Hi! Last Thursday, as part of the Burp Extensibility Month on the PortSwigger Discord server, I gave a talk on […]

Browser-first CTF landing page for KubeArmor AI security challenges.

Security Advisory Description NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression…

How Calif and Anthropic's Mythos cracked Apple's brand-new Memory Integrity Enforcement on the M5 in five days, what the bug actually is, and what defenders and exploit writers should take from it.

Complete beginner's guide on how to use Claude AI. Master Projects, Artifacts, file uploads, and Anthropic's unique prompting formula.

A cybersecurity student explains prompt injection, jailbreaks, and AI attack paths in simple terms with real RAG and agent security risks.

A practical guide to nmap on Linux covering host discovery, port and service scanning, OS detection, NSE scripts, output formats, and real-world command combinations sysadmins actually use.

7-Eleven experienced a data breach exposing 185,300 accounts after a pay or leak extortion campaign by ShinyHunters targeted systems storing franchisee documents.

A simple guide to credential brokering for AI agents: protect against prompt injection by keeping credentials away from the agent.

A first-person disclosure analysis of CVE-2021-21735 on the ZTE ZXHN H168N V3.5, covering the wizard-page leak, firmware whitelist failure, and the included bulk PoC.

An IRGC-directed persona sabotaged industrial refrigeration and staged a disk-wipe campaign at Israeli facilities during a ceasefire. How the operation unfolded, and how to find the actor before it reaches your plant floor.

Deep dive analysis of the TETRA cyber incident which disrupted operations at Taiwan High Speed Rail (THSR) in April 2026.

Recent attempts to ban VPNs to stop users from evading age-verification laws are a growing threat to journalism

A polished security write-up about an OLX verification-code flaw that still leaked the correct code during lockout and led to account takeover.

DNS queries travel in plain text by default — even when your site uses HTTPS. Here's how DoH, DoT, DoQ and DoH3 work, how they compare in performance (real benchmarks from 3,000+ resolvers), and which one is right for your website.

After our last episode on Multi-SSO Cognito User Pools, we are back with another issue. This time, we are looking at one of those AWS components that is everywhere and rarely questioned deeply enough: the Elastic Load Balancer.

How we discovered an RCE in the AI Pentester Strix (sandbox) and how to find prompt injections with impact.

The Lithuanian Prosecutor General’s Office is investigating the theft of over 600,000 Center of Registers records via compromised institutional credentials.

Burp Suite AI Reporter generates vulnerability findings from HTTP pairs using Burp AI or Ollama/OpenAI. Export to Markdown in one click.

On 18 May 2026, Dutch investigators seized more than 800 servers and broke up a hosting operation that prosecutors say powered Russian cyberattacks across the EU. We had spent the previous year watching the same network from the other side. After the seizure…