Discover how Bot-Delegated TOCTOU vulnerabilities in GitHub Apps can compromise CI/CD pipelines, with detailed case studies and hardening strategies.

Unlike black-box AI SOC tools, Digital Security Teammates from Secure.com deliver 70% less manual work with full transparency.

Welcome to watchTowr vs the Internet, part 68.

That feeling you’re experiencing? Dread. You should be used to it by now.

As is fast becoming an unofficial and, apparently, frowned upon tradition - we identified incredible amounts of publicly exposed passwords…

You can be a successful security researcher without knowing much about math. But if you want to see the matrix, you need to get…

Learn how to perform and understand lateral mouvement though GPO mechanism during pentest and red team assessments.

This blog post explores a bug, (CVE-2025-64755), I found while trying to find a command execution primitive within Claude Code to demonstrate the risks of web-hosted MCP to a client.

This blog post provides a dive into HTTP/3’s evolution for security engineers, an overview of our research journey, and what led us to develop the open-source tool QuicDraw, which can be used for...

Enterprise-grade client-side vulnerability analysis engine

Posted by S3cur3Th1sSh1t - 4 votes and 1 comment

An introduction to DASVS - a security standard designed to strengthen desktop application protection across Windows, macOS, and Linux.

Our AI AppSec Agent discovered an unauthenticated DoS vulnerability that crashes a self-hosted Next.js server with a single HTTP request and negligible resources.

Posted by gabriele70 - 0 votes and 0 comments

Learn syntax confusion techniques using filename*, file://host:port, and PHP parse_url to bypass filters, poison caches and escalate SSRF.

Abusing Write Path Traversal for Living Off the Land Remote Code Execution

This post reconstructs how sanctioned Bulletproof Hoster Media Land’s internal platform organised users, subnoscriptions, and address space, based on a leaked ...

CAI using MCP, Model Context Protocol, to secure Sublight Shipping's autonomous robot fleet

On November 24, a new wave of the Shai-Hulud supply chain attack emerged. The threat actors exfiltrate stolen credentials directly to GitHub repositories created with compromised tokens.

Join our monthly cloud security CTF challenge, built by top Wiz researchers. Solve real-world scenarios and rise to the top of the leaderboard.