Vulnerablity explanation about prototype pollution in real world 🙂 blog.p6.is/Real-World-JS-…

Client-Side Prototype Pollution and useful Script Gadgets github.com/BlackFan/clien…

#XSSMAS alert(💃)

💪💪

We're really happy to share our improvements and some experiments for the CookieMonster tool. Weaponizing Monster for Cookies Attacks: vsrc.vng.com.vn/blog/weaponizi… Also include burp-extender plugin for burp suite. Hope you guys enjoy it. ~Cheers, VSRC

First time use f5 🤷

We've successfully developed a new PoC exploit for CVE-2024-3400 PAN-OS Command Injection without the Telemetry enablement requirement. Please patch it ASAP 🌐 #CVE-2024-3400

Submitted this bug to ZDI a long time ago, but they weren’t interested 🥲. Later sent to Oracle, marked dup of CVE-2023-22047. CVSS 7.5 but leads to unauth RCE. Fortunately, some big programs accepted it. Check exploit here : github.com/tuo4n8/CVE-202… #BugBounty #InfoSec #Oracle

Write-up cho bài đăng của anh tuo4n8. Chuyện đã lâu rồi có nhiều thứ mình không còn nhớ. - No outbound Gadgets for CVE-2019-16891. - New JDBC attack chain. For English speakers, please use Google Translate. l0gg.substack.com/p/journey-into…

My research on CVE-2025-49113 is out. fearsoff.org/research/round…. Happy reading! #CVE #roundcube #poc FearsOff Cybersecurity

Microsoft just released the patch for CVE-2025-33073, a critical vulnerability allowing a standard user to remotely compromise any machine with SMB signing not enforced! Checkout the details in the blogpost by Guillaume André and Wil. synacktiv.com/publications/n…

🚨 We got RCE on Solana 🚨 Finally revealing FULL details about the RCE vulnerability we found 2 years ago. Found it. Lost it. Exploited it anyway. 🔬 Here’s what real-world bug hunting looks like: anatomi.st/blog/2025_06_2…

While waiting for the Pwn2Own chain, you might want to read this. Disclaimer: This is a bug I discovered by accident, and already been resolved. I’m not sure which CVE or patch this maps to. If you know any information, please feel free to leave a comment blog.viettelcybersecurity.com/sharepoint_pro…