Recently Added
The most recent resources added to appsec.fyi, across all topics. Subscribe to the RSS feed to stay updated.
| Date | Topic | Link | Excerpt |
|---|---|---|---|
| 2026-04-19 | SSTI | Inj3ctlab — SSTI Bug Bounty Labs Writeup | Inj3ctlab — SSTI Bug Bounty Labs Writeup |
| 2026-04-19 | SSTI | Server-Side Template Injection — Bug Bounty 2k25 | Server-Side Template Injection — Bug Bounty 2k25 |
| 2026-04-19 | JWT | CVE-2025-45768: PyJWT Information Disclosure Vulnerability | CVE-2025-45768: PyJWT Information Disclosure Vulnerability |
| 2026-04-19 | Secrets | Compromised IAM Credentials Power Large AWS Crypto Mining Campaign | Compromised IAM Credentials Power Large AWS Crypto Mining Campaign |
| 2026-04-19 | GraphQL | PayloadsAllTheThings — GraphQL Injection | PayloadsAllTheThings — GraphQL Injection |
| 2026-04-19 | IDOR | IDOR Vulnerability Exploitation Guide — RedfoxSec | IDOR Vulnerability Exploitation Guide — RedfoxSec |
| 2026-04-19 | SSTI | What is SSTI in Flask/Jinja2? — Payatu | What is SSTI in Flask/Jinja2? — Payatu |
| 2026-04-19 | SSTI | PayloadsAllTheThings — SSTI README | PayloadsAllTheThings — SSTI README |
| 2026-04-19 | JWT | How JWT Libraries Block Algorithm Confusion: Code Review Lessons | How JWT Libraries Block Algorithm Confusion: Code Review Lessons |
| 2026-04-19 | Deserialization | IBM webMethods Integration CVE-2025-36072: Deserialization RCE | IBM webMethods Integration CVE-2025-36072: Deserialization RCE |
| 2026-04-19 | Secrets | Pre-Commit Hooks for Secret Detection: Setup in 10 Minutes | Pre-Commit Hooks for Secret Detection: Setup in 10 Minutes |
| 2026-04-19 | Supply Chain | Shai-Hulud: A Persistent Secret Leaking Campaign — GitGuardian | Shai-Hulud: A Persistent Secret Leaking Campaign — GitGuardian |
| 2026-04-19 | Mobile | Zero-Day Vulnerabilities in Apple WebKit — CSA Singapore | Zero-Day Vulnerabilities in Apple WebKit — CSA Singapore |
| 2026-04-19 | Mobile | Update Apple Devices: Actively Exploited CVE-2025-14174 & CVE-2025-43529 | Update Apple Devices: Actively Exploited CVE-2025-14174 & CVE-2025-43529 |
| 2026-04-19 | Mobile | CVE-2025-14174: Apple WebKit Memory Corruption Zero-Day | CVE-2025-14174: Apple WebKit Memory Corruption Zero-Day |
| 2026-04-19 | API Security | BOLA API Attack & Prevention — StackHawk | BOLA API Attack & Prevention — StackHawk |
| 2026-04-19 | API Security | Broken Object-Level Authorization (BOLA): What It Is and How to Prevent It | Broken Object-Level Authorization (BOLA): What It Is and How to Prevent It |
| 2026-04-19 | AI | MCP Tool Poisoning — How It Works & How To Fight It | MCP Tool Poisoning — How It Works & How To Fight It |
| 2026-04-19 | AI | Model Context Protocol Has Prompt Injection Security Problems | Model Context Protocol Has Prompt Injection Security Problems |
| 2026-04-19 | Recon | The 2026 State of Attack Surface Management — ProjectDiscovery | The 2026 State of Attack Surface Management — ProjectDiscovery |
| 2026-04-19 | Recon | The Ultimate Guide to Attack Surface Management Tools in 2025 | The Ultimate Guide to Attack Surface Management Tools in 2025 |
| 2026-04-19 | Recon | Top 10 Attack Surface Management Tools for 2026 — Intruder | Top 10 Attack Surface Management Tools for 2026 — Intruder |
| 2026-04-19 | Recon | 12 Attack Surface Management Tools to Know in 2026 | 12 Attack Surface Management Tools to Know in 2026 |
| 2026-04-19 | Bug Bounty | HackerOne Paid $81 Million in Bug Bounties Over the Past Year | HackerOne Paid $81 Million in Bug Bounties Over the Past Year |
