Researcher bypasses email filter with inspired style tag trickery

**Summary:** By using this vulnerability an attacker can find a twitter account by it's phone number/email even if the user has prohibited this in the privacy options.

**Description:** The...

Threat actors are constantly using new tricks and tactics to target users across the globe. This blog is about SpyNote,  […]

The recent rise of HTTP Request Smuggling has seen a flood of critical findings enabling near-complete compromise of numerous major websites. However, the threat has been confined to attacker-accessib

This story is all about a logical vulnerability which helped me in Bypassing the email confirmation process and adding any arbitrary…

Hi, I’m bugra, and here is a write-up about my Google Bug Bounty report.
On January 28, 2022, I was chatting in the TR Bug Hunters telegram group. One of the group members, Numan Türle, told us that we should give Google Cloud Shell a try to find some juicy…

Pre-Built Vulnerable Environments Based on Docker-Compose - vulhub/vulhub

– by TheGrandPew and s1r1us
We all know, VSCode is one of the most used Electron App. As a part of our research on hacking electron apps, we thought it would be cool to pwn VSCode and we were able to pwn it. We were able to achieve RCE on VSCode without getting…

Our security research led to the discovery of a flaw in a popular Apache2 authentication module. We come back on this case of parsing differential and how various languages behave when working with URLs.

A proxy server is a go‑between or intermediary server that forwards requests for content from multiple clients to different servers across…

dnsReaper - subdomain takeover tool for attackers, bug bounty hunters and the blue team! - punk-security/dnsReaper

We will discuss the chaining of two bugs on the telegram android application, which can make malicious applications steal internal telegram…

Somdev Sangwan - Security & Automatation Researcher

CVE-2021-38297 allows attackers to override an entire Wasm module & achieve WebAssembly code execution. Read technical analysis & mitigation from JFrog Security research >

This first blog post introduces the RASP checks used in SingPass

Microsoft discovered a high-severity vulnerability in the TikTok Android application, now identified as CVE-2022-28799 and fixed by TikTok, which could have allowed attackers to compromise users' accounts with a single click.

### Summary

The `DecompressedArchiveSizeValidator` is used to check the size of a archive before extracting...

Learn tricks and techniques like these, with us, in our amazing training courses!
https://flashback.sh/training

One of the first things you have to do when hacking and breaking embedded device security is to obtain the firmware. If you're lucky, you can…

User-Agent , X-Forwarded-For and Referer SQLI Fuzzer - root-tanishq/userefuzz