This week we added 883 new resources across 25 topics on appsec.fyi.

Trending this week: IDOR, SSRF, Burp Suite, AI, Fuzzing

---

Term of the week: Command Injection

When user input gets concatenated into a shell command. The semicolon, pipe, and backtick are your friends: ; cat /etc/passwd. Usually found in features that interact with the OS — ping utilities, file processors, PDF generators. The fix is to avoid shell execution entirely and use language-level APIs instead.

Browse the full glossary

---

SSRF (+106)

• Flowise is affected by a Server-Side Request Forgery (SSRF) vulnerability (CVE-2026-31829) in its HTTP Node potentially allowing internal network access. Investigate network segmentation and outbound request filtering. #Flowise #SSRF #infosec pulsepatch.io/posts/cve-2026 Flowise is affected by a Server-Side Request Forgery (SSRF) vulnerability (CVE-2026-31829) in its HTTP Node, potentially allowing internal network access. Investigate network segmentation and outbou...

• Gus March-Phillipps led the SSRF into the darkness with nerves of steel. Gone but not forgotten RiP Warriors. Come follow in their footsteps. soeexpeditions.com soeexpeditions.com/ssrf-jersey-1 #ssrf #anderslassen #commando #ww2 pic.x.com/79jvm5XRbx Gus March-Phillipps led the SSRF into the darkness with nerves of steel. Gone but not forgotten RiP Warriors. Come follow in their footsteps. soeexpeditions.com soeexpeditions.com/ssrf-jersey-1 #ssrf ...

• A NO_PROXY hostname normalization bypass (CVE-2025-62718) in Axios could lead to SSRF. Implement strict input validation and monitor for patches. #Axios #SSRF #infosec pulsepatch.io/posts/cve-2025 A NO_PROXY hostname normalization bypass (CVE-2025-62718) in Axios could lead to SSRF. Implement strict input validation and monitor for patches. #Axios #SSRF #infosec pulsepatch.io/posts/cve-2025… ...

• Anders Lassen: Legend of the SSRF. Every mission was a dance with destiny in the Channel Islands. Gone but not forgotten RiP Warriors. Walk in their footsteps: soeexpeditions.com/ssrf-jersey-1 soeexpeditions.com #ssrf #anderslassen #commando #ww2 pic.x.com/580HdJZaJt Anders Lassen: Legend of the SSRF. Every mission was a dance with destiny in the Channel Islands. Gone but not forgotten RiP Warriors. Walk in their footsteps: soeexpeditions.com/ssrf-jersey-1 soeexpe...

• HackerOne: SSRF in Exchange Leads to ROOT (Shopify) HackerOne: SSRF in Exchange Leads to ROOT (Shopify)

• DEF CON 27: Owning the Clout Through SSRF and PDF Generators DEF CON 27: Owning the Clout Through SSRF and PDF Generators

• PentesterLab: SSRF in PDF Generation PentesterLab: SSRF in PDF Generation

• The Ultimate Sink for SSRFs: HTML To PDF Converters The Ultimate Sink for SSRFs: HTML To PDF Converters

• SSRF to LFI Payload for PDF Generators (CVE-2024-34112) SSRF to LFI Payload for PDF Generators (CVE-2024-34112)

• Exploiting PDF Generators: Complete Guide to SSRF Exploiting PDF Generators: Complete Guide to SSRF

• Mastering SSRF: Ultra-Extensive Guide Mastering SSRF: Ultra-Extensive Guide

• Metabadger: Prevent SSRF via Automated IMDSv2 Upgrades Metabadger: Prevent SSRF via Automated IMDSv2 Upgrades

• How to Use IMDSv2 for Secure Instance Metadata Access How to Use IMDSv2 for Secure Instance Metadata Access

• SSRF Cheat Sheet 2025: Exploits, Defenses & Case Studies SSRF Cheat Sheet 2025: Exploits, Defenses & Case Studies

• AWS Defense in Depth Against SSRF with EC2 IMDS AWS Defense in Depth Against SSRF with EC2 IMDS

• CVE-2025-51591: SSRF Exploit Targets AWS Instance Metadata Service CVE-2025-51591: SSRF Exploit Targets AWS Instance Metadata Service

• Cloud Penetration Testing: AWS, Azure & GCP Guide (2026) Cloud Penetration Testing: AWS, Azure & GCP Guide (2026)

• GCP SSRF on Action Hub Extension - Tenable GCP SSRF on Action Hub Extension - Tenable

• SSRF Exposes Data of Technology, Industrial and Media Organizations SSRF Exposes Data of Technology, Industrial and Media Organizations

• SSRF in the Kubernetes World - Kubernetes Goat SSRF in the Kubernetes World - Kubernetes Goat

• Exploiting SSRF in Cloud-Only Environments: A Deep Dive Exploiting SSRF in Cloud-Only Environments: A Deep Dive

• Private IP Addresses Deep Dive: Security Risks, SSRF, and Exploitation Private IP Addresses Deep Dive: Security Risks, SSRF, and Exploitation

• FastGPT Critical SSRF via Unauthenticated HTTP Proxy Endpoint FastGPT Critical SSRF via Unauthenticated HTTP Proxy Endpoint

• CVE-2026-35572: SSRF in ChurchCRM CVE-2026-35572: SSRF in ChurchCRM

• CVE-2026-34936: SSRF in PraisonAI CVE-2026-34936: SSRF in PraisonAI

• CVE-2026-39368: SSRF in WWBN AVideo CVE-2026-39368: SSRF in WWBN AVideo

• CVE-2026-33182: SSRF in Saloon PHP Library CVE-2026-33182: SSRF in Saloon PHP Library

• CVE-2026-30832: Critical SSRF in Soft Serve CVE-2026-30832: Critical SSRF in Soft Serve

• Blind SSRF with Burp Collaborator Blind SSRF with Burp Collaborator

• Blind SSRF with Shellshock Exploitation Blind SSRF with Shellshock Exploitation

• Mastering Blind SSRF Detection With Burp Suite Mastering Blind SSRF Detection With Burp Suite

• Testing for Blind SSRF with Burp Suite Testing for Blind SSRF with Burp Suite

• Blind SSRF Lab: Out-of-Band Detection Blind SSRF Lab: Out-of-Band Detection

• Blind SSRF Vulnerabilities - PortSwigger Blind SSRF Vulnerabilities - PortSwigger

• Uncovering Blind SSRF Using Burp Collaborator Uncovering Blind SSRF Using Burp Collaborator

• How SSRF Leads to RCE in a .NET Application How SSRF Leads to RCE in a .NET Application

• From SSRF to RCE: A 7-Step Chain Against PostHog From SSRF to RCE: A 7-Step Chain Against PostHog

• MCPwnfluence: SSRF to RCE in Atlassian MCP Server (Pluto Security) MCPwnfluence: SSRF to RCE in Atlassian MCP Server (Pluto Security)

• Blind SSRF to RCE Vulnerability Exploitation Blind SSRF to RCE Vulnerability Exploitation

• SSRF: From Ping to RCE SSRF: From Ping to RCE

• MCPwnfluence: Critical SSRF to RCE in mcp-atlassian (Pluto Security) MCPwnfluence: Critical SSRF to RCE in mcp-atlassian (Pluto Security)

• MindsDB: Bypass SSRF Protection with DNS Rebinding MindsDB: Bypass SSRF Protection with DNS Rebinding

• CVE-2026-27127: Weaponizing DNS Rebinding to Bypass SSRF Filters in Craft CMS CVE-2026-27127: Weaponizing DNS Rebinding to Bypass SSRF Filters in Craft CMS

• Bypassing SSRF Protection in nossrf: When Safeguards Become Loopholes Bypassing SSRF Protection in nossrf: When Safeguards Become Loopholes

• Using DNS To Bypass SSRF Protections Using DNS To Bypass SSRF Protections

• CVE-2026-27127: Craft CMS Cloud Metadata SSRF via DNS Rebinding CVE-2026-27127: Craft CMS Cloud Metadata SSRF via DNS Rebinding

• HackerOne: SSRF Mitigation Bypass Using DNS Rebind Attack HackerOne: SSRF Mitigation Bypass Using DNS Rebind Attack

• SSRF with DNS Rebinding - Clear Gate SSRF with DNS Rebinding - Clear Gate

• Bypass SSRF with DNS Rebinding Bypass SSRF with DNS Rebinding

• Meta Bug Bounty: SSRF Payout Guidelines Meta Bug Bounty: SSRF Payout Guidelines

• HackerOne: SSRF in Search.gov via URL Parameter HackerOne: SSRF in Search.gov via URL Parameter

• SSRF Worth $4,913: My Highest Bounty Ever SSRF Worth $4,913: My Highest Bounty Ever

• Bug Bounty Write-up: From SSRF to $4000 Bug Bounty Write-up: From SSRF to $4000

• HackerOne: SSRF via Analytics Reports HackerOne: SSRF via Analytics Reports

• Exploit SSRF to Gain AWS Credentials Exploit SSRF to Gain AWS Credentials

• SSRF Exploitation: How Attackers Bypass Filters & Access Cloud Metadata SSRF Exploitation: How Attackers Bypass Filters & Access Cloud Metadata

• Hackers Exploit SSRF in EC2 to Steal AWS Credentials Hackers Exploit SSRF in EC2 to Steal AWS Credentials

• SSRF Explained: Attack Techniques and Real-World Exploits SSRF Explained: Attack Techniques and Real-World Exploits

• Campaign Targets Amazon EC2 Instance Metadata via SSRF Campaign Targets Amazon EC2 Instance Metadata via SSRF