| 2026-04-19 | RCE | CVE-2025-22457: Ivanti Connect Secure VPN Zero-Day RCE | CVE-2025-22457: Ivanti Connect Secure VPN Zero-Day RCE |
| 2026-04-19 | RCE | Advisory: Actively Exploited Unauthenticated RCE in Ivanti Connect Secure (CVE-2025-0282) | Advisory: Actively Exploited Unauthenticated RCE in Ivanti Connect Secure (CVE-2025-0282) |
| 2026-04-19 | RCE | Command Injection in Jenkins via Git Parameter (CVE-2025-53652) | Command Injection in Jenkins via Git Parameter (CVE-2025-53652) |
| 2026-04-19 | CSRF | CVE-2025-9611: Microsoft Playwright MCP Server CSRF Flaw | CVE-2025-9611: Microsoft Playwright MCP Server CSRF Flaw |
| 2026-04-19 | CSRF | CVE-2025-23797: WP Options Editor CSRF Vulnerability | CVE-2025-23797: WP Options Editor CSRF Vulnerability |
| 2026-04-19 | CSRF | AVideo CSRF — CVE-2025-3100 (Critical) | AVideo CSRF — CVE-2025-3100 (Critical) |
| 2026-04-19 | CSRF | Authlib (Python) CSRF (Cache-Backed OAuth State) — CVE-2025-68158 | Authlib (Python) CSRF (Cache-Backed OAuth State) — CVE-2025-68158 |
| 2026-04-19 | OSINT | OSINT Framework: How to Build a Custom Maltego Transform | OSINT Framework: How to Build a Custom Maltego Transform |
| 2026-04-19 | SSRF | CVE-2025-61882 Explained: The Oracle Zero-Day Breach | CVE-2025-61882 Explained: The Oracle Zero-Day Breach |
| 2026-04-19 | SSRF | Oracle EBS CVE-2025-61882: Pre-auth SSRF Leads to RCE | Oracle EBS CVE-2025-61882: Pre-auth SSRF Leads to RCE |
| 2026-04-19 | SSRF | Oracle EBS Under Fire as Cl0p Exploits CVE-2025-61882 | Oracle EBS Under Fire as Cl0p Exploits CVE-2025-61882 |
| 2026-04-19 | SSRF | Oracle E-Business Suite Zero-Day Exploited — Google Cloud | Oracle E-Business Suite Zero-Day Exploited — Google Cloud |
| 2026-04-19 | GraphQL | Approaching GraphQL End Points — Bug Bounty Notes | Approaching GraphQL End Points — Bug Bounty Notes |
| 2026-04-19 | GraphQL | DoS via Mutation Aliasing in GraphQL — HackerOne Disclosure | DoS via Mutation Aliasing in GraphQL — HackerOne Disclosure |
| 2026-04-19 | IDOR | Bykea: IDOR on In-App Hardcoded Zombie — HackerOne | Bykea: IDOR on In-App Hardcoded Zombie — HackerOne |
| 2026-04-19 | IDOR | IDOR Vulnerability — HackerOne Report 2633771 | IDOR Vulnerability — HackerOne Report 2633771 |
| 2026-04-19 | IDOR | Top 235 IDOR Bug Bounty Reports | Top 235 IDOR Bug Bounty Reports |
| 2026-04-19 | SSTI | Find and Exploit Server-Side Template Injection — TCM Security | Find and Exploit Server-Side Template Injection — TCM Security |
| 2026-04-19 | JWT | JSON Web Token Attacks and Vulnerabilities — Acunetix | JSON Web Token Attacks and Vulnerabilities — Acunetix |
| 2026-04-19 | JWT | Security of JSON Web Tokens (JWT) — Cyber Polygon | Security of JSON Web Tokens (JWT) — Cyber Polygon |
| 2026-04-19 | JWT | Analyzing Broken User Authentication Threats to JWTs — Akamai | Analyzing Broken User Authentication Threats to JWTs — Akamai |
| 2026-04-19 | Authentication | Bypassing MFA with OAuth Abuse: Pentesting SSO Flows | Bypassing MFA with OAuth Abuse: Pentesting SSO Flows |
| 2026-04-19 | Authentication | SSO Protocol Security: Critical Vulnerabilities in SAML, OAuth, OIDC, JWT (2025) | SSO Protocol Security: Critical Vulnerabilities in SAML, OAuth, OIDC, JWT (2025) |
| 2026-04-19 | Authentication | The Art of Breaking OAuth: Real-World Exploits and Misuses | The Art of Breaking OAuth: Real-World Exploits and Misuses |
