A very Interesting list of exploitable "features" in PDFs.
https://web-in-security.blogspot.com/2021...
Read More
Breakdown of a malicious app that man-in-the-middled the Google Signin.
https://blog.usejournal.com/...
Read More
Hey, welcome back from holidays. Quite a week it has been.
Portswigger has a really goo...
Read More
So, hey, yeah, how are all of you. Clearly SolarWinds has completely overwhelmed the news this...
Read More
There is a potential new addition to DNS security, which is sorely needed.
https://blog.cloudflare.c...
Read More
Once a week or so, someone calls and asks for OWASP Top 10 testing. I have to make the call on...
Read More
An astonishingly well-written article by Google Project Zero on a vulnerability in iPhone's proximit...
Read More
Back in 2018, I wrote about Insecure Binary Deserialization, and I'd like to give an update. Origina...
Read More
Three tools this week. Pretty cool.
Check your S3 Buckets permission:
https://github.co...
Read More
Troy Hunt has another one of his awesome data breach breakdowns. Lots to be learned here.
Troy...
Read More
Portswigger has a really nice new release - update now! Community and pro.
https://portswigger.net/b...
Read More
Compass Security built a really nice Burp plugin that helps with the reporting of findings by copyin...
Read More