• Steal EC2 Metadata Credentials via SSRF Steal EC2 Metadata Credentials via SSRF

• SSRF in Cloud Environments: Exploiting AWS Metadata Services SSRF in Cloud Environments: Exploiting AWS Metadata Services

• SSRF to AWS Metadata Exposure: How Attackers Steal Cloud Credentials SSRF to AWS Metadata Exposure: How Attackers Steal Cloud Credentials

• CVE-2026-34981: SSRF in whisperX-FastAPI CVE-2026-34981: SSRF in whisperX-FastAPI

• Grafana CVE-2025-4123: Full Read SSRF & Account Takeover Grafana CVE-2025-4123: Full Read SSRF & Account Takeover

• Securing Agentic AI & MCP from SSRF and Injection Securing Agentic AI & MCP from SSRF and Injection

• Blind SSRF into Internal Port Scanning Blind SSRF into Internal Port Scanning

• From SSRF to Port Scanner From SSRF to Port Scanner

• High-Severity Spring Cloud Config Flaw Triggers File Leaks and SSRF High-Severity Spring Cloud Config Flaw Triggers File Leaks and SSRF

• Spring Cloud Config SSRF via Profile Substitution (CVE-2026-22739) Spring Cloud Config SSRF via Profile Substitution (CVE-2026-22739)

• CVE-2026-27825 Explained: Unauthenticated RCE in Atlassian MCP Servers CVE-2026-27825 Explained: Unauthenticated RCE in Atlassian MCP Servers

• MCP Security 2026: 30 CVEs in 60 Days MCP Security 2026: 30 CVEs in 60 Days

• Exploitation of an SSRF Vulnerability Against EC2 IMDSv2 Exploitation of an SSRF Vulnerability Against EC2 IMDSv2

• How SSRF Exploits IMDSv2 Limitations in AWS How SSRF Exploits IMDSv2 Limitations in AWS

• FastMCP SSRF & Path Traversal via OpenAPI Provider (CVE-2026-32871) FastMCP SSRF & Path Traversal via OpenAPI Provider (CVE-2026-32871)

• Docker Model Runner SSRF in OCI Registry (CVE-2026-33990) Docker Model Runner SSRF in OCI Registry (CVE-2026-33990)

• AVideo SSRF Protection Bypass via Extension Allowlist (CVE-2026-39370) AVideo SSRF Protection Bypass via Extension Allowlist (CVE-2026-39370)

• AVideo Stored SSRF via Live Restream Log Callback (CVE-2026-39368) AVideo Stored SSRF via Live Restream Log Callback (CVE-2026-39368)

• mcp-from-openapi SSRF via $ref Dereferencing (CVE-2026-39885) mcp-from-openapi SSRF via $ref Dereferencing (CVE-2026-39885)

• Directus SSRF Bypass via IPv4-Mapped IPv6 Addresses (CVE-2026-35409) Directus SSRF Bypass via IPv4-Mapped IPv6 Addresses (CVE-2026-35409)

• Payload CMS Authenticated SSRF via Upload (CVE-2026-34746) Payload CMS Authenticated SSRF via Upload (CVE-2026-34746)

• Server-Side Request Forgery (SSRF) Complete Guide (2026) Server-Side Request Forgery (SSRF) Complete Guide (2026)

• Auditing and Mitigating Axios SSRF in Kubernetes (CVE-2025-27152) Auditing and Mitigating Axios SSRF in Kubernetes (CVE-2025-27152)

• Advanced Techniques for Exploiting SSRF Vulnerabilities Advanced Techniques for Exploiting SSRF Vulnerabilities

• WordPress Webmention Plugin SSRF (CVE-2026-0688) WordPress Webmention Plugin SSRF (CVE-2026-0688)

• Understanding SSRF: How Hackers Turn Your Server Into a Secret Proxy Understanding SSRF: How Hackers Turn Your Server Into a Secret Proxy

• GitLab CVE-2025-6454: SSRF via Webhook Custom Headers GitLab CVE-2025-6454: SSRF via Webhook Custom Headers

• vLLM SSRF Vulnerability (CVE-2026-34753) vLLM SSRF Vulnerability (CVE-2026-34753)

• curl_cffi SSRF via Unrestricted Redirects (CVE-2026-33752) curl_cffi SSRF via Unrestricted Redirects (CVE-2026-33752)

• Ech0: Unauthenticated SSRF to Cloud Metadata (CVE-2026-35037) Ech0: Unauthenticated SSRF to Cloud Metadata (CVE-2026-35037)

• Craft CMS Cloud Metadata SSRF Bypass via IPv6 (CVE-2026-27129) Craft CMS Cloud Metadata SSRF Bypass via IPv6 (CVE-2026-27129)

• New SSRF Exploitation Surge Echoes 2019 Capital One Breach New SSRF Exploitation Surge Echoes 2019 Capital One Breach

• Dgraph Critical SSRF and Auth Bypass (CVE-2026-34976) Dgraph Critical SSRF and Auth Bypass (CVE-2026-34976)

• Neo Found an SSRF Vulnerability in Faraday (CVE-2026-25765) Neo Found an SSRF Vulnerability in Faraday (CVE-2026-25765)

• SSRF: Advanced Exploitation Guide SSRF: Advanced Exploitation Guide

• CVE-2026-3125: OpenNext Cloudflare SSRF via Path Normalization Bypass CVE-2026-3125: OpenNext Cloudflare SSRF via Path Normalization Bypass

• SSRF in axios (CVE-2025-27152) SSRF in axios (CVE-2025-27152)

• SSRF in Next.js (CVE-2025-57822) SSRF in Next.js (CVE-2025-57822)

• Azure OpenAI CVE-2025-53767 SSRF Privilege Escalation Azure OpenAI CVE-2025-53767 SSRF Privilege Escalation

• SSRF via Server-Side Rendering in Angular (CVE-2026-27739) SSRF via Server-Side Rendering in Angular (CVE-2026-27739)

• Plunk Critical SSRF in SNS Webhook Handler (CVE-2026-32096) Plunk Critical SSRF in SNS Webhook Handler (CVE-2026-32096)

• CVE-2025-12073: Critical SSRF in GitLab Git Repository Import CVE-2025-12073: Critical SSRF in GitLab Git Repository Import

• Microsoft Purview SSRF Privilege Elevation (CVE-2026-26138) Microsoft Purview SSRF Privilege Elevation (CVE-2026-26138)

• April 9 1945: Major Anders Lassen VC MC is killed in action. He served in No. 62 Commando (attached to SOE) and the SBS (attached to SAS). #AndersLassen #SSRF #62Commando #SOE #SBS #SAS #WW2 amazon.com/Anders-Lassen-cpic.x.com/TUVknl7cSZco/TUVknl7cSZ 🅾🅽  🆃🅷🅸🆂  🅳🅰🆈 April 9, 1945: Major Anders Lassen, VC, MC is killed in action. He served in No. 62 Commando (attached to SOE) and the SBS (attached to SAS). #AndersLassen #SSRF #62Commando #SOE #SBS #S...

• Under cover of darkness the SSRF struck. Anders Lassen & Gus March-Phillipps raided the occupied Channel Islands. Come and learn their story. soeexpeditions.com/ssrf-jersey-1 #ssrf #commando #ww2 pic.x.com/qW5DB4vt0y Under cover of darkness, the SSRF struck. Anders Lassen & Gus March-Phillipps raided the occupied Channel Islands. Come and learn their story. soeexpeditions.com/ssrf-jersey-1 #ssrf #commando #ww2 pic...

• The 'Small Scale Raiding Force' (aka No. 62 Commando) was a British Commando unit under the command of the SOEx.com/SOE_Expeditionttps://t.co/X4i8t1Wwv2 #SSRF #62Commando #SOE #WW2 🆂🅼🅰🅻🅻  🆂🅲🅰🅻🅴  🆁🅰🅸🅳🅸🅽🅶  🅵🅾🆁🅲🅴 The 'Small Scale Raiding Force' (aka No. 62 Commando) was a British Commando unit under the command of the SOEx.com/SOE_Expedition…ttps://t.co/X4i8t1Wwv2 #SSRF #62Commando...

• The spirit of the SSRF lives on. In August 2026 we return to the Channel Islands. Fast RIBs rugged cliffs and untold history. Follow in the footsteps of 62 Commando. soeexpeditions.com/ssrf-jersey-1W #ssrf #anderslassen #commando #ww2pic.x.com/mstlaXT6mTT The spirit of the SSRF lives on. In August 2026, we return to the Channel Islands. Fast RIBs, rugged cliffs, and untold history. Follow in the footsteps of 62 Commando. 🏴‍☠️ soeexpeditions.com/ssrf-je...