| 2026-04-19 | Authentication | OAuth2-Proxy Authentication Bypass (CVE-2025-54576) | OAuth2-Proxy Authentication Bypass (CVE-2025-54576) |
| 2026-04-19 | Authentication | OAuth SSO WordPress Plugin JWT Bypass (CVE-2025-9485) | OAuth SSO WordPress Plugin JWT Bypass (CVE-2025-9485) |
| 2026-04-19 | Deserialization | Deserialization Vulnerability — Exploit-DB Paper | Deserialization Vulnerability — Exploit-DB Paper |
| 2026-04-19 | Deserialization | Cisco ISE Insecure Java Deserialization — Cisco Docs | Cisco ISE Insecure Java Deserialization — Cisco Docs |
| 2026-04-19 | Deserialization | Insecure Deserialization Vulnerabilities — Acunetix | Insecure Deserialization Vulnerabilities — Acunetix |
| 2026-04-19 | Deserialization | Cisco ISE Insecure Java Deserialization (CVE-2025-20124) | Cisco ISE Insecure Java Deserialization (CVE-2025-20124) |
| 2026-04-19 | Secrets | Understanding Your Organization's Exposure to Secret Leaks — GitHub | Understanding Your Organization's Exposure to Secret Leaks — GitHub |
| 2026-04-19 | Secrets | Exposed Developer Secrets Surge: AI Drives 34% Increase in 2025 | Exposed Developer Secrets Surge: AI Drives 34% Increase in 2025 |
| 2026-04-19 | Secrets | GitHub Found 39M Secret Leaks in 2024 — The GitHub Blog | GitHub Found 39M Secret Leaks in 2024 — The GitHub Blog |
| 2026-04-19 | Supply Chain | Defending Against npm Supply Chain Attacks — Splunk | Defending Against npm Supply Chain Attacks — Splunk |
| 2026-04-19 | Supply Chain | Multiple Supply Chain Attacks against npm Packages — Red Hat | Multiple Supply Chain Attacks against npm Packages — Red Hat |
| 2026-04-19 | Supply Chain | Shai-Hulud Malware: Second-Wave npm Supply Chain Attack | Shai-Hulud Malware: Second-Wave npm Supply Chain Attack |
| 2026-04-19 | Supply Chain | CISA: Widespread Supply Chain Compromise Impacting npm Ecosystem | CISA: Widespread Supply Chain Compromise Impacting npm Ecosystem |
| 2026-04-19 | Mobile | Two Serious Vulnerabilities in Latest Android Security Update | Two Serious Vulnerabilities in Latest Android Security Update |
| 2026-04-19 | Mobile | LANDFALL: New Commercial-Grade Android Spyware (CVE-2025-21042) | LANDFALL: New Commercial-Grade Android Spyware (CVE-2025-21042) |
| 2026-04-19 | API Security | OWASP Top 10 API Security Risks and How to Mitigate Them — Pynt | OWASP Top 10 API Security Risks and How to Mitigate Them — Pynt |
| 2026-04-19 | API Security | OWASP Top 10 2025: Latest Changes and Enhancements | OWASP Top 10 2025: Latest Changes and Enhancements |
| 2026-04-19 | API Security | OWASP API Security Top 10 Vulnerabilities — 2025 | OWASP API Security Top 10 Vulnerabilities — 2025 |
| 2026-04-19 | AuthZ | Broken Access Control: The Quiet Killer in Web Applications | Broken Access Control: The Quiet Killer in Web Applications |
| 2026-04-19 | AuthZ | OWASP Top 10 2025: IAAA Failures TryHackMe Writeup | OWASP Top 10 2025: IAAA Failures TryHackMe Writeup |
| 2026-04-19 | AuthZ | Broken Access Control: The Silent Web Vulnerability | Broken Access Control: The Silent Web Vulnerability |
| 2026-04-19 | AuthZ | Broken Access Control: The 40% Surge in 2025 | Broken Access Control: The 40% Surge in 2025 |
| 2026-04-19 | AuthZ | OWASP Top 10 2025 — A01 Broken Access Control | OWASP Top 10 2025 — A01 Broken Access Control |
| 2026-04-19 | AI | Vulnerability of LLMs to Prompt Injection in Medical Advice — JAMA | Vulnerability of LLMs to Prompt Injection in Medical Advice — JAMA |
