Introduction In this post, we’ll show precisely how to chain round-trip attacks and namespace confusion to achieve unauthenticated admin access on GitLab Enterprise by exploiting the ruby-saml libr...

The Definitive Guide on How to Use LLMs to Write Better Code, Beyond the Hook: A Deep Dive into the Latest Phishing Tricks, Exploiting Hidden Parameters in YouTube

We’re diving into Single Page Applications (SPAs) and how to attack them. We also cover a host of news items, including some bug write-ups, AI updates, and a new tool called Hackadvisor.

Mastering Personal Productivity, Portswigger Top 10 Web Security Research, Cursor’s AI Infrastructure, and Finding Joy in Work.

We’re breaking down some of the best takeaways from PortSwiggers Top 10 of 2024. There’s some bangers in here!

Discover critical AI app vulnerabilities & how to prevent them. Plus, a deep dive into an RCE flaw affecting millions, a malicious VS Code theme, and Karpathy’s insights on maximizing LLM perfo...

We’ve got Monke breaking down some of his cool bug chains, some fresh WebSockets research ideas, a bunch of AI news, prompt injection research and some newsletters. Check it out below.

TL;DR ¶ Some of the wisdom contained in Josh Bloch’s Effective Java book is relevant to Go. panic and recover are best reserved for exceptional circumstances. Reliance on panic and recover can noti...

AI Engineer Summit talks, Stop Using Cursor AI Like a Search Engine, 3 SSRFs in Azure DevOps, Obsidian is Free for Work, Triage System for Time Management

In this episode Justin interviews Kévin Mizu to showcase his knowledge regarding DOMPurify and its misconfigurations. We walk through some of Kevin’s research, highlighting things like Dangerous a...