Everyone is panicking about AI-generated zero days. They should be paying attention to the other side of the equation. Anthropic recently ...
☁️ Remote Command Execution in Google Cloud with Single Directory Deletion
🤖 Testing AI for Vulnerability Research: 4 Approaches & Where I Failed • 🛠️ Hyoketsu – Solving the Vendor Dependency Problem in RE • 🐧 Sashiko
As part of our CVE monitoring, we came across GHSA-pcq9-mq6m-mvmp (CVE-2025-68402), an authentication bypass in FreshRSS, a self-hosted RSS aggregator. It ...
🔒 IronCurtain: A Personal AI Assistant Built Secure from the Ground Up • 🚥 mitmproxy for fun and profit: Interception and Analysis of Application Traffic • ⛓️💥 Authentication Bypass in pac4j
💻 Browser-Based Port Scanning in the Age of LNA • 🪟 100+ Kernel Bugs in 30 Days • ⛈️ vinext: Vibe-Hacking Cloudflare's Vibe-Coded Next.js Replacement
More and more, with the progress of coding agents, people are rewriting software.And honestly, it looks easy. You write a good ...
🦫 CTFtime.org / justCTF [*] 2020 / Go-fs / Writeup • ☕️ Almost Impossible: Java Deserialization Through Broken Crypto in OpenText Directory Services • 😱 Vulnerability Disclosure: JWT Authentication Bypass in OpenID Connect Authenticator for Tomcat
⨐ Breaking Down CVE-2026-25049: How TypeScript Types Failed n8n's Security • ⚒️ Introducing Augustus: Open Source LLM Prompt Injection Tool • 🤺 When Two Parsers Disagree: Exploiting Query String Differentials for XSS
It all started with a CVE. It feels like it always does 😉. CVE-2025-54887 (CVSS 9.1) disclosed a missing GCM authentication ...
There was a time when certificate management was a constant source of outages. Not because TLS is complicated, and not because ...
With Anthropic's Opus 4.5, Ralph Wiggum Loop and GastOwn, a few people on the bleeding edge of AI-based software development are ...
🤖 Semgrep's Agent Skills • 🤿 Shaking the MCP Tree: A Security Deep Dive • 🤖 Evaluating and mitigating the growing risk of LLM-discovered 0-days