| 2026-04-19 | AI | Prompt Injection Attack Against LLM-Integrated Applications — arXiv | Prompt Injection Attack Against LLM-Integrated Applications — arXiv |
| 2026-04-19 | AI | Prompt Injection Attacks in LLMs and AI Agent Systems: A Comprehensive Review | Prompt Injection Attacks in LLMs and AI Agent Systems: A Comprehensive Review |
| 2026-04-19 | Fuzzing | Generative Fuzzer-Driven Vulnerability Detection in IoT Networks | Generative Fuzzer-Driven Vulnerability Detection in IoT Networks |
| 2026-04-19 | Fuzzing | Automating Fuzz Driver Generation for Deep Learning Libraries with LLMs | Automating Fuzz Driver Generation for Deep Learning Libraries with LLMs |
| 2026-04-19 | Fuzzing | Fuzz to the Future: Uncovering Occluded Future Vulnerabilities | Fuzz to the Future: Uncovering Occluded Future Vulnerabilities |
| 2026-04-19 | Fuzzing | EdgeFuzz: A Middleware-Based Security Testing Tool | EdgeFuzz: A Middleware-Based Security Testing Tool |
| 2026-04-19 | Fuzzing | Software Fuzzing: The Cornerstone of Automated Vulnerability Discovery | Software Fuzzing: The Cornerstone of Automated Vulnerability Discovery |
| 2026-04-19 | Recon | SubFinder: Automating Subdomain Enumeration for Bug Bounty in 2025 | SubFinder: Automating Subdomain Enumeration for Bug Bounty in 2025 |
| 2026-04-19 | Talks | DEF CON 33 Hacking Conference 2025 — USF | DEF CON 33 Hacking Conference 2025 — USF |
| 2026-04-19 | Talks | DEF CON 33 (2025) — Security.World | DEF CON 33 (2025) — Security.World |
| 2026-04-19 | Talks | What to Expect from BSides, Black Hat, and DEF CON 2025 | What to Expect from BSides, Black Hat, and DEF CON 2025 |
| 2026-04-19 | Talks | DEF CON 2025 — Open Source Security Foundation | DEF CON 2025 — Open Source Security Foundation |
| 2026-04-19 | Talks | DEFCON Conference — Official YouTube | DEFCON Conference — Official YouTube |
| 2026-04-19 | Bug Bounty | 9 Top Bug Bounty Programs Launched in 2025 — CSO Online | 9 Top Bug Bounty Programs Launched in 2025 — CSO Online |
| 2026-04-19 | Bug Bounty | Bug-bounty Writeups Repository — fardeen-ahmed | Bug-bounty Writeups Repository — fardeen-ahmed |
| 2026-04-19 | Bug Bounty | Google's Bug Bounty Program Hits All-Time High — $17M in 2025 | Google's Bug Bounty Program Hits All-Time High — $17M in 2025 |
| 2026-04-19 | Bug Bounty | Top Bugs That Actually Paid Bounties in 2025 | Top Bugs That Actually Paid Bounties in 2025 |
| 2026-04-19 | RCE | 0xMarcio/cve: Latest CVEs with PoC Exploits | 0xMarcio/cve: Latest CVEs with PoC Exploits |
| 2026-04-19 | RCE | Microsoft WSUS RCE (CVE-2025-59287) Actively Exploited | Microsoft WSUS RCE (CVE-2025-59287) Actively Exploited |
| 2026-04-19 | CSRF | Web Security Academy: CSRF SameSite Lax Bypass via Method Override | Web Security Academy: CSRF SameSite Lax Bypass via Method Override |
| 2026-04-19 | Burp Suite | Pentest-Mapper: Burp Extension for Pentesters & Bug Bounty | Pentest-Mapper: Burp Extension for Pentesters & Bug Bounty |
| 2026-04-19 | Burp Suite | Burp Suite Extension: Copy For — Black Hills InfoSec | Burp Suite Extension: Copy For — Black Hills InfoSec |
| 2026-04-19 | Burp Suite | Burp AI — PortSwigger | Burp AI — PortSwigger |
| 2026-04-19 | Burp Suite | Pentest Mapper: Burp Extension for Application Pentesting | Pentest Mapper: Burp Extension for Application Pentesting |
| 2026-04-19 | Burp Suite | Pentest Mapper — PortSwigger BApp Store | Pentest Mapper — PortSwigger BApp Store |
| 2026-04-19 | Python | PyPI Supply Chain Attack: Colorama and Colorizr Name Confusion | PyPI Supply Chain Attack: Colorama and Colorizr Name Confusion |
