Reversing Samsung’s H-Arx Hypervisor Framework - Part 1
https://dayzerosec.com/blog/2025/03/08/reversing-samsungs-h-arx-hypervisor-part-1.html
https://dayzerosec.com/blog/2025/03/08/reversing-samsungs-h-arx-hypervisor-part-1.html
dayzerosec
Reversing Samsung's H-Arx Hypervisor Framework - Part 1
In many ways, mobile devices lead the security industry when it comes to defense-in-depth and mitigation. Over the years, it has been proven time and again that the kernel cannot be trusted to be secure. As such, there has been effort put into moving secrets…
CVE-2025-1094: PostgreSQL SQL Injection Vulnerability - ARMO
https://www.armosec.io/blog/cve-2025-1094-postgresql-sql-injection-vulnerability/
https://www.armosec.io/blog/cve-2025-1094-postgresql-sql-injection-vulnerability/
ARMO
CVE-2025-1094: PostgreSQL SQL Injection Vulnerability - ARMO
Learn about CVE-2025-1094, a critical SQL injection vulnerability in PostgreSQL's escaping functions. Discover affected versions, mitigation strategies, and how to protect your systems.
XXE: A complete guide to exploiting advanced XXE vulnerabilities
https://www.intigriti.com/researchers/blog/hacking-tools/exploiting-advanced-xxe-vulnerabilities
https://www.intigriti.com/researchers/blog/hacking-tools/exploiting-advanced-xxe-vulnerabilities
Intigriti
XXE Injection: Advanced Exploitation Guide
Learn how to identify and hunt for advanced XML External Entity (XXE) injection vulnerabilities using several different testing methods. Read the article now!
TruffleHog's Burp Suite Extension: A Techical Deep Dive
https://trufflesecurity.com/blog/introducing-trufflehog-s-burp-suite-extension-a-techical-deep-dive
10x to @ValyaRoller
https://trufflesecurity.com/blog/introducing-trufflehog-s-burp-suite-extension-a-techical-deep-dive
10x to @ValyaRoller
Trufflesecurity
Introducing TruffleHog's Burp Suite Extension: A Techical Deep Dive ◆ Truffle Security Co.
Scan for secrets using TruffleHog inside Burp Suite.
bug-bounty-scratch-vulnerabilities-cybersecurity.pdf
14.2 MB
Bug Bounty from Scratch
They Used Tools I Used Logic 0-Click Account Takeover Without Breaking a Sweat
https://medium.com/@loayahmed686/they-used-tools-i-used-logic-0-click-account-takeover-without-breaking-a-sweat-fd57c078dc82
https://medium.com/@loayahmed686/they-used-tools-i-used-logic-0-click-account-takeover-without-breaking-a-sweat-fd57c078dc82
Medium
They Used Tools I Used Logic 0-Click Account Takeover Without Breaking a Sweat
You know how most write-ups start with “I opened Burp Suite…”
Well, not this one.
Well, not this one.
YesWeHack Hunter Interviews – #14 g4mb4: “My favourite bug was an IDOR at a $1 billion company”
https://www.youtube.com/watch?v=hF0j4UTe8kE
https://www.youtube.com/watch?v=hF0j4UTe8kE
YouTube
YesWeHack Hunter Interviews – #14 g4mb4: “My favourite bug was an IDOR at a $1 billion company”
In this interview with Bug Bounty platform YesWeHack, Argentinian hacker g4mb4 – aka Damián Gambacorta – explains the impact of the vulnerability he is most proud of so far, among other topics.
He also offers an interesting response to the question of whether…
He also offers an interesting response to the question of whether…
Intercepting HTTPS Communication in Flutter: Going Full Hardcore Mode with Frida
https://sensepost.com/blog/2025/intercepting-https-communication-in-flutter-going-full-hardcore-mode-with-frida/
https://sensepost.com/blog/2025/intercepting-https-communication-in-flutter-going-full-hardcore-mode-with-frida/
Escalating Impact: Full Account Takeover in Microsoft via XSS in Login Flow
https://melotover.medium.com/escalating-impact-full-account-takeover-in-microsoft-via-xss-in-login-flow-f160fa79b008
https://melotover.medium.com/escalating-impact-full-account-takeover-in-microsoft-via-xss-in-login-flow-f160fa79b008
Medium
Escalating Impact: Full Account Takeover in Microsoft via XSS in Login Flow
Microsoft’s login system featured a highly secure and complex architecture, built with multiple layers of protection that made analysis…
Jumping the line: How MCP servers can attack you before you ever use them
https://blog.trailofbits.com/2025/04/21/jumping-the-line-how-mcp-servers-can-attack-you-before-you-ever-use-them/?hss_channel=lcp-912286
https://blog.trailofbits.com/2025/04/21/jumping-the-line-how-mcp-servers-can-attack-you-before-you-ever-use-them/?hss_channel=lcp-912286
The Trail of Bits Blog
Jumping the line: How MCP servers can attack you before you ever use them
MCP’s ’line jumping’ vulnerability lets malicious servers inject prompts through tool descriptions to manipulate AI behavior before tools are ever invoked.