RCE (+84)

• U-Office Force Critical RCE via Insecure Deserialization (CVE-2026-3422) U-Office Force Critical RCE via Insecure Deserialization (CVE-2026-3422)

• IBM Langflow Desktop RCE via Insecure Deserialization IBM Langflow Desktop RCE via Insecure Deserialization

• CVE-2026-21858: Ni8mare Enables Unauthenticated RCE in n8n Webhooks CVE-2026-21858: Ni8mare Enables Unauthenticated RCE in n8n Webhooks

• Potentially Critical RCE in OpenSSL (CVE-2025-15467) Potentially Critical RCE in OpenSSL (CVE-2025-15467)

• Wazuh RCE via Deserialization of Untrusted Data (CVE-2026-25769) Wazuh RCE via Deserialization of Untrusted Data (CVE-2026-25769)

• CVE-2025-55182: React and Next.js Deserialization RCE Deep Dive CVE-2025-55182: React and Next.js Deserialization RCE Deep Dive

• Active Exploitation of 7-Zip RCE Vulnerability Active Exploitation of 7-Zip RCE Vulnerability

• Update on React Server Components RCE (CVE-2025-55182 / CVE-2025-66478) Update on React Server Components RCE (CVE-2025-55182 / CVE-2025-66478)

• CVE-2025-34291 Exploited in the Wild: LangFlow AI Under Fire CVE-2025-34291 Exploited in the Wild: LangFlow AI Under Fire

• New runC Vulnerabilities Expose Docker and Kubernetes to Container Escape New runC Vulnerabilities Expose Docker and Kubernetes to Container Escape

• CVE-2025-39601: WordPress Custom CSS, JS and PHP Plugin CSRF to RCE CVE-2025-39601: WordPress Custom CSS, JS and PHP Plugin CSRF to RCE

• CVE-2025-7384: Critical WordPress Plugin Unauthenticated RCE CVE-2025-7384: Critical WordPress Plugin Unauthenticated RCE

• Sneeit WordPress RCE Exploited in the Wild Sneeit WordPress RCE Exploited in the Wild

• Critical Pre-Auth RCE in ChurchCRM Setup Wizard Critical Pre-Auth RCE in ChurchCRM Setup Wizard

• Critical Unauthenticated RCE in n8n (CVE-2026-21858, CVSS 10.0) Critical Unauthenticated RCE in n8n (CVE-2026-21858, CVSS 10.0)

• TryHackMe Spring AI: CVE-2026-22738 RCE Writeup TryHackMe Spring AI: CVE-2026-22738 RCE Writeup

• Dangerous runC Flaws Allow Hackers to Escape Docker Containers Dangerous runC Flaws Allow Hackers to Escape Docker Containers

• runC Container Escape Vulnerabilities: A Technical Overview runC Container Escape Vulnerabilities: A Technical Overview

• New runC Vulnerabilities Allow Container Escape in Docker and Kubernetes New runC Vulnerabilities Allow Container Escape in Docker and Kubernetes

• Attackers Exploit Critical Langflow RCE as CISA Sounds Alarm Attackers Exploit Critical Langflow RCE as CISA Sounds Alarm

• CVE-2026-33017: How Attackers Compromised Langflow AI Pipelines in 20 Hours CVE-2026-33017: How Attackers Compromised Langflow AI Pipelines in 20 Hours

• CVE-2025-3248: RCE Vulnerability in Langflow CVE-2025-3248: RCE Vulnerability in Langflow

• React2Shell Explained: From Vulnerability Discovery to Exploitation React2Shell Explained: From Vulnerability Discovery to Exploitation

• Protecting Against the Critical React2Shell RCE Exposure Protecting Against the Critical React2Shell RCE Exposure

• React2Shell: Node.js RCE Against a Production Next.js App React2Shell: Node.js RCE Against a Production Next.js App

• CVE-2025-68613: RCE via Expression Injection in n8n CVE-2025-68613: RCE via Expression Injection in n8n

• Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025 Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025

• WWBN AVideo RCE via Persistent PHP File Upload (CVE-2026-33717) WWBN AVideo RCE via Persistent PHP File Upload (CVE-2026-33717)

• Explorance Blue RCE via Unrestricted File Upload Explorance Blue RCE via Unrestricted File Upload

• From Pre-Auth SSRF to RCE in TruFusion Enterprise From Pre-Auth SSRF to RCE in TruFusion Enterprise

• Serverless Security Risks 2026: Mitigating SSRF and RCE Threats Serverless Security Risks 2026: Mitigating SSRF and RCE Threats

• Intigriti Challenge: SSRF to RCE via File Upload Bypass Intigriti Challenge: SSRF to RCE via File Upload Bypass

• Precurio Intranet Portal: CSRF to RCE via File Upload Precurio Intranet Portal: CSRF to RCE via File Upload

• Tiandy Easy7 RCE via OS Command Injection (CVE-2026-4585) Tiandy Easy7 RCE via OS Command Injection (CVE-2026-4585)

• RCE in Airbyte via Server-Side Template Injection (SSTI) RCE in Airbyte via Server-Side Template Injection (SSTI)

• File Upload Vulnerability Testing: Bypassing Filters and Getting RCE File Upload Vulnerability Testing: Bypassing Filters and Getting RCE

• Critical LFI to RCE in WP Ghost Plugin Affecting 200k+ Sites Critical LFI to RCE in WP Ghost Plugin Affecting 200k+ Sites

• AI Workflows Under Fire: Critical RCE Flaws in Langflow AI Workflows Under Fire: Critical RCE Flaws in Langflow

• CVE-2026-22812: RCE on a 71k-Star AI Coding Tool With Zero Auth CVE-2026-22812: RCE on a 71k-Star AI Coding Tool With Zero Auth

• Root in One Request: Marimo's Critical Pre-Auth RCE (CVE-2026-39987) Root in One Request: Marimo's Critical Pre-Auth RCE (CVE-2026-39987)

• Lessons From 2025: Zero-Day Exploitation Shaping 2026 Lessons From 2025: Zero-Day Exploitation Shaping 2026

• Critical Zero-Day RCE in Networking Devices Exposes 70,000+ Hosts Critical Zero-Day RCE in Networking Devices Exposes 70,000+ Hosts

• Cisco Patches Zero-Day RCE Exploited by China-Linked APT Cisco Patches Zero-Day RCE Exploited by China-Linked APT

• Critical Redis RCE Vulnerability: CVE-2025-49844 Critical Redis RCE Vulnerability: CVE-2025-49844

• CVE-2025-59287: WSUS Unauthenticated RCE Vulnerability CVE-2025-59287: WSUS Unauthenticated RCE Vulnerability

• Ivanti EPMM RCE Vulnerability Chain Exploited in the Wild Ivanti EPMM RCE Vulnerability Chain Exploited in the Wild

• 50,000+ WordPress Sites at Risk from Critical Ninja Forms RCE 50,000+ WordPress Sites at Risk from Critical Ninja Forms RCE

• Critical Langflow RCE Flaw Exploited in the Wild Within Hours Critical Langflow RCE Flaw Exploited in the Wild Within Hours

• CVE-2026-20131: Analysis of Cisco FMC RCE CVE-2026-20131: Analysis of Cisco FMC RCE

• n8n Critical Vulnerability (CVE-2026-21858): Unauthenticated RCE n8n Critical Vulnerability (CVE-2026-21858): Unauthenticated RCE

• Critical Telnetd Flaw (CVE-2026-32746) Enables Root RCE Critical Telnetd Flaw (CVE-2026-32746) Enables Root RCE

• Critical vLLM RCE Allows Server Takeover via Malicious Video URL (CVE-2026-22778) Critical vLLM RCE Allows Server Takeover via Malicious Video URL (CVE-2026-22778)

• CVE-2026-27825: Critical Unauthenticated RCE and SSRF in mcp-atlassian CVE-2026-27825: Critical Unauthenticated RCE and SSRF in mcp-atlassian

• Unrestricted File Upload Leads to SSRF and RCE Unrestricted File Upload Leads to SSRF and RCE

• Complete Defense Against Node.js RCE: Real-World Exploit Analysis Complete Defense Against Node.js RCE: Real-World Exploit Analysis

• Command Injection and RCE in MetaSpore (GHSL-2025-035 to 037) Command Injection and RCE in MetaSpore (GHSL-2025-035 to 037)

• Microsoft Bing Images OS Command Injection RCE Microsoft Bing Images OS Command Injection RCE

• AWS RES Root RCE via Crafted Session Name (CVE-2026-5707) AWS RES Root RCE via Crafted Session Name (CVE-2026-5707)

• Command Injection RCE in Kubernetes Log Query on Windows Command Injection RCE in Kubernetes Log Query on Windows

• Prompt Injection to RCE in AI Agents Prompt Injection to RCE in AI Agents

• Group-Office Critical RCE via Insecure Deserialization (CVE-2026-34838) Group-Office Critical RCE via Insecure Deserialization (CVE-2026-34838)

• NVIDIA APEX Deserialization RCE (CVE-2025-33244) NVIDIA APEX Deserialization RCE (CVE-2025-33244)

• React2Shell and RSC Vulnerabilities: Exploitation Threat Brief React2Shell and RSC Vulnerabilities: Exploitation Threat Brief

• CVE-2025-55182: React Server Components RCE via Flight Payload Deserialization CVE-2025-55182: React Server Components RCE via Flight Payload Deserialization

• n8n CVE-2025-68613 RCE Exploitation: A Detailed Guide n8n CVE-2025-68613 RCE Exploitation: A Detailed Guide

• 2025 Zero-Days in Review: Lessons Learned 2025 Zero-Days in Review: Lessons Learned

• Multiple Threat Actors Exploit React2Shell (CVE-2025-55182) Multiple Threat Actors Exploit React2Shell (CVE-2025-55182)

• React2Shell: Critical Unauthenticated RCE in React Server Components React2Shell: Critical Unauthenticated RCE in React Server Components

• Defending Against React2Shell in React Server Components Defending Against React2Shell in React Server Components

• Gogs Zero-Day RCE (CVE-2025-8110) Actively Exploited Gogs Zero-Day RCE (CVE-2025-8110) Actively Exploited

• SharePoint RCE: Exploitation, Detection, and Mitigation SharePoint RCE: Exploitation, Detection, and Mitigation

• Apache ActiveMQ RCE via Jolokia API (CVE-2026-34197) Apache ActiveMQ RCE via Jolokia API (CVE-2026-34197)