| 2026-04-19 | Python | Compromised LiteLLM PyPI Package Delivers Credential Stealer | Compromised LiteLLM PyPI Package Delivers Credential Stealer |
| 2026-04-19 | Python | LiteLLM PyPI Package Compromised in TeamPCP Supply Chain Attack | LiteLLM PyPI Package Compromised in TeamPCP Supply Chain Attack |
| 2026-04-19 | Python | Malicious PyPI Package — LiteLLM Supply Chain Compromise | Malicious PyPI Package — LiteLLM Supply Chain Compromise |
| 2026-04-19 | Python | The PyPI Supply Chain Attacks of 2025 | The PyPI Supply Chain Attacks of 2025 |
| 2026-04-19 | OSINT | Top 10 OSINT Tools, Products & Solutions — SocialLinks | Top 10 OSINT Tools, Products & Solutions — SocialLinks |
| 2026-04-19 | OSINT | How to Use OSINT for Investigations — Moody's | How to Use OSINT for Investigations — Moody's |
| 2026-04-19 | OSINT | OSINT Industries — Online Investigations Platform | OSINT Industries — Online Investigations Platform |
| 2026-04-19 | OSINT | OSINT Tools Security Analysts Should Know for 2025 | OSINT Tools Security Analysts Should Know for 2025 |
| 2026-04-19 | SQLi | Unauthenticated SQL Injection in GUI — Fortinet PSIRT | Unauthenticated SQL Injection in GUI — Fortinet PSIRT |
| 2026-04-19 | SQLi | CVE-2025-1094 WebSocket and SQL Injection Exploit Script | CVE-2025-1094 WebSocket and SQL Injection Exploit Script |
| 2026-04-19 | SQLi | CVE-2025-1094: PostgreSQL psql SQL Injection (Fixed) — Rapid7 | CVE-2025-1094: PostgreSQL psql SQL Injection (Fixed) — Rapid7 |
| 2026-04-19 | SQLi | PostgreSQL CVE-2025-1094: Quoting APIs SQL Injection | PostgreSQL CVE-2025-1094: Quoting APIs SQL Injection |
| 2026-04-19 | SQLi | CVE-2025-26794: Blind SQL Injection in Exim 4.98 — Writeup | CVE-2025-26794: Blind SQL Injection in Exim 4.98 — Writeup |
| 2026-04-19 | SSRF | Server-Side Request Forgery (SSRF) — Practical Guide | Server-Side Request Forgery (SSRF) — Practical Guide |
| 2026-04-19 | XXE | IBM Business Automation Workflow XXE (CVE-2025-13096) | IBM Business Automation Workflow XXE (CVE-2025-13096) |
| 2026-04-19 | XXE | XXE Vulnerability Guide 2025: How XML Attacks Still Threaten | XXE Vulnerability Guide 2025: How XML Attacks Still Threaten |
| 2026-04-19 | XXE | XXE Injection in langchain-community (CVE-2025-6984) | XXE Injection in langchain-community (CVE-2025-6984) |
| 2026-04-19 | XXE | Critical Apache Tika CVE-2025-66516: XXE Vulnerability | Critical Apache Tika CVE-2025-66516: XXE Vulnerability |
| 2026-04-19 | XXE | XXE in GeoServer WFS Service (CVE-2025-30220) | XXE in GeoServer WFS Service (CVE-2025-30220) |
| 2026-04-19 | GraphQL | GraphQL API Vulnerabilities Learning Path — PortSwigger | GraphQL API Vulnerabilities Learning Path — PortSwigger |
| 2026-04-19 | GraphQL | GraphQL Introspection Security: Lessons from the Parse Server Vulnerability | GraphQL Introspection Security: Lessons from the Parse Server Vulnerability |
| 2026-04-19 | XSS | Bypassing Signature-Based XSS Filters: Modifying HTML | Bypassing Signature-Based XSS Filters: Modifying HTML |
| 2026-04-19 | XSS | XSS Bypass Techniques — Cyber Gita | XSS Bypass Techniques — Cyber Gita |
| 2026-04-19 | XSS | Advanced XSS Filter Bypass Methods Using Payload Splitting | Advanced XSS Filter Bypass Methods Using Payload Splitting |
| 2026-04-19 | XSS | XSS Payload Bypass Technique: A Practical Guide | XSS Payload Bypass Technique: A Practical Guide |
