appsec.fyi · Sources

techgig.com

5 curated AppSec resources from techgig.com across 3 topics on appsec.fyi.

techgig.com

Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-07-17.

Date Added Resource Excerpt
2026-07-17 2026Intruder's AI pipeline automates zero-day vulnerability discoverySQLiLibrary employing LLMs and Joern for automated zero-day vulnerability discovery and exploitation, including program slicing to address the 'focus problem' in large codebases. This pipeline recently identified CVE-2026-3985, a SQL injection in the WordPress Creative Mail plugin, demonstrating fully automated exploitation without human input, signaling a need for security teams to adapt to AI-driven threats.
2026-06-19 2026Microsoft AntiSSRF Library Blocks Server-Side Request ForgerySSRFLibrary that validates URLs and network connections for .NET and Node.js applications, mitigating server-side request forgery (SSRF) risks. AntiSSRF acts as a drop-in component, checking untrusted input against policies that can define allowed/denied addresses, block plain-text HTTP, and enforce header requirements, preventing data leakage, service disruption, and remote code execution.
2026-06-15 2026Spring Boot 4.1 Adds gRPC Auto-Configuration SSRF MitigationSSRFLibrary update Spring Boot 4.1 introduces gRPC auto-configuration for both server and client, alongside HTTP-client SSRF mitigation via an `InetAddressFilter` for enhanced security. It also upgrades Kotlin to 2.3, adds lazy datasource connections for faster startup, and improves OpenTelemetry support. Dependency updates include Micrometer 1.17, Reactor 2025.0.6, and gRPC Java 1.80.0.
2026-06-10 2026OpenSSL patches critical vulnerability enabling remote code executionRCELibrary patches address 18 vulnerabilities, including critical CVE-2026-45447, a heap user-after-free bug in PKCS#7 verification that can lead to remote code execution. Moderate flaws allow decryption and forgery, with one bypassing authentication via fake certificates. Low-severity issues also resolved, impacting DoS and private key security.
2026-05-25 2026Ghost CMS Users Under Attack: Why Developers Must Act FastSQLiWriteup on CVE-2026-26980, an actively exploited SQL injection vulnerability in Ghost CMS, impacting over 700 domains. Attackers leverage this flaw, combined with ClickFix social engineering tactics, to steal admin API keys and inject JavaScript. Mitigation involves upgrading to Ghost 6.19.1, rotating keys, auditing admin access, monitoring server logs, and training teams against suspicious prompts.