• CVE-2026-34841: Bruno IDE RCE via Supply Chain Attack CVE-2026-34841: Bruno IDE RCE via Supply Chain Attack

• Telnet Vulnerability Opens Door to Remote Code Execution as Root Telnet Vulnerability Opens Door to Remote Code Execution as Root

• CVE-2026-23744: Remote Code Execution in MCPJam Inspector PoC CVE-2026-23744: Remote Code Execution in MCPJam Inspector PoC

• Remote Code Execution (RCE) 101 Remote Code Execution (RCE) 101

• How I Got RCE in One of Bugcrowd's Public Programs How I Got RCE in One of Bugcrowd's Public Programs

• From Recon to RCE: Hunting React2Shell (CVE-2025-55182) From Recon to RCE: Hunting React2Shell (CVE-2025-55182)

• RCE via Unclaimed Node Package: $2,500 Bug Bounty Writeup RCE via Unclaimed Node Package: $2,500 Bug Bounty Writeup

• Max Severity Flowise RCE Vulnerability Now Exploited in Attacks Max Severity Flowise RCE Vulnerability Now Exploited in Attacks

• CVE-2026-35056: XenForo RCE Vulnerability for Admin Accounts CVE-2026-35056: XenForo RCE Vulnerability for Admin Accounts

• CVE-2026-1731: Critical Unauthenticated RCE in BeyondTrust Remote Support CVE-2026-1731: Critical Unauthenticated RCE in BeyondTrust Remote Support

• PraisonAI Critical RCE via Malicious YAML Parsing (CVE-2026-39890) PraisonAI Critical RCE via Malicious YAML Parsing (CVE-2026-39890)

• Critical n8n Flaws Allow Remote Code Execution and Credential Exposure Critical n8n Flaws Allow Remote Code Execution and Credential Exposure

Authentication (+50)

• WebAuthn Guide WebAuthn Guide

• OWASP Credential Stuffing Prevention Cheat Sheet OWASP Credential Stuffing Prevention Cheat Sheet

• OAuth/OIDC Real-Life Attack Scenarios OAuth/OIDC Real-Life Attack Scenarios

• OAuth 2.0 Redirect URI Validation Falls Short (ACM) OAuth 2.0 Redirect URI Validation Falls Short (ACM)

• PortSwigger: Hidden OAuth attack vectors PortSwigger: Hidden OAuth attack vectors

• Cloudflare FIDO2 + Zero Trust Cloudflare FIDO2 + Zero Trust

• IOActive: Authentication Downgrade / MFA Bypass IOActive: Authentication Downgrade / MFA Bypass

• Proofpoint: FIDO Authentication Downgrade Proofpoint: FIDO Authentication Downgrade

• How Attackers Bypass Synced Passkeys How Attackers Bypass Synced Passkeys

• Apache StreamPipes CVE-2025-47411 JWT Admin Apache StreamPipes CVE-2025-47411 JWT Admin

• CVE-2026-29000: pac4j-jwt Authentication Bypass CVE-2026-29000: pac4j-jwt Authentication Bypass

• Convoy KVM JWT Auth Bypass (CVE-2026-33746) Convoy KVM JWT Auth Bypass (CVE-2026-33746)

• Okta Auth0 nextjs-auth0 OAuth Parameter Injection Okta Auth0 nextjs-auth0 OAuth Parameter Injection

• CVE-2025-47275: Auth0-PHP SDK Critical CVE-2025-47275: Auth0-PHP SDK Critical

• Next.js CVE-2025-29927 Authorization Bypass Next.js CVE-2025-29927 Authorization Bypass

• Remitly: 0-Click Account Takeover (HackerOne) Remitly: 0-Click Account Takeover (HackerOne)

• Post SMTP Plugin Account Takeover (400K+) Post SMTP Plugin Account Takeover (400K+)

• CVE-2025-34291: Langflow ATO + RCE CVE-2025-34291: Langflow ATO + RCE

• 0-Click Zendesk Account Takeover Vulnerability 0-Click Zendesk Account Takeover Vulnerability

• Grafana CVE-2025-6023: Full Account Takeover Grafana CVE-2025-6023: Full Account Takeover

• Fortinet FortiGate SAML SSO Bypass Active Attack Fortinet FortiGate SAML SSO Bypass Active Attack

• CVE-2025-59718: FortiCloud SSO Authentication Bypass CVE-2025-59718: FortiCloud SSO Authentication Bypass

• CVE-2025-47949: samlify SAML SSO bypass CVE-2025-47949: samlify SAML SSO bypass

• Sign in as anyone: Bypassing SAML SSO authentication with parser differentials Sign in as anyone: Bypassing SAML SSO authentication with parser differentials

• GitHub Enterprise SAML Authentication Bypass (CVE-2024-4985 / CVE-2024-9487) GitHub Enterprise SAML Authentication Bypass (CVE-2024-4985 / CVE-2024-9487)

• Semrush OAuth redirect_uri bypass via IDN homograph — HackerOne #861940 Semrush OAuth redirect_uri bypass via IDN homograph — HackerOne #861940

• Slack OAuth2 redirect_uri bypass — HackerOne #2575 Slack OAuth2 redirect_uri bypass — HackerOne #2575

• Cisco Talos: State-of-the-art phishing — MFA bypass Cisco Talos: State-of-the-art phishing — MFA bypass

• Bugcrowd: How attackers bypass multi-factor authentication (Part 1) Bugcrowd: How attackers bypass multi-factor authentication (Part 1)

• webauthn.me: WebAuthn and Passkeys guide webauthn.me: WebAuthn and Passkeys guide

• FIDO Alliance: Passkeys overview FIDO Alliance: Passkeys overview

• Hackmanit: XML Signature Validation Bypass in SimpleSAMLphp and xmlseclibs Hackmanit: XML Signature Validation Bypass in SimpleSAMLphp and xmlseclibs

• epi052: How to Hunt Bugs in SAML — A Methodology (Part II) epi052: How to Hunt Bugs in SAML — A Methodology (Part II)

• IBM: What is XML Signature Wrapping? IBM: What is XML Signature Wrapping?

• USENIX: On Breaking SAML — Be Whoever You Want to Be USENIX: On Breaking SAML — Be Whoever You Want to Be

• Astrix Security: How attackers exploit OAuth — a deep dive (Part 2) Astrix Security: How attackers exploit OAuth — a deep dive (Part 2)

• The Hacker Recipes: OAuth 2.0 The Hacker Recipes: OAuth 2.0

• Security Innovation: Pentester's Guide to Evaluating OAuth 2.0 Security Innovation: Pentester's Guide to Evaluating OAuth 2.0

• 0xn3va: OAuth 2.0 Vulnerabilities cheat sheet 0xn3va: OAuth 2.0 Vulnerabilities cheat sheet

• Cobalt: OAuth Vulnerabilities Part 2 Cobalt: OAuth Vulnerabilities Part 2

• Vaadata: Understanding OAuth 2.0 and its common vulnerabilities Vaadata: Understanding OAuth 2.0 and its common vulnerabilities

• Doyensec: Common OAuth Vulnerabilities Doyensec: Common OAuth Vulnerabilities

• OWASP WSTG: Testing for Session Fixation OWASP WSTG: Testing for Session Fixation

• OWASP: Session Fixation Protection OWASP: Session Fixation Protection

• OWASP: Session fixation attack OWASP: Session fixation attack

• OWASP Top 10 A07: Identification and Authentication Failures OWASP Top 10 A07: Identification and Authentication Failures

• OWASP Session Management Cheat Sheet OWASP Session Management Cheat Sheet

• OWASP Authentication Cheat Sheet OWASP Authentication Cheat Sheet

• The Fragile Lock: Novel Bypasses for SAML Authentication | PortSwigger Research The Fragile Lock: Novel Bypasses for SAML Authentication | PortSwigger Research

• PortSwigger: OAuth 2.0 authentication vulnerabilities PortSwigger: OAuth 2.0 authentication vulnerabilities

SSTI (+49)

• CVE-2022-46166: Spring Boot Admin RCE CVE-2022-46166: Spring Boot Admin RCE

• CVE-2021-43466: Thymeleaf Spring5 RCE CVE-2021-43466: Thymeleaf Spring5 RCE

• Handlebars.js: Safe Usage to Avoid Injection Flaws Handlebars.js: Safe Usage to Avoid Injection Flaws

• HackerOne #164224: SSTI HackerOne #164224: SSTI

• AST Injection: Prototype Pollution to RCE in Handlebars AST Injection: Prototype Pollution to RCE in Handlebars

• Handlebars template injection and RCE in Shopify app Handlebars template injection and RCE in Shopify app

• A Pentester's Guide to SSTI - Cobalt A Pentester's Guide to SSTI - Cobalt

• SSTI: Advanced Exploitation Guide - Intigriti SSTI: Advanced Exploitation Guide - Intigriti

• Exploiting Jinja SSTI with limited payload size Exploiting Jinja SSTI with limited payload size

• RCE via SSTI in Fides Jinja Email Templates RCE via SSTI in Fides Jinja Email Templates

• CVE-2024-29178: Apache StreamPark FreeMarker SSTI CVE-2024-29178: Apache StreamPark FreeMarker SSTI

• SpringBootAdmin Thymeleaf SSTI to RCE SpringBootAdmin Thymeleaf SSTI to RCE

• Exploiting SSTI in Thymeleaf Exploiting SSTI in Thymeleaf

• Exploiting SSTI in a Modern Spring Boot Application Exploiting SSTI in a Modern Spring Boot Application