| 2026-04-19 | XSS | Intigriti July 2025 XSS Challenge — Jorian Woltjer | Intigriti July 2025 XSS Challenge — Jorian Woltjer |
| 2026-04-18 | SSRF | Funny how the more you fuck around the more you find out. Do you see an id? mess around with it can't find the private ip where the http client is running? send a nonexistent host to leak it an enum from there #bugbountytips #SSRF pic.x.com/t0HhOXupGQ | Funny how the more you fuck around, the more you find out. Do you see an id? mess around with it, can't find the private ip where the http client is running? send a nonexistent host to leak it an enum... |
| 2026-04-17 | XSS | Multiple Cross-Site Scripting (XSS) Vulnerabilities in Mailcow | Multiple Cross-Site Scripting (XSS) Vulnerabilities in Mailcow https://ift.tt/ufEgtyJ |
| 2026-04-17 | SSTI | Active Exploitation of Confluence CVE-2022-26134 (Rapid7) | Active Exploitation of Confluence CVE-2022-26134 (Rapid7) |
| 2026-04-17 | SSTI | Atlassian Confluence Widget Connector Macro SSTI (ExploitDB) | Atlassian Confluence Widget Connector Macro SSTI (ExploitDB) |
| 2026-04-17 | SSTI | SSTItoXSS: Exploiting SSTI to bypass WAF/XSS Filter | SSTItoXSS: Exploiting SSTI to bypass WAF/XSS Filter |
| 2026-04-17 | SSTI | SSTI (The Hacker Recipes) | SSTI (The Hacker Recipes) |
| 2026-04-17 | SSTI | Exploiting CVE-2021-25770: SSTI in YouTrack (Synacktiv) | Exploiting CVE-2021-25770: SSTI in YouTrack (Synacktiv) |
| 2026-04-17 | SSTI | SSTI in Freemarker (Akto) | SSTI in Freemarker (Akto) |
| 2026-04-17 | SSTI | Ruby ERB Template Injection (TrustedSec) | Ruby ERB Template Injection (TrustedSec) |
| 2026-04-17 | SSTI | PayloadsAllTheThings: SSTI Ruby payloads | PayloadsAllTheThings: SSTI Ruby payloads |
| 2026-04-17 | SSTI | Code Execution via SSTI Ruby ERB (Invicti) | Code Execution via SSTI Ruby ERB (Invicti) |
| 2026-04-17 | SSTI | ruby-ssti: example Ruby ERB app vulnerable to SSTI | ruby-ssti: example Ruby ERB app vulnerable to SSTI |
| 2026-04-17 | JWT | JWT Token Lifecycle: Expiration, Refresh, and Revocation | JWT Token Lifecycle: Expiration, Refresh, and Revocation |
| 2026-04-17 | JWT | python-jwt token forgery CVE-2022-39227 | python-jwt token forgery CVE-2022-39227 |
| 2026-04-17 | JWT | CVE-2024-53861: PyJWT Issuer Field Partial Match | CVE-2024-53861: PyJWT Issuer Field Partial Match |
| 2026-04-17 | JWT | Python-JOSE Security Risk: CVE-2024-33663 Explained | Python-JOSE Security Risk: CVE-2024-33663 Explained |
| 2026-04-17 | JWT | JWT Bomb in Python-JOSE CVE-2024-33664 | JWT Bomb in Python-JOSE CVE-2024-33664 |
| 2026-04-17 | JWT | JWT Pentest Book (six2dez) | JWT Pentest Book (six2dez) |
| 2026-04-17 | JWT | JWT Pentest Checklist (Cyber Frogy) | JWT Pentest Checklist (Cyber Frogy) |
| 2026-04-17 | JWT | JWT Pentest Checklist v1.0 (Chintan Gurjar) | JWT Pentest Checklist v1.0 (Chintan Gurjar) |
| 2026-04-17 | JWT | HackerOne #1210502: Jitsi Authentication Bypass (JWT) | HackerOne #1210502: Jitsi Authentication Bypass (JWT) |
| 2026-04-17 | JWT | HackerOne #2472798: Newspack Extended Access JWT bypass | HackerOne #2472798: Newspack Extended Access JWT bypass |
| 2026-04-17 | Recon | Bug Bounty Recon: Perform Faster Port Scan (Rootsploit) | Bug Bounty Recon: Perform Faster Port Scan (Rootsploit) |
| 2026-04-17 | Recon | Naabu Zero to Hero Guide (Cyber Aryan) | Naabu Zero to Hero Guide (Cyber Aryan) |
| 2026-04-17 | Recon | Mastering Network Scanning: Nmap and Masscan Guide | Mastering Network Scanning: Nmap and Masscan Guide |
