A vulnerability in KuCoin & why HackenProof & KuCoin're not trustworthy.

Today I’m going to talk about cache, denial of service, and a vulnerability I recently found in a very large company.

Exploring the Impact of CVE-2023-31070: A Deep Dive into Broadcom BCM47xx SDK, found by Attila Szasz with BugProve's engine.

OAuth vulnerability earns CVE-2023-28131. Salt exposes a new vulnerability in the popular OAuth framework, used in hundreds of online services.

Origin IP scanning utility developed with ChatGPT. Contribute to r57-labs/chaos development by creating an account on GitHub.

Understanding what are JavaScript Prototypes (Part 1)

Gain insights into the Fluhorse malware campaign as we've managed to fully reverse engineer the malicious Flutter applications. Learn more.…

Let me explain how did I overcome this XSS challenge set up by the bug bounty platform Intigriti. It may be a source of inspiration for…

A list of useful payloads and bypass for Web Application Security and Pentest/CTF - swisskyrepo/PayloadsAllTheThings

Introduction Recently I found a password reset/recovery flaw in a program at Synack. The vulnerability is the classical password reset link manipulation via Host Header Injection but rather than the vulnerability itself, the way how I managed to exploit it…

Highlights: A modified version of the popular messaging app Telegram found to be malicious The malicious app can sign up the victim for various paid

Bringing NFC contactless payment capability to a true classic.

CrimeFlare is a useful tool for bypassing websites protected by CloudFlare WAF, with this tool you can easily see the real IP of websites that have been protected by CloudFlare. The resulting infor...

SonicWall has recently disclosed several vulnerabilities in their Global Management System (GMS) and Analytics products. Learn impact, mitigation, and risks.