• Method Confusion in Go SSTIs Lead to RCE Method Confusion in Go SSTIs Lead to RCE

• Exploiting SSTI in Golang Frameworks Exploiting SSTI in Golang Frameworks

• Golang SSTI: Safe by Default or Vulnerable by Design Golang SSTI: Safe by Default or Vulnerable by Design

• SSTI: Transforming Web Apps from Assets to Liabilities SSTI: Transforming Web Apps from Assets to Liabilities

• ServiceNow RCE Exploitation Campaign ServiceNow RCE Exploitation Campaign

• Multiple ServiceNow SSTI Vulnerabilities Multiple ServiceNow SSTI Vulnerabilities

• ServiceNow RCE (CVE-2024-4879) Analysis ServiceNow RCE (CVE-2024-4879) Analysis

• SSTI in Jinja2 allows RCE (changedetection.io) SSTI in Jinja2 allows RCE (changedetection.io)

• CVE-2024-32651: SSTI in changedetection.io CVE-2024-32651: SSTI in changedetection.io

• CVE-2025-23211: Jinja2 SSTI Turns Recipes Into RCE CVE-2025-23211: Jinja2 SSTI Turns Recipes Into RCE

• CVE-2025-23211: Tandoor Recipes Jinja2 SSTI to RCE CVE-2025-23211: Tandoor Recipes Jinja2 SSTI to RCE

• GoSecure: Template Injection in Action workshop GoSecure: Template Injection in Action workshop

• Jinja2 SSTI filter bypasses Jinja2 SSTI filter bypasses

• OnSecurity: Server Side Template Injection with Jinja2 OnSecurity: Server Side Template Injection with Jinja2

• Flask & Jinja2 SSTI cheatsheet Flask & Jinja2 SSTI cheatsheet

• Grav: SSTI via Twig escape handler advisory Grav: SSTI via Twig escape handler advisory

• Exploit-DB: Twig 2.4.4 Server Side Template Injection Exploit-DB: Twig 2.4.4 Server Side Template Injection

• OpenMetadata: FreeMarker SSTI in email templates leads to RCE OpenMetadata: FreeMarker SSTI in email templates leads to RCE

• CVE-2023-49964: FreeMarker SSTI in Alfresco CVE-2023-49964: FreeMarker SSTI in Alfresco

• GitHub Security Lab: SSTI in Apache Camel — CVE-2020-11994 GitHub Security Lab: SSTI in Apache Camel — CVE-2020-11994

• Breaking the Barrier: RCE via SSTI in FreeMarker Breaking the Barrier: RCE via SSTI in FreeMarker

• Synack: Discovering an SSTI vulnerability in FreeMarker Synack: Discovering an SSTI vulnerability in FreeMarker

• YesWeHack: Limitations are just an illusion — advanced SSTI exploitation with RCE everywhere YesWeHack: Limitations are just an illusion — advanced SSTI exploitation with RCE everywhere

• vladko312/SSTImap: Automatic SSTI detection tool with interactive interface vladko312/SSTImap: Automatic SSTI detection tool with interactive interface

• epinna/tplmap: SSTI and Code Injection Detection and Exploitation Tool epinna/tplmap: SSTI and Code Injection Detection and Exploitation Tool

• PayloadsAllTheThings SSTI: Java PayloadsAllTheThings SSTI: Java

• PayloadsAllTheThings: Server Side Template Injection PayloadsAllTheThings: Server Side Template Injection

• HackTricks: Jinja2 SSTI HackTricks: Jinja2 SSTI

• HackTricks: SSTI (Server Side Template Injection) HackTricks: SSTI (Server Side Template Injection)

• OWASP Testing for Server Side Template Injection OWASP Testing for Server Side Template Injection

• Server-side template injection PortSwigger KB Server-side template injection PortSwigger KB

• Exploiting server-side template injection vulnerabilities Exploiting server-side template injection vulnerabilities

• Template Injection Research | PortSwigger Research Template Injection Research | PortSwigger Research

• Server-Side Template Injection | PortSwigger Research Server-Side Template Injection | PortSwigger Research

• Server-side template injection | Web Security Academy Server-side template injection | Web Security Academy

JWT (+48)

• CVE-2024-33663: Python-jose Algorithm Confusion CVE-2024-33663: Python-jose Algorithm Confusion

• Severe Security Flaw Found in jsonwebtoken Library Severe Security Flaw Found in jsonwebtoken Library

• The Ultimate Guide to JWT Vulnerabilities and Attacks The Ultimate Guide to JWT Vulnerabilities and Attacks

• HackerOne: Trint insecure client-side JWT generation HackerOne: Trint insecure client-side JWT generation

• HackerOne: Linktree account takeover via improper JWT validation HackerOne: Linktree account takeover via improper JWT validation

• HackerOne: Critical vulnerability in JWE Specification HackerOne: Critical vulnerability in JWE Specification

• HackerOne: Argo CD JWT audience claim not verified HackerOne: Argo CD JWT audience claim not verified

• JWT Signature Bypass via unvalidated jku parameter JWT Signature Bypass via unvalidated jku parameter

• JWT Signature Bypass via kid Path Traversal JWT Signature Bypass via kid Path Traversal

• JWT Signature Bypass via kid SQL injection JWT Signature Bypass via kid SQL injection

• JWT Attack Walk-Through - NCC Group JWT Attack Walk-Through - NCC Group

• A Practical Guide to Attacking JWT A Practical Guide to Attacking JWT

• Hacker Tools: JWT_Tool Hacker Tools: JWT_Tool

• November CTF Challenge: Exploiting JWT vulnerabilities to achieve RCE November CTF Challenge: Exploiting JWT vulnerabilities to achieve RCE

• RFC 8725 - JSON Web Token Best Current Practices RFC 8725 - JSON Web Token Best Current Practices

• Cracking JWT Keys - Authentication Lab Cracking JWT Keys - Authentication Lab

• Hacking JWT Tokens: Bruteforcing Weak Signing Key with Hashcat Hacking JWT Tokens: Bruteforcing Weak Signing Key with Hashcat

• Brute Forcing HS256 is Possible Brute Forcing HS256 is Possible

• Golang JWT access restriction bypass vulnerability Golang JWT access restriction bypass vulnerability

• Top 3 security best practices for handling JWTs Top 3 security best practices for handling JWTs

• Detecting JWT Security Issues Detecting JWT Security Issues

• Attacking JWT authentication Attacking JWT authentication

• Lab: JWT authentication bypass via weak signing key Lab: JWT authentication bypass via weak signing key

• Lab: JWT authentication bypass via jku header injection Lab: JWT authentication bypass via jku header injection

• PortSwigger KB: JWT none algorithm supported PortSwigger KB: JWT none algorithm supported

• Vaadata: JWT vulnerabilities, common attacks and security best practices Vaadata: JWT vulnerabilities, common attacks and security best practices

• WorkOS: JWT algorithm confusion attacks explained WorkOS: JWT algorithm confusion attacks explained

• PentesterLab: Another JWT Algorithm Confusion Vulnerability (CVE-2024-54150) PentesterLab: Another JWT Algorithm Confusion Vulnerability (CVE-2024-54150)

• Curity: JWT Security Best Practices Curity: JWT Security Best Practices

• RFC 8725: JSON Web Token Best Current Practices RFC 8725: JSON Web Token Best Current Practices

• Auth0: Critical vulnerabilities in JSON Web Token libraries Auth0: Critical vulnerabilities in JSON Web Token libraries

• OWASP WSTG: Testing JSON Web Tokens OWASP WSTG: Testing JSON Web Tokens

• OWASP JSON Web Token for Java Cheat Sheet OWASP JSON Web Token for Java Cheat Sheet

• KathanP19/HowToHunt: JWT KathanP19/HowToHunt: JWT

• tuhin1729 Bug Bounty Methodology: JWT tuhin1729 Bug Bounty Methodology: JWT

• HackTricks: JWT vulnerabilities HackTricks: JWT vulnerabilities

• PayloadsAllTheThings: JSON Web Token PayloadsAllTheThings: JSON Web Token

• DontPanicO/jwtXploiter: A tool to test the security of JSON Web Tokens DontPanicO/jwtXploiter: A tool to test the security of JSON Web Tokens

• brendan-rius/c-jwt-cracker: JWT brute-force cracker in C brendan-rius/c-jwt-cracker: JWT brute-force cracker in C

• mazen160/jwt-pwn: Security testing scripts for JWT mazen160/jwt-pwn: Security testing scripts for JWT

• jwt_tool Attack Methodology wiki jwt_tool Attack Methodology wiki

• ticarpi/jwt_tool: A toolkit for testing, tweaking and cracking JSON Web Tokens ticarpi/jwt_tool: A toolkit for testing, tweaking and cracking JSON Web Tokens

• Working with JWTs in Burp Suite Working with JWTs in Burp Suite

• JSON Web Token Attacker Burp extension JSON Web Token Attacker Burp extension

• JWT Scanner Burp extension JWT Scanner Burp extension

• PortSwigger jwt-editor: Burp Suite extension for editing and signing JWTs PortSwigger jwt-editor: Burp Suite extension for editing and signing JWTs

• Algorithm confusion attacks | Web Security Academy Algorithm confusion attacks | Web Security Academy

• JWT attacks | Web Security Academy JWT attacks | Web Security Academy

XSS (+48)

• Beyond XSS: Mutation XSS Explained Beyond XSS: Mutation XSS Explained

• CVE-2025-26791: DOMPurify Regular Expression Bug for mXSS CVE-2025-26791: DOMPurify Regular Expression Bug for mXSS