| 2026-04-17 | Recon | Naabu Cheat Sheet: Commands & Examples (HighOn.Coffee) | Naabu Cheat Sheet: Commands & Examples (HighOn.Coffee) |
| 2026-04-17 | Recon | naabu: Fast Go port scanner (ProjectDiscovery) | naabu: Fast Go port scanner (ProjectDiscovery) |
| 2026-04-17 | Recon | Recon series #4: Port scanning methods (YesWeHack) | Recon series #4: Port scanning methods (YesWeHack) |
| 2026-04-17 | Recon | bountyRecon: Bash automation for bug bounty recon | bountyRecon: Bash automation for bug bounty recon |
| 2026-04-17 | Recon | JSFScan.sh: JavaScript recon automation (KathanP19) | JSFScan.sh: JavaScript recon automation (KathanP19) |
| 2026-04-17 | Recon | Reconky: Content discovery bash script | Reconky: Content discovery bash script |
| 2026-04-17 | Recon | Bug-Bounty-Automation: Bash recon (Retr0-45809) | Bug-Bounty-Automation: Bash recon (Retr0-45809) |
| 2026-04-17 | Recon | Recon-Script: automation with Nuclei (s1d6point7bugcrowd) | Recon-Script: automation with Nuclei (s1d6point7bugcrowd) |
| 2026-04-17 | Recon | Bug-Bounty-Recon-Automation shell script (Amangupta1234) | Bug-Bounty-Recon-Automation shell script (Amangupta1234) |
| 2026-04-17 | Deserialization | CVE-2023-34040: Spring-Kafka Java Deserialization | CVE-2023-34040: Spring-Kafka Java Deserialization |
| 2026-04-17 | Deserialization | Apache Struts vulnerability leads to RCE | Apache Struts vulnerability leads to RCE |
| 2026-04-17 | Deserialization | Jackson deserialization vulnerability exploit (3 gadgets, GitHub) | Jackson deserialization vulnerability exploit (3 gadgets, GitHub) |
| 2026-04-17 | Deserialization | Apache Struts2 Code Execution Exploit (Infopercept) | Apache Struts2 Code Execution Exploit (Infopercept) |
| 2026-04-17 | Deserialization | Spring-web Java Deserialization: CVE-2016-1000027 (Contrast) | Spring-web Java Deserialization: CVE-2016-1000027 (Contrast) |
| 2026-04-17 | Deserialization | Exploiting Apache Struts: Writing Better Detections (Gigamon) | Exploiting Apache Struts: Writing Better Detections (Gigamon) |
| 2026-04-17 | Deserialization | Friday the 13th JSON Attacks (Black Hat) | Friday the 13th JSON Attacks (Black Hat) |
| 2026-04-17 | Deserialization | PayloadsAllTheThings: Insecure Deserialization DotNET | PayloadsAllTheThings: Insecure Deserialization DotNET |
| 2026-04-17 | Deserialization | Basic .Net deserialization ObjectDataProvider gadget (HackTricks) | Basic .Net deserialization ObjectDataProvider gadget (HackTricks) |
| 2026-04-17 | Deserialization | Python-Pickle-RCE-Exploit + vulnerable Flask App (GitHub) | Python-Pickle-RCE-Exploit + vulnerable Flask App (GitHub) |
| 2026-04-17 | Deserialization | SOUR PICKLE: Insecure Deserialization with Python Pickle | SOUR PICKLE: Insecure Deserialization with Python Pickle |
| 2026-04-17 | Deserialization | PayloadsAllTheThings: Insecure Deserialization Python | PayloadsAllTheThings: Insecure Deserialization Python |
| 2026-04-17 | Deserialization | Pickle Code Execution Exploitation (Dhound) | Pickle Code Execution Exploitation (Dhound) |
| 2026-04-17 | Deserialization | Python-socketio: Pickle deserialization RCE advisory | Python-socketio: Pickle deserialization RCE advisory |
| 2026-04-17 | Deserialization | Exploiting deserialization in recent Java versions (OWASP Stuttgart) | Exploiting deserialization in recent Java versions (OWASP Stuttgart) |
| 2026-04-17 | Deserialization | Automated Discovery of Deserialization Gadget Chains (Black Hat) | Automated Discovery of Deserialization Gadget Chains (Black Hat) |
| 2026-04-17 | Deserialization | Prevent insecure deserialization attacks (Veracode) | Prevent insecure deserialization attacks (Veracode) |
| 2026-04-17 | Deserialization | Understanding Insecure Deserialization: Risks and Mitigations | Understanding Insecure Deserialization: Risks and Mitigations |
| 2026-04-17 | Deserialization | Bug Bounty Hunting: Insecure Deserialization | Bug Bounty Hunting: Insecure Deserialization |
| 2026-04-17 | Deserialization | Insecure Deserialization - Attack Technique (vuln.today) | Insecure Deserialization - Attack Technique (vuln.today) |
| 2026-04-17 | Supply Chain | Closing the Chain: How to reduce SolarWinds/Log4j/XZ risk (arXiv) | Closing the Chain: How to reduce SolarWinds/Log4j/XZ risk (arXiv) |
| 2026-04-17 | Supply Chain | SolarWinds Supply Chain Attack (Fortinet) | SolarWinds Supply Chain Attack (Fortinet) |
| 2026-04-17 | Supply Chain | ossf/malicious-packages: Reports of malicious open source packages | ossf/malicious-packages: Reports of malicious open source packages |
| 2026-04-17 | Supply Chain | 5 Examples of Dependency Confusion Attacks (Spectral) | 5 Examples of Dependency Confusion Attacks (Spectral) |
| 2026-04-17 | Supply Chain | What Is a Dependency Confusion Attack? (Aqua Security) | What Is a Dependency Confusion Attack? (Aqua Security) |
| 2026-04-17 | Supply Chain | Defender's Perspective: Dep Confusion and Typosquatting (SLSA) | Defender's Perspective: Dep Confusion and Typosquatting (SLSA) |
| 2026-04-17 | Supply Chain | SBOMs in 2026: Some Love, Some Hate, Much Ambivalence | SBOMs in 2026: Some Love, Some Hate, Much Ambivalence |
| 2026-04-17 | Supply Chain | Software Bill of Materials (SBOM) (CISA) | Software Bill of Materials (SBOM) (CISA) |
| 2026-04-17 | Supply Chain | About SLSA (spec v1.2) | About SLSA (spec v1.2) |
| 2026-04-17 | Supply Chain | What is a Software Bill of Materials (SBOM)? (Snyk) | What is a Software Bill of Materials (SBOM)? (Snyk) |
| 2026-04-17 | Supply Chain | SBOM Literature Review (arXiv) | SBOM Literature Review (arXiv) |
| 2026-04-17 | Supply Chain | SBOM + SLSA: Accelerating SBOM success with SLSA | SBOM + SLSA: Accelerating SBOM success with SLSA |
| 2026-04-17 | Supply Chain | SLSA - Comprehensive Approach to Supply Chain Security (SBOM Observer) | SLSA - Comprehensive Approach to Supply Chain Security (SBOM Observer) |
| 2026-04-17 | Supply Chain | Understanding SBOM: Transparency & Security in Supply Chains (Cycode) | Understanding SBOM: Transparency & Security in Supply Chains (Cycode) |
| 2026-04-17 | Supply Chain | What We Know About the NPM Supply Chain Attack (Trend Micro) | What We Know About the NPM Supply Chain Attack (Trend Micro) |
| 2026-04-17 | Supply Chain | New Supply Chain Malware Operation Hits npm and PyPI | New Supply Chain Malware Operation Hits npm and PyPI |
| 2026-04-17 | Supply Chain | npm Supply Chain Attack: Debug, Chalk + 16 Packages Compromise (Upwind) | npm Supply Chain Attack: Debug, Chalk + 16 Packages Compromise (Upwind) |
| 2026-04-17 | Supply Chain | Malicious PyPI, npm, Ruby Packages Exposed (The Hacker News) | Malicious PyPI, npm, Ruby Packages Exposed (The Hacker News) |
| 2026-04-17 | Supply Chain | A Closer Look at Software Supply Chain Attacks 2025 (Xygeni) | A Closer Look at Software Supply Chain Attacks 2025 (Xygeni) |
| 2026-04-17 | IDOR | From Reset to Takeover: IDOR in Password Recovery Systems | From Reset to Takeover: IDOR in Password Recovery Systems |