We audited Pornhub, then PHP and broke both. In particular, we have gained remote code execution on pornhub.com and have earned a $20,000 bug bounty.

Bug Bounty Hunting from Pentest View, and How to Find Remote Code Execution and Someone's Backdoor on Facebook Server...

The TECHx team consists of leading software analysis experts from GrammaTech, Inc. and the University of Virginia. The team is led by Dr. David Melski (PI) a...

First, I'm sorry about reporting another WordPress bug (my intention was just to check if WP-OneLogin stores any sensitive info that could be used to attack OneLogin on your other...

I think there's a problem with missing HTML encoding of attachment file names. A user with the capability to create attachments could compromise other accounts including administrator by injecting...

WordPress 4.5.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.5.2 and earlier are affec…

Vulnerability Lab has realised a new security note Facebook User ID Bypass Issue