What's the top bug in your language? Find out in The State of Code: Languages report
https://www.sonarsource.com/blog/the-state-of-code-languages/
https://www.sonarsource.com/blog/the-state-of-code-languages/
Sonarsource
What's the top bug in your language? Find out in The State of Code: Languages report
The State of Code report analyzes 7.9B lines of code, revealing the most common issues and security risks in Java, JavaScript, Python, and more.
Intigriti Bug Bytes #228 - September 2025 🚀
https://www.intigriti.com/researchers/blog/bug-bytes/intigriti-bug-bytes-228-september-2025
https://www.intigriti.com/researchers/blog/bug-bytes/intigriti-bug-bytes-228-september-2025
Java 23: Embrace the new era of code comments
https://www.sonarsource.com/blog/java-23-embrace-the-new-era-of-code-comments/
https://www.sonarsource.com/blog/java-23-embrace-the-new-era-of-code-comments/
Sonarsource
Java 23: Embrace the new era of code comments
We’ve covered Java 22, and are now getting into Java 23, which introduces several new language features. We’ll focus on enhancing documentation, and how to leverage the new features with simple examples.
Cyber Resilience Act: Navigating speed and security with AI-coding
https://www.sonarsource.com/blog/cra-navigating-speed-and-security-with-ai-coding/
https://www.sonarsource.com/blog/cra-navigating-speed-and-security-with-ai-coding/
Sonarsource
Cyber Resilience Act: Navigating speed and security with AI-coding
Modern software development is caught between two powerful forces. On one hand, generative artificial intelligence (AI) coding tools are supercharging development velocity at the expense of rigorous security review.
Electron Research in Desktop apps [Part 1]
https://blog.securelayer7.net/electron-app-security-risks/
https://blog.securelayer7.net/electron-app-security-risks/
SecureLayer7 - Offensive Security, API Scanner & Attack Surface Management
Electron Research in Desktop apps [Part 1]
What's electron?, the design of electron desktop app, the story bug of the bug, the static code of the bug and how to find it, how to develop it and explain the code, explain how to discover it,...
RCE in Google's AI code editor Antigravity - $10000 Bounty
https://www.hacktron.ai/blog/hacking-google-antigravity
https://www.hacktron.ai/blog/hacking-google-antigravity
Hacktron AI
RCE in Google's AI code editor Antigravity - $10000 Bounty
Hacktron AI Research Team discovered a critical RCE in Google’s Antigravity IDE that lets attackers take over your system just by opening a malicious website.
When Audits Fail Part 2: From Pre-Auth SSRF to RCE in TRUfusion Enterprise
https://www.rcesecurity.com/2026/02/when-audits-fail-from-pre-auth-ssrf-to-rce-in-trufusion-enterprise/
https://www.rcesecurity.com/2026/02/when-audits-fail-from-pre-auth-ssrf-to-rce-in-trufusion-enterprise/
RCE Security | Penetration Tests. Source Code Reviews. IT Security Audits.
When Audits Fail Part 2: From Pre-Auth SSRF … | RCE Security
A pre-auth SSRF in TRUfusion Enterprise (CVE-2025-32355) allows external attackers to reach internal-only services via a misconfigured reverse proxy. This …
GraphQL Pentesting for Bug Bounty Hunters: From Endpoint Discovery to High-Impact Exploits…!
https://medium.com/@mpjani294/graphql-pentesting-for-bug-bounty-hunters-from-endpoint-discovery-to-high-impact-exploits-821f64a953b5
https://medium.com/@mpjani294/graphql-pentesting-for-bug-bounty-hunters-from-endpoint-discovery-to-high-impact-exploits-821f64a953b5
Medium
GraphQL Pentesting for Bug Bounty Hunters: From Endpoint Discovery to High-Impact Exploits…!
Here is the mind map for reference LINK