Edge Security may have an exciting opportunity to work in our Barcelona #VulnerabilityResearch team. DM for details.

"This blog post aims to provide a detailed blueprint for how Google has created and deployed a high-assurance web framework that almost completely eliminates exploitable web vulnerabilities." bughunters.google.com/blog/664431627…

Safari Tech Preview 215: Added support for Trusted Types 🎉 webkit.org/blog/16523/rel…

واخيرا تم الانتهاء من تطوير لعبة ثعلوب للاطفال .. كانت رحلة مليئة بالتحدي والتعليم , والان اكتملت الرحلة وهذه هي اللعبة بين ايديكم على متاجر اجهزة الجوال . اللعبة مجانية بالكامل ولا تحتوي على اي اعلان , فهي امنة جدا للاطفال . اتمنى دعمكم بالنشر , هذا الشي يجعلني استطيع ان

Blind CSS exfiltration attacks recently got a lot easier! Full details in this thread:

XBOW automatically runs expert-level attacks across all webapps, giving security teams unprecedented scale. @XBOW reported 1092 vulnerabilities on HackerOne in just a few months, including RCE, XXE, SQLi, SSRF, exposed secrets, and XSS.

حياكم الله في فعالية اكسبو للالعاب الالكترونية في الافنيوز .. من تاريخ 2025-8-1 لغاية 2025-8-3 شاركت بلعبة ثعلوب للاطفال . ( ستكون في الفتره الصباحيه من 10ص لغاية 12م ) يوم السبت والاحد وايضا شاركت بلعبة المفتاح المفقود . ( في الفتره المسائية من الساعه 8م ) طوال ايام الفعاليه.

The whitepaper is live! Learn how to win the HTTP desync endgame... and why HTTP/1.1 needs to die: http1mustdie.com

Securing Gumroad with Hacktron AI Three months ago, Hacktron was still early. Hacktron AI and Harsh Jaiswal were finding 0-days targeting specific vulnerabilities on OSS software. Then we ran a full pentest-style scan on a big open-source project. The results were insane. 🧵

🎉 New Course Alert + Giveaway! 🎉 I'm excited to announce a brand-new course on Rana Khalil's Academy - OAuth 2.0 Vulnerabilities. This course includes: 📚 A technical deep dive into OAuth 2.0 and OpenID Connect: what they are, how they work, the common pitfalls in

Arguably the most brilliant engineer in FFmpeg left because of this. He reverse engineered dozens of codecs by hand as a volunteer. Then security "researchers" and corporate employees came along repeatedly insisted "critical" security issues were fixed immediately waving their

Your AI browser is here, whether you use a Mac or PC. Live now: microsoft.com/edge/copilot-m…

China’s Vulnerability Research: What’s Different Now? nattothoughts.substack.com/p/chinas-vulne…

LLMs are injective and invertible. In our new paper, we show that different prompts always map to different embeddings, and this property can be used to recover input tokens from individual embeddings in latent space. (1/6)

The sandbox escape vulnerability described by Kaspersky here is quite interesting. Especially in that the technical root cause of the issue bit both Chromium and FireFox developers. Other Windows apps along with OS components might well have similar vulnerabilities.

Meta is replacing WhatsApp's full-fledged native Windows 11 app with a Chromium-based web wrapper that loads WhatsApp web in a container. This is likely due to recent layoffs. Meta won't directly admit that it's killing off the original WhatsApp app for Windows 11, but a new

I bypassed user approvals and achieved RCE in VS Code Copilot by flipping 4 bits. Find out how: jro.sg/CVEs/copilot/ Thanks to Microsoft Security Response Center for rapidly triaging and patching this vulnerability.

Buckle up folks, evidence of the acceleration of capabilities of hackers with agents is becoming a weekly event.

Multiple, serious security vulnerabilities found in the Rust clone of Sudo — which shipped with Ubuntu 25.10 (the most recent release). Not little vulnerabilities: We’re talking about the disclosure of passwords and total bypassing of authentication. In fact, we’re getting new