PentesterLab's Blog: Insights, weekly research highlights, and deep dives into web security, code review, and pentesting.

RSS
Filter: All Research APPSEC AuthZ CAREER Code Review Insight JWT PENTESTING
Weekly Research

Research Worth Reading - Week 10, 2026

🔒 IronCurtain: A Personal AI Assistant Built Secure from the Ground Up • 🚥 mitmproxy for fun and profit: Interception and Analysis of Application Traffic • ⛓️‍💥 Authentication Bypass in pac4j

PentesterLab Mar 8, 2026
Weekly Research

Research Worth Reading - Week 9, 2026

💻 Browser-Based Port Scanning in the Age of LNA • 🪟 100+ Kernel Bugs in 30 Days • ⛈️ vinext: Vibe-Hacking Cloudflare's Vibe-Coded Next.js Replacement

PentesterLab Mar 1, 2026
Weekly Research

Research Worth Reading - Week 8, 2026

🦫 CTFtime.org / justCTF [*] 2020 / Go-fs / Writeup • ☕️ Almost Impossible: Java Deserialization Through Broken Crypto in OpenText Directory Services • 😱 Vulnerability Disclosure: JWT Authentication Bypass in OpenID Connect Authenticator for Tomcat

PentesterLab Feb 22, 2026
Weekly Research

Research Worth Reading - Week 7, 2026

⨐ Breaking Down CVE-2026-25049: How TypeScript Types Failed n8n's Security • ⚒️ Introducing Augustus: Open Source LLM Prompt Injection Tool • 🤺 When Two Parsers Disagree: Exploiting Query String Differentials for XSS

PentesterLab Feb 16, 2026
Weekly Research

Research Worth Reading - Week 6, 2026

🤖 Semgrep's Agent Skills • 🤿 Shaking the MCP Tree: A Security Deep Dive • 🤖 Evaluating and mitigating the growing risk of LLM-discovered 0-days

PentesterLab Feb 8, 2026
Weekly Research

Research Worth Reading Week 05/2026

🪟 Corrupting the Hive Mind: Persistence Through Forgotten Windows Internals • ␛ On the clock: Escaping VMware Workstation at Pwn2Own Berlin 2025 • 🪲 Insecure Defaults Detection

PentesterLab Feb 2, 2026
Weekly Research

Research Worth Reading Week 04/2026

🤯 On the Coming Industrialisation of Exploit Generation with LLMs • 🚨 Cloudflare Zero-day: Accessing Any Host Globally • 🤖 Claude Magic String Denial of Service

PentesterLab Jan 26, 2026
Weekly Research

Research Worth Reading Week 03/2026

🤖 AI models are showing a greater ability to find and exploit vulnerabilities on realistic cyber ranges • 🏴‍☠️ Pwning Claude Code in 8 Different Ways • 🔐 The State of OpenSSL for pyca/cryptography

PentesterLab Jan 18, 2026
Weekly Research

Research Worth Reading Week 01/2026

💧 Cross-Site ETag Length Leak • 🛠️ Detect Go's silent arithmetic bugs with go-panikint • 💎 Ruby Array Pack Bleed

PentesterLab Jan 6, 2026