• Bypassing DOMPurify Again with Mutation XSS Bypassing DOMPurify Again with Mutation XSS

• Penetration Testing of Electron-based Applications Penetration Testing of Electron-based Applications

• SiYuan Electron RCE via Malicious Note Sync (CVE-2026-39846) SiYuan Electron RCE via Malicious Note Sync (CVE-2026-39846)

• DbGate Stored XSS to RCE in Electron (CVE-2026-34725) DbGate Stored XSS to RCE in Electron (CVE-2026-34725)

• Intigriti Challenge 0226: Stored XSS & CSP Bypass Intigriti Challenge 0226: Stored XSS & CSP Bypass

• Content Security Policy Bypass Techniques and Security Tips Content Security Policy Bypass Techniques and Security Tips

• Advanced XSS: Bypassing Filters, CSP, and DOM-based XSS Advanced XSS: Bypassing Filters, CSP, and DOM-based XSS

• CSP Bypasses: Advanced Exploitation Guide CSP Bypasses: Advanced Exploitation Guide

• Arista Firewall XSS to RCE Chain Arista Firewall XSS to RCE Chain

• From Stored XSS to Account Takeover From Stored XSS to Account Takeover

• Magento 2.3.1: Unauthenticated Stored XSS to RCE Magento 2.3.1: Unauthenticated Stored XSS to RCE

• CVE-2025-52367: Stored XSS to RCE in PivotX CMS CVE-2025-52367: Stored XSS to RCE in PivotX CMS

• BXSS Hunter: Blind XSS Scanner Tool BXSS Hunter: Blind XSS Scanner Tool

• How to Find XSS Vulnerabilities: Practical Security Guide How to Find XSS Vulnerabilities: Practical Security Guide

• Mastering Blind XSS: Real-World Techniques for High Bounties Mastering Blind XSS: Real-World Techniques for High Bounties

• Hunting for Blind XSS Vulnerabilities: A Complete Guide Hunting for Blind XSS Vulnerabilities: A Complete Guide

• The Guide to Blind XSS: Advanced Techniques for Bug Bounty Hunters The Guide to Blind XSS: Advanced Techniques for Bug Bounty Hunters

• Frontend Security in 2025: Protecting Client-Side Code in React, Vue & More Frontend Security in 2025: Protecting Client-Side Code in React, Vue & More

• Modern Frontend Security: Beyond XSS and CSRF in 2025 Modern Frontend Security: Beyond XSS and CSRF in 2025

• Cross-site Scripting (XSS) in vue-i18n (CVE-2025-53892) Cross-site Scripting (XSS) in vue-i18n (CVE-2025-53892)

• XSS in 2025: Why It Still Matters and How to Defend Against It XSS in 2025: Why It Still Matters and How to Defend Against It

• Why React Didn't Kill XSS: The New JavaScript Injection Playbook Why React Didn't Kill XSS: The New JavaScript Injection Playbook

• Security Issues in Popular Full-Stack Frameworks Security Issues in Popular Full-Stack Frameworks

• Beyond alert(1): Real XSS Dangers in React & Vue SPAs Beyond alert(1): Real XSS Dangers in React & Vue SPAs

• XSS Payload Crafting and WAF Bypass: A Beginner-Friendly Guide XSS Payload Crafting and WAF Bypass: A Beginner-Friendly Guide

• Bypassing WAFs for Fun and JS Injection with Parameter Pollution Bypassing WAFs for Fun and JS Injection with Parameter Pollution

• XSS Payload WAF Bypass: Advanced Techniques to Evade Microsoft's 2025 Security XSS Payload WAF Bypass: Advanced Techniques to Evade Microsoft's 2025 Security

• XSS Filter Evasion: How Attackers Bypass XSS Filters XSS Filter Evasion: How Attackers Bypass XSS Filters

• WAF XSS Bypass: Obfuscation and Encoding Techniques WAF XSS Bypass: Obfuscation and Encoding Techniques

• WAF Bypass XSS Payloads Collection WAF Bypass XSS Payloads Collection

• CVE-2026-0594: Reflected XSS in WordPress CVE-2026-0594: Reflected XSS in WordPress

• TrustyMon: Practical Detection of DOM-based XSS Using Trusted Types TrustyMon: Practical Detection of DOM-based XSS Using Trusted Types

• CI4MS Critical Stored XSS (CVE-2026-34569) CI4MS Critical Stored XSS (CVE-2026-34569)

• CI4MS Stored DOM XSS via Menu Management (CVE-2026-34565) CI4MS Stored DOM XSS via Menu Management (CVE-2026-34565)

• Homarr DOM-based XSS (CVE-2026-33510) Homarr DOM-based XSS (CVE-2026-33510)

• CVE-2025-67906: MISP Stored XSS via Workflow Engine CVE-2025-67906: MISP Stored XSS via Workflow Engine

• How I Hacked a Web App Using Stored XSS to Steal Sessions How I Hacked a Web App Using Stored XSS to Steal Sessions

• 10 Practical Scenarios for XSS Attacks 10 Practical Scenarios for XSS Attacks

• Reflected XSS: Advanced Exploitation Guide Reflected XSS: Advanced Exploitation Guide

• Weaponizing Cross Site Scripting: When One Bug Isn't Enough Weaponizing Cross Site Scripting: When One Bug Isn't Enough

• XSS Exploitation in 2025: Advanced Techniques, AI Integration, and Evasion Strategies XSS Exploitation in 2025: Advanced Techniques, AI Integration, and Evasion Strategies

• XSS Attacks: From Basics to Advanced Post-Exploitation (2025 Edition) XSS Attacks: From Basics to Advanced Post-Exploitation (2025 Edition)

• Discovering and Exploiting XSS Vulnerabilities — My First Bug Hunting Reward Discovering and Exploiting XSS Vulnerabilities — My First Bug Hunting Reward

• How I Found a Critical XSS On a Public Bug Bounty Program How I Found a Critical XSS On a Public Bug Bounty Program

• BugBounty Hunting for XSS in 2025 BugBounty Hunting for XSS in 2025

• Apple Developer Stored XSS — $5,000 Bounty Writeup Apple Developer Stored XSS — $5,000 Bounty Writeup

Mobile (+45)

• Exploiting Content Providers in Android Applications Exploiting Content Providers in Android Applications

• SQL injection vulnerabilities in Owncloud Android app SQL injection vulnerabilities in Owncloud Android app

• Android, SQL and ContentProviders - Why SQL injections aren't dead yet Android, SQL and ContentProviders - Why SQL injections aren't dead yet

• iOS Universal Links - HackTricks iOS Universal Links - HackTricks

• MASTG-TEST-0070: Testing Universal Links MASTG-TEST-0070: Testing Universal Links

• Mobile OAuth Attacks - iOS URL Scheme Hijacking Revamped Mobile OAuth Attacks - iOS URL Scheme Hijacking Revamped

• Exploiting Android WebView Vulnerabilities Exploiting Android WebView Vulnerabilities

• Android security checklist: WebView - Oversecured Blog Android security checklist: WebView - Oversecured Blog

• WebView addJavascriptInterface Remote Code Execution - WithSecure Labs WebView addJavascriptInterface Remote Code Execution - WithSecure Labs

• Exploiting Insecure Android WebView with JavaScript Interface Exploiting Insecure Android WebView with JavaScript Interface

• Mobile Security Framework - MobSF Documentation Mobile Security Framework - MobSF Documentation

• MobSF: Mobile Security Framework (GitHub) MobSF: Mobile Security Framework (GitHub)

• Deep Linking Vulnerabilities - Application Security Cheat Sheet Deep Linking Vulnerabilities - Application Security Cheat Sheet

• Android Intent Redirection: A Hacker's Gateway to Internal Components Android Intent Redirection: A Hacker's Gateway to Internal Components

• From Browser to Breach: One-Click Android Deep Link Exploitation From Browser to Breach: One-Click Android Deep Link Exploitation

• Unsafe use of deep links - Android Developers Security Unsafe use of deep links - Android Developers Security

• Android Pentest: Deep Link Exploitation Android Pentest: Deep Link Exploitation

• A Comprehensive Guide to iOS Jailbreak Detection Bypass A Comprehensive Guide to iOS Jailbreak Detection Bypass

• Bypassing iOS Security Suite: Jailbreak Detection Explained and Tested Bypassing iOS Security Suite: Jailbreak Detection Explained and Tested

• Frida CodeShare: iOS Jailbreak Detection Bypass Frida CodeShare: iOS Jailbreak Detection Bypass

• iOS Jailbreak Detection Bypass with Frida - Full Guide iOS Jailbreak Detection Bypass with Frida - Full Guide

• Android 15 Vulnerabilities: A Comprehensive Security Research Analysis Android 15 Vulnerabilities: A Comprehensive Security Research Analysis

• December 2025 Android Security Bulletin: Two Zero-Day Flaws Exploited December 2025 Android Security Bulletin: Two Zero-Day Flaws Exploited

• Android Security Bulletin - December 2025 Android Security Bulletin - December 2025

• Intent redirection vulnerability in third-party SDK exposed millions of Android wallets Intent redirection vulnerability in third-party SDK exposed millions of Android wallets

• Mobile App Security Testing Guide 2026 Mobile App Security Testing Guide 2026

• Frida - OWASP Mobile Application Security Tool Frida - OWASP Mobile Application Security Tool

• OWASP MASTG Testing Guide OWASP MASTG Testing Guide

• OWASP MASVS & MASTG: Mobile Security Guide (2026) OWASP MASVS & MASTG: Mobile Security Guide (2026)

• Mobile App Tampering and Reverse Engineering - OWASP MASTG Mobile App Tampering and Reverse Engineering - OWASP MASTG

• A Comprehensive Guide to iOS Penetration Testing A Comprehensive Guide to iOS Penetration Testing

• iOS Penetration Testing: Definition, Process and Tools iOS Penetration Testing: Definition, Process and Tools

• iOS App Reverse Engineering: Tools & Tactics iOS App Reverse Engineering: Tools & Tactics

• iOS Pentesting Checklist: Complete Guide for 2026 iOS Pentesting Checklist: Complete Guide for 2026

• Understanding Mobile App Reverse Engineering: How Attackers Break Apps Understanding Mobile App Reverse Engineering: How Attackers Break Apps

• 2025 Phone Security Guide: Android vs iOS 2025 Phone Security Guide: Android vs iOS

• Android vs iOS Security Comparison Android vs iOS Security Comparison

• iOS vs Android Security: Which Is More Secure? iOS vs Android Security: Which Is More Secure?

