We will discuss the chaining of two bugs on the telegram android application, which can make malicious applications steal internal telegram…

Somdev Sangwan - Security & Automatation Researcher

CVE-2021-38297 allows attackers to override an entire Wasm module & achieve WebAssembly code execution. Read technical analysis & mitigation from JFrog Security research >

This first blog post introduces the RASP checks used in SingPass

Microsoft discovered a high-severity vulnerability in the TikTok Android application, now identified as CVE-2022-28799 and fixed by TikTok, which could have allowed attackers to compromise users' accounts with a single click.

### Summary

The `DecompressedArchiveSizeValidator` is used to check the size of a archive before extracting...

Learn tricks and techniques like these, with us, in our amazing training courses!
https://flashback.sh/training

One of the first things you have to do when hacking and breaking embedded device security is to obtain the firmware. If you're lucky, you can…

User-Agent , X-Forwarded-For and Referer SQLI Fuzzer - root-tanishq/userefuzz

Trail of Bits is publicly disclosing CVE-2022-35737, which affects applications that use the SQLite library API. CVE-2022-35737 was introduced in SQLite version 1.0.12 (released on October 17, 2000) and fixed in release 3.39.2 (released on July 21, 2022).…

CORS makes no sense when you first look at it. The only way it does is if you understand the history of how we got here; this talk will go through the history of the web and CORS and how we ended up designing something like this. If you have always been confused…

Google is aware that an exploit for CVE-2022-3723 exists in the wild. It is only known that this vulnerability is a Type Confusion in V8

Hi Guys! Long time no see!

Apple’s Security Bounty program has paid nearly $20 million in rewards to security researchers in just two and a half years. Our new site makes it easier than ever for researchers to submit reports on the web, get real-time updates from Apple engineering…

Sometimes you might have questions about when a picture you see online was taken – but where to begin searching?

In this video, we show you how to use mapping tools to help pinpoint when a photo might have been taken and how to spot useful clues.

For…

This is how you can attempt to crack a JSON Web Token's secret, with either brute forcing or dictionary based fuzzing using wordlists.

Bypassing XSS filters using Double Encoding