Hey Guys, I am Samrat Gupta aka Sm4rty, a Security Researcher and a Bug Bounty Hunter. In this blog, I will be explaining how can you find…

I published a deep dive into this vulnerability in a blog post: https://security.lauritz-holtmann.de/advisories/flickr-account-takeover/

Thank you very much to @alexseville and team for the kind...

Posted by Maddie Stone, Google Project Zero This blog post is an overview of a talk, “ 0-day In-the-Wild Exploitation in 2022…so far”,...

@bxmbn

Researcher bypasses email filter with inspired style tag trickery

**Summary:** By using this vulnerability an attacker can find a twitter account by it's phone number/email even if the user has prohibited this in the privacy options.

**Description:** The...

Threat actors are constantly using new tricks and tactics to target users across the globe. This blog is about SpyNote,  […]

The recent rise of HTTP Request Smuggling has seen a flood of critical findings enabling near-complete compromise of numerous major websites. However, the threat has been confined to attacker-accessib

This story is all about a logical vulnerability which helped me in Bypassing the email confirmation process and adding any arbitrary…

Hi, I’m bugra, and here is a write-up about my Google Bug Bounty report.
On January 28, 2022, I was chatting in the TR Bug Hunters telegram group. One of the group members, Numan Türle, told us that we should give Google Cloud Shell a try to find some juicy…

Pre-Built Vulnerable Environments Based on Docker-Compose - vulhub/vulhub

– by TheGrandPew and s1r1us
We all know, VSCode is one of the most used Electron App. As a part of our research on hacking electron apps, we thought it would be cool to pwn VSCode and we were able to pwn it. We were able to achieve RCE on VSCode without getting…

Our security research led to the discovery of a flaw in a popular Apache2 authentication module. We come back on this case of parsing differential and how various languages behave when working with URLs.

A proxy server is a go‑between or intermediary server that forwards requests for content from multiple clients to different servers across…

dnsReaper - subdomain takeover tool for attackers, bug bounty hunters and the blue team! - punk-security/dnsReaper

We will discuss the chaining of two bugs on the telegram android application, which can make malicious applications steal internal telegram…