• iOS Devices Face Twice the Phishing Attacks of Android iOS Devices Face Twice the Phishing Attacks of Android

• iOS vs Android Security Comparison 2025 iOS vs Android Security Comparison 2025

• Common Mobile Application Security Vulnerabilities 2025 Common Mobile Application Security Vulnerabilities 2025

• 2025 Global Mobile Threat Report 2025 Global Mobile Threat Report

• Mobile Security Testing Challenges: 2025-2026 Outlook Mobile Security Testing Challenges: 2025-2026 Outlook

• App Threat Report 2025 Q1: Android and iOS App Threat Report 2025 Q1: Android and iOS

• Mobile App Security Testing in 2026: Statistics and OWASP Threats Mobile App Security Testing in 2026: Statistics and OWASP Threats

Secrets (+43)

• Terraform Secrets Management Best Practices Terraform Secrets Management Best Practices

• AWS IAM Roles Anywhere Workload Identities AWS IAM Roles Anywhere Workload Identities

• External Secrets Operator: Introduction External Secrets Operator: Introduction

• Google Cloud SIEM Service Account Token Leak Google Cloud SIEM Service Account Token Leak

• Secret Rotation: How It Works Secret Rotation: How It Works

• Secret Auto Rotation with Secrets Store CSI Driver Secret Auto Rotation with Secrets Store CSI Driver

• Secretless GitHub Actions to AWS via OIDC Secretless GitHub Actions to AWS via OIDC

• OIDC Security Hardening for GitHub Actions OIDC Security Hardening for GitHub Actions

• Hardening HashiCorp Vault Best Practices Hardening HashiCorp Vault Best Practices

• HashiCorp Vault Production Hardening Guide HashiCorp Vault Production Hardening Guide

• Leaked Env Variables Allow Large-Scale Cloud Extortion Leaked Env Variables Allow Large-Scale Cloud Extortion

• CVE-2025-68429: Storybook .env Secrets Exposure CVE-2025-68429: Storybook .env Secrets Exposure

• 10K Docker Images Spray Live Cloud Creds 10K Docker Images Spray Live Cloud Creds

• 10,000+ Docker Hub Images Leaking Credentials 10,000+ Docker Hub Images Leaking Credentials

• Thousands of Secrets Exposed on Docker Hub Thousands of Secrets Exposed on Docker Hub

• What Happens When You Leak AWS API Keys? What Happens When You Leak AWS API Keys?

• CloudKeys in the Air: Exposed IAM Keys Cryptojacking CloudKeys in the Air: Exposed IAM Keys Cryptojacking

• AWS Customer Security Incidents Repository AWS Customer Security Incidents Repository

• 2,622 Valid Certificates Exposed: Google-GitGuardian Study 2,622 Valid Certificates Exposed: Google-GitGuardian Study

• 8000+ ChatGPT API Keys Exposed on GitHub 8000+ ChatGPT API Keys Exposed on GitHub

• Secret Scanning in CI Pipelines using Gitleaks Secret Scanning in CI Pipelines using Gitleaks

• Add a Local Gitleaks Pre-Commit Hook Add a Local Gitleaks Pre-Commit Hook

• GitHub Comments Leak Live API Keys GitHub Comments Leak Live API Keys

• Secret Scanning Encoded and Archived Data Secret Scanning Encoded and Archived Data

• How TruffleHog Verifies Secrets How TruffleHog Verifies Secrets

• Secret Scanner Comparison: Finding Your Best Tool Secret Scanner Comparison: Finding Your Best Tool

• 6 Effective Secret Scanning Tools 6 Effective Secret Scanning Tools

• Top 8 Git Secrets Scanners in 2026 Top 8 Git Secrets Scanners in 2026

• 8 Best Secret Scanning Tools (2026) 8 Best Secret Scanning Tools (2026)

• Best Secret Scanning Tools in 2025 Best Secret Scanning Tools in 2025

• GitHub Leaked API Keys and Secrets Reference GitHub Leaked API Keys and Secrets Reference

• 23.8 Million Secrets Leaked on GitHub: The Case for Expiring Credentials 23.8 Million Secrets Leaked on GitHub: The Case for Expiring Credentials

• 29 Million Secrets Leaked on GitHub: AI Coding Tools Made It Worse 29 Million Secrets Leaked on GitHub: AI Coding Tools Made It Worse

• GitHub is Awash with Leaked AI Company Secrets GitHub is Awash with Leaked AI Company Secrets

• The State of Secrets Sprawl 2026: AI-Service Leaks Surge 81% The State of Secrets Sprawl 2026: AI-Service Leaks Surge 81%

• State of Secrets Sprawl Report 2025 State of Secrets Sprawl Report 2025

• AI Frenzy Feeds Credential Chaos AI Frenzy Feeds Credential Chaos

• GitHub Secret Leaks: 13 Million API Credentials in Public Repos GitHub Secret Leaks: 13 Million API Credentials in Public Repos

• Best Secret Scanning Tools For 2026 Best Secret Scanning Tools For 2026

• 29 Million Secrets Leaked: AI Coding Tools Making It Worse 29 Million Secrets Leaked: AI Coding Tools Making It Worse

• The State of Secrets Sprawl 2026: 9 Takeaways for CISOs The State of Secrets Sprawl 2026: 9 Takeaways for CISOs

• The State of Secrets Sprawl 2025 The State of Secrets Sprawl 2025

• The Complete 2026 Secrets Management Guide The Complete 2026 Secrets Management Guide

AI (+43)

• LLM Red Teaming Guide (Open Source) - Promptfoo LLM Red Teaming Guide (Open Source) - Promptfoo

• Defining LLM Red Teaming - NVIDIA Technical Blog Defining LLM Red Teaming - NVIDIA Technical Blog

• Large Reasoning Models are Autonomous Jailbreak Agents Large Reasoning Models are Autonomous Jailbreak Agents

• Involuntary Jailbreak: On Self-Prompting Attacks Involuntary Jailbreak: On Self-Prompting Attacks

• Single Line of Code Can Jailbreak 11 AI Models Including ChatGPT, Claude, Gemini Single Line of Code Can Jailbreak 11 AI Models Including ChatGPT, Claude, Gemini

• OWASP Top 10 for LLMs 2025: Key Risks and Mitigation Strategies OWASP Top 10 for LLMs 2025: Key Risks and Mitigation Strategies

• OWASP Top 10 for LLM Applications 2025 OWASP Top 10 for LLM Applications 2025

• Practical Poisoning Attacks against Retrieval-Augmented Generation Practical Poisoning Attacks against Retrieval-Augmented Generation

• RAG Safety: Exploring Knowledge Poisoning Attacks to RAG RAG Safety: Exploring Knowledge Poisoning Attacks to RAG

• Benchmarking Poisoning Attacks against Retrieval-Augmented Generation Benchmarking Poisoning Attacks against Retrieval-Augmented Generation

• Q4 2025 AI Agent Security Trends Q4 2025 AI Agent Security Trends

• OWASP GenAI Top 10 Risks and Mitigations for Agentic AI Security OWASP GenAI Top 10 Risks and Mitigations for Agentic AI Security

• AI Agent Attacks in Q4 2025 Signal New Risks for 2026 AI Agent Attacks in Q4 2025 Signal New Risks for 2026

• Protecting Against Indirect Prompt Injection Attacks in MCP Protecting Against Indirect Prompt Injection Attacks in MCP

• Indirect Prompt Injection Attacks: Hidden AI Risks Indirect Prompt Injection Attacks: Hidden AI Risks

• Fooling AI Agents: Web-Based Indirect Prompt Injection Observed in the Wild Fooling AI Agents: Web-Based Indirect Prompt Injection Observed in the Wild

• Anatomy of an Indirect Prompt Injection Anatomy of an Indirect Prompt Injection

• Critical RCE Vulnerability in mcp-remote: CVE-2025-6514 Critical RCE Vulnerability in mcp-remote: CVE-2025-6514

• New Prompt Injection Attack Vectors Through MCP Sampling New Prompt Injection Attack Vectors Through MCP Sampling

• A Timeline of Model Context Protocol (MCP) Security Breaches A Timeline of Model Context Protocol (MCP) Security Breaches

• The Vulnerable MCP Project: Comprehensive MCP Security Database The Vulnerable MCP Project: Comprehensive MCP Security Database

• MCP Security: Critical Vulnerabilities Every CISO Must Address in 2025 MCP Security: Critical Vulnerabilities Every CISO Must Address in 2025

• OWASP LLM Prompt Injection Prevention Cheat Sheet OWASP LLM Prompt Injection Prevention Cheat Sheet

• Attention Tracker: Detecting Prompt Injection Attacks in LLMs Attention Tracker: Detecting Prompt Injection Attacks in LLMs

• How Microsoft Defends Against Indirect Prompt Injection Attacks How Microsoft Defends Against Indirect Prompt Injection Attacks

• MCP Security Vulnerabilities: Prompt Injection and Tool Poisoning MCP Security Vulnerabilities: Prompt Injection and Tool Poisoning

• How Agentic Tool Chain Attacks Threaten AI Agent Security How Agentic Tool Chain Attacks Threaten AI Agent Security

• 8,000+ MCP Servers Exposed: The Agentic AI Security Crisis of 2026 8,000+ MCP Servers Exposed: The Agentic AI Security Crisis of 2026

• Agentic AI Security in Production: MCP, Memory Poisoning, Tool Misuse Agentic AI Security in Production: MCP, Memory Poisoning, Tool Misuse

• Offensive Security for MCP Servers: How to Prevent AI Agent Exploits Offensive Security for MCP Servers: How to Prevent AI Agent Exploits

• The New AI Attack Surface: 3 AI Security Predictions for 2026 The New AI Attack Surface: 3 AI Security Predictions for 2026

• Introduction to Data Poisoning: A 2026 Perspective Introduction to Data Poisoning: A 2026 Perspective

• AI Security Research — December 2025 AI Security Research — December 2025

• From Prompt Injections to Protocol Exploits in LLM Agent Workflows From Prompt Injections to Protocol Exploits in LLM Agent Workflows

• LLM Security Guide: OWASP GenAI Top-10 Risks LLM Security Guide: OWASP GenAI Top-10 Risks

• Prompt Injection Attacks in LLMs: A Comprehensive Review Prompt Injection Attacks in LLMs: A Comprehensive Review

• Prompt Injection Attacks: Examples, Techniques, and Defence Prompt Injection Attacks: Examples, Techniques, and Defence

• Indirect Prompt Injection: The Hidden Threat Indirect Prompt Injection: The Hidden Threat

• AI Agent Security in 2026: Prompt Injection and Memory Poisoning AI Agent Security in 2026: Prompt Injection and Memory Poisoning

• Prompt Injection Attacks in 2025: Vulnerabilities and Defense Prompt Injection Attacks in 2025: Vulnerabilities and Defense

• Prompt Injection: The Most Common AI Exploit in 2025 Prompt Injection: The Most Common AI Exploit in 2025

• AI Prompt Injection Attacks: How They Work (2026) AI Prompt Injection Attacks: How They Work (2026)

• LLM Security Risks in 2026: Prompt Injection, RAG, and Shadow AI LLM Security Risks in 2026: Prompt Injection, RAG, and Shadow AI

Deserialization (+43)

• Insecure Deserialization: Risks, Examples, and Best Practices Insecure Deserialization: Risks, Examples, and Best Practices

• Deserialization Gadget Chain Definition Deserialization Gadget Chain Definition

• CVE-2026-20963: SharePoint Deserialization RCE Analysis CVE-2026-20963: SharePoint Deserialization RCE Analysis

• SharePoint Zero-Day CVE-2025-53770 Actively Exploited SharePoint Zero-Day CVE-2025-53770 Actively Exploited

• SolarWinds Web Help Desk Deserialization Vulnerability SolarWinds Web Help Desk Deserialization Vulnerability

• SnakeYAML Deserialization Deep Dive (CVE-2022-1471) SnakeYAML Deserialization Deep Dive (CVE-2022-1471)

• Docling RCE via PyYAML (CVE-2026-24009) Docling RCE via PyYAML (CVE-2026-24009)

• PyTorch Users at Risk: 3 Zero-Day PickleScan Vulnerabilities PyTorch Users at Risk: 3 Zero-Day PickleScan Vulnerabilities

• PickleBall: Secure Deserialization of Pickle-based ML Models PickleBall: Secure Deserialization of Pickle-based ML Models

• CVE-2026-33728: dd-trace-java Unsafe Deserialization in RMI CVE-2026-33728: dd-trace-java Unsafe Deserialization in RMI

• CVE-2026-33439: OpenAM Pre-Auth RCE via Deserialization CVE-2026-33439: OpenAM Pre-Auth RCE via Deserialization

• PayloadsAllTheThings - Ruby Deserialization Payloads PayloadsAllTheThings - Ruby Deserialization Payloads

• Ruby Vulnerabilities: Exploiting Open, Send, and Deserialization Ruby Vulnerabilities: Exploiting Open, Send, and Deserialization

• Java Deserialization Gadget Chains Explained Java Deserialization Gadget Chains Explained

• Deserialization Gadget Chains in Android: An In-Depth Study Deserialization Gadget Chains in Android: An In-Depth Study

• What Actually Is a Deserialization Gadget Chain? What Actually Is a Deserialization Gadget Chain?

• ysoserial: Java Deserialization Payload Generator ysoserial: Java Deserialization Payload Generator

• ysoserial.net: Deserialization Payload Generator for .NET ysoserial.net: Deserialization Payload Generator for .NET

• The Anatomy of Deserialization Attacks The Anatomy of Deserialization Attacks

• Marshal Madness: A Brief History of Ruby Deserialization Exploits Marshal Madness: A Brief History of Ruby Deserialization Exploits

• Deserialization Attacks: How Exploiting Data Formats Can Break Security Deserialization Attacks: How Exploiting Data Formats Can Break Security

• DELMIA Apriso Insecure Deserialization Exploited in the Wild (CVE-2025-5086) DELMIA Apriso Insecure Deserialization Exploited in the Wild (CVE-2025-5086)

• PayloadsAllTheThings - PHP Deserialization Payloads PayloadsAllTheThings - PHP Deserialization Payloads

• Exploiting PHP Deserialization with POP Chains Exploiting PHP Deserialization with POP Chains

• What is PHP Object Injection? An In-Depth Guide What is PHP Object Injection? An In-Depth Guide

• PHP Object Injection Research PHP Object Injection Research

• .NET Deserialization Cheat Sheet .NET Deserialization Cheat Sheet

• BinaryFormatter Deserialization Security Guide for .NET BinaryFormatter Deserialization Security Guide for .NET

• Microsoft SharePoint Deserialization RCE (CVE-2026-26114) Microsoft SharePoint Deserialization RCE (CVE-2026-26114)

• .NET JSON.NET Deserialization RCE .NET JSON.NET Deserialization RCE

• Deserialization Bugs in the Wild Deserialization Bugs in the Wild

• Insecure Deserialization in Python: A Complete Guide Insecure Deserialization in Python: A Complete Guide

• Security in Python Deserialization: Safe Pickle Alternatives 2025 Security in Python Deserialization: Safe Pickle Alternatives 2025

• Exposing 4 Critical Vulnerabilities in Python Picklescan Exposing 4 Critical Vulnerabilities in Python Picklescan

• Breaking Pickle: RCE Through Python Deserialization Breaking Pickle: RCE Through Python Deserialization

• Pickle Deserialization in ML Pipelines: The RCE That Won't Go Away Pickle Deserialization in ML Pipelines: The RCE That Won't Go Away

• Insecure Deserialization Tutorial and Examples Insecure Deserialization Tutorial and Examples

• An In-depth Study of Java Deserialization RCE Exploits An In-depth Study of Java Deserialization RCE Exploits

• OWASP Deserialization Cheat Sheet OWASP Deserialization Cheat Sheet

• Deserialization Vulnerabilities in Java Deserialization Vulnerabilities in Java

• Java Deserialization Cheat Sheet Java Deserialization Cheat Sheet

• Insecure Deserialization in Web Applications Insecure Deserialization in Web Applications

• CVE-2026-25769: Wazuh Critical RCE via Unsafe Deserialization CVE-2026-25769: Wazuh Critical RCE via Unsafe Deserialization

API Security (+42)

• Exploiting API4: 8 Real-World Unrestricted Resource Consumption Attack Scenarios Exploiting API4: 8 Real-World Unrestricted Resource Consumption Attack Scenarios

• Exploiting Server-Side Request Forgery in an API Exploiting Server-Side Request Forgery in an API

• API Versioning Vulnerabilities: Deprecated Endpoints Still Accepting Requests API Versioning Vulnerabilities: Deprecated Endpoints Still Accepting Requests

• Exploiting JWT Vulnerabilities: Advanced Exploitation Guide Exploiting JWT Vulnerabilities: Advanced Exploitation Guide

• openapi-fuzzer: Black-box Fuzzer for OpenAPI Specifications openapi-fuzzer: Black-box Fuzzer for OpenAPI Specifications

• CATS: REST API Fuzzer and Negative Testing Tool CATS: REST API Fuzzer and Negative Testing Tool

• RESTler: Stateful REST API Fuzzing Tool RESTler: Stateful REST API Fuzzing Tool

• BFLA: Broken Function Level Authorization BFLA: Broken Function Level Authorization

• API Gateway Authorizers: Vulnerable By Design API Gateway Authorizers: Vulnerable By Design

• HTTP Request Smuggling in API Gateways HTTP Request Smuggling in API Gateways

• Kong API Gateway Misconfigurations: A Security Case Study Kong API Gateway Misconfigurations: A Security Case Study

• Swagger-EZ: Pentesting APIs Using OpenAPI Definitions Swagger-EZ: Pentesting APIs Using OpenAPI Definitions

• APIDetector: Scan for Exposed Swagger Endpoints APIDetector: Scan for Exposed Swagger Endpoints

• