Disagree: Exploiting Query String Differentials for XSS

PentesterLab Feb 16, 2026
Weekly Research

Research Worth Reading - Week 6, 2026

πŸ€– Semgrep's Agent Skills β€’ 🀿 Shaking the MCP Tree: A Security Deep Dive β€’ πŸ€– Evaluating and mitigating the growing risk of LLM-discovered 0-days

PentesterLab Feb 8, 2026
Weekly Research

Research Worth Reading Week 05/2026

πŸͺŸ Corrupting the Hive Mind: Persistence Through Forgotten Windows Internals β€’ ␛ On the clock: Escaping VMware Workstation at Pwn2Own Berlin 2025 β€’ πŸͺ² Insecure Defaults Detection

PentesterLab Feb 2, 2026
Weekly Research

Research Worth Reading Week 04/2026

🀯 On the Coming Industrialisation of Exploit Generation with LLMs β€’ 🚨 Cloudflare Zero-day: Accessing Any Host Globally β€’ πŸ€– Claude Magic String Denial of Service

PentesterLab Jan 26, 2026
Weekly Research

Research Worth Reading Week 03/2026

πŸ€– AI models are showing a greater ability to find and exploit vulnerabilities on realistic cyber ranges β€’ πŸ΄β€β˜ οΈ Pwning Claude Code in 8 Different Ways β€’ πŸ” The State of OpenSSL for pyca/cryptography

PentesterLab Jan 18, 2026
Weekly Research

Research Worth Reading Week 01/2026

πŸ’§ Cross-Site ETag Length Leak β€’ πŸ› οΈ Detect Go's silent arithmetic bugs with go-panikint β€’ πŸ’Ž Ruby Array Pack Bleed

PentesterLab Jan 6, 2026