On the pod, I asked Brandon Dixon (RiskIQ/Microsoft) about AI security things rising above the hype. J. A. Guerrero-Saade

We've managed to make it through hacker summer camp, and #Microsoft and #Adobe survived enough to deliver their latest security patches. Join The Dustin Childs as he breaks down another large Patch Tuesday release. zerodayinitiative.com/blog/2025/8/12…

😇

How to manually check for CL.TE Request Smuggling Vulnerabilities: 1️⃣ See if a GET request accepts POST 2️⃣ See if it accepts HTTP/1 3️⃣ Disable "Update Content-Length" 4️⃣ Send with CL & TE headers: POST / HTTP/1.1 Host: <HOST-URL> Content-Length: 6 Transfer-Encoding: chunked 0

New episode is out! - youtu.be/rr5VvMx4dT0 In this episode Justin sits down with Ryan Barnett (B0N3) for a deep dive on WAFs. We also recap his Exploiting Unicode Normalization talk from DEFCON, and get his perspective on bug hunting from his time at Akamai.

This blog post by Parsia Hakimian explains How Burp AI Works at the moment (from user's perspective)! If you are interested in this topic, definitely give this a read. We should have room to anonymize data etc. as well but it might just be easier for the time being to do the AI

If I hire all great bug bounty folks to work using 1 account, my score would have been more than double! If I then convince Nagli to use automation on all h1 programs while working for me then my score would be through the roof! Yeah, take that AI, only if I had that much

FortMajeure: Authentication Bypass in FortiWeb (CVE-2025-52970) pwner.gg/blog/2025-08-1…

Mass exploitation of CVE-2025-25257 from 196.75.238.72 🇲🇦 (FortiWeb critical pre-auth SQL injection) VT Detections: 0/94 Payload: GET /api/fabric/device/status HTTP/1.1 Host: xxxxxx User-Agent: python-requests/2.32.4 Accept-Encoding: gzip, deflate, br, zstd Accept: */*

🍿🌶️

I discovered how to use CSS to steal attribute data without selectors and stylesheet imports! This means you can now exploit CSS injection via style attributes! Learn how below: portswigger.net/research/inlin…

Git vulnerability leading to RCE is being exploited by attackers (CVE-2025-48384) helpnetsecurity.com/2025/08/26/git…