However, the requirement for this vulnerability to be exploitable is unlikely, which fairly reduces its impact. If your Next.js application fetches a third-party website server-side, I recommend upgrading to the latest version! github.com/vercel/next.js…

New blog out! Think XSS is a thing of the past with today's Web frameworks? Think again! Our new article by canalun breaks down why this vulnerability persists and offers insights on how to stay secure. Read it here! flatt.tech/research/posts…

Why XSS Persists in This Frameworks Era? an interesting analysis by canalun flatt.tech/research/posts…

I reported an arbitrary code execution in Unity Runtime, which affects all versions starting from Unity 2017.1. As the vulnerability can be exploited without specific usage, I strongly encourage developers to patch. Technical details below: flatt.tech/research/posts…

Our researcher RyotaK RyotaK found an Arbitrary Code Execution vulnerability in the Unity Runtime (CVE-2025-59489). We urge all Unity developers to download updated versions, recompile their projects, and republish immediately. flatt.tech/research/posts…

Our Co-CTO 父 and our pentesting AI agent, Takumi, have discovered arbitrary code execution vulnerabilities in 7-Zip. CVE-2025-11001: zerodayinitiative.com/advisories/ZDI… CVE-2025-11002: zerodayinitiative.com/advisories/ZDI… Please refer to the advisories and take appropriate measures.