AI browsers remain vulnerable to prompt injection attacks via screenshots and hidden content, allowing attackers to exploit users' authenticated sessions.

Walkthrough of how to embed frida noscripts in apps to distribute proper mods. Supports frida 17+.

A detailed account of how my personal AWS account was compromised, the attack timeline, and lessons learned from a cloud security incident.

After a major takedown, LockBit is back with version 5.0, targeting Windows, Linux, and ESXi systems worldwide. Check Point Research reveals new victims.

Edera uncovers TARmageddon (CVE-2025-62518), a Rust async-tar RCE flaw exposing the real dangers of open-source abandonware and supply chain security.

Adversis releases a Burp Extension for NextJS Hash-to-Function Mapping

In June, 2025, Shubs Shah and I discovered a vulnerability in the online poker website ClubWPT Gold which would have allowed an attacker to fully access the core back office application that is used for all administrative site functionality.

Hack, Learn, Improve… Platform to learn cyber security with real world challenges

EDR-Redir uses BindLink Filter and Windows Cloud Filter to inject, corrupt, and disable EDRs.

Posted by reallylonguserthing - 27 votes and 2 comments

CoPhish attack exploits Microsoft Copilot Studio to steal OAuth tokens through malicious AI agents targeting Microsoft Entra ID accounts.

Sometimes you search endlessly and find nothing. Other times, the gold just drops into your lap. This is a story about how we accidentally found a pretty impactful vulnerability.

Vibecoding is fast, but it is secure? We tested current state of the art LLM models against a common security task, namely the MFA implemented in your applications.

Daily updated CVE summaries with CVSS and CWE tags. Latest update: 2025-12-03T14:15:48.680.

Introduction LLVM compiler infrastructure is powerful because of its modular design, flexibility, and rich intermediate representation (IR) that enables deep analysis and transformation of code. Unlike traditional compilers, LLVM separates...

CVE-2025-9152, CVE-2025-10611, and CVE-2025-9804 are critical authentication bypass and privilege escalation vulnerabilities I discovered in WSO2 API Manager and WSO2 Identity Server.

CVE-2025-2905 is a blind XXE vulnerability in WSO2 API Manager and other WSO2 products dependent on WSO2-Synapse.

We are releasing Brida 0.6 that supports Frida 17, which introduced some breaking change in its API.