New video! XSS like you’ve never seen before youtube.com/watch?v=RLyhPG… Huge thanks to Matan Berson

CVE-2025-30466: Safari <18.4 UXSS to bypass Same-Origin Policy with CVSS of Critical 9.8 🔴 ;) support.apple.com/en-us/122379#:…

IP whitelisting is fundamentally broken. At Assetnote, we've successfully bypassed network controls by routing traffic through a specific location (cloud provider, geo-location). Today, we're releasing Newtowner, to help test for this issue: github.com/assetnote/newt…

I won the Most Valuable Hacker award for the Salesforce H1-6102 live hacking event in Sydney (my hometown)! I enjoyed working with some very talented hackers, including RyotaK, Geluchat, and Kévin GERVOT (Mizu). This is my third MVH award, and I'm grateful to be able to compete.

I'm thrilled to announce "HTTP/1 Must Die! The Desync Endgame" is coming to #DEFCON33! This talk will feature multiple new classes of desync attack, mass exploitation spanning multiple CDNs, and over $200k in bug bounties. See you there!

SQL Injection despite using prepared statements? 🧐 Turns out that SQL syntax can be ambiguous! Learn how this has led to vulnerabilities in several popular PostgreSQL client libraries: sonarsource.com/blog/double-da… #appsec #security #vulnerability

2 AM in a Tokyo hotel room: Assetnote x Depi find a Dependency Confusion vuln that lands RCE on Netflix ! 🚀 Shout-out to shubs for the "keep digging" spark & Netflix security for stellar triage. Full write-up in thread 🧵

> Fixed escaping < and > when serializing HTML attribute values. (295149@main) (150520333) 🥺🥺🥺

🚨 Heads up for web devs! 🚨 The HTML spec just got an important update to protect against mutation XSS (mXSS). Find out how escaping < and > in attributes is making the web a safer place. bughunters.google.com/blog/503874286…

Congrats to these award winners for their innovation, collaboration, and relentless pursuit of impact. 🔥 Most Valuable Hacker | Top Criticality, Community, & Consistency of the event >>WINNER: shubs 🕷️ Exterminator | Best/most Impactful bug of the event >>WINNERS:

👀

Hacking Windsurf: I asked the AI for the shell, it said yes. new video’s out. I show how I could’ve hacked you… just by getting you to click my link. Link posted below.

My new research Escalation of Self-XSS to XSS using modern browser capabilities. blog.slonser.info/posts/make-sel…

Place LeHack à vendre si quelqu'un en cherche 👀 (pour le prix on s'arrange)

"Funky chunks: abusing ambiguous chunk line terminators for request smuggling" - quality research by Jeppe Weikop! Also thankfully it doesn't overlap with my upcoming presentation 😅 w4ke.info/2025/06/18/fun…

If you love client-side challenges, I highly recommend checking this one out! I'm sure you'll learn something new, amazing challenge by ToG 🔥

How do we turn bad SSRF (blind) into good SSRF (full response)? The Assetnote Security Research team at Searchlight Cyber used a novel technique involving HTTP redirect loops and incremental status codes that leaked the full HTTP resp. It may work elsewhere! slcyber.io/assetnote-secu…

lightyear just got 6 times faster! Although I now work at Synacktiv, I proposed a PR for the tool to support threading and compression, greatly reducing the time required to dump a file. Dumping the demo /etc/passwd now takes 48s instead of 5m30. github.com/ambionics/ligh…

This weekend, for the Midnight Flag CTF final, I created a web challenge called JavaNote, which asked players to modify the ysoserial tool to do something other than execute a command, you can read the write-up here: worty.fr/post/writeups/… Congratulations again to all the players!

Profundis.io is live! Quickly uncover DNS records, subdomains, hosts, and their historical data directly via your browser. No noise, just the data you need for asset discovery and security research. Explore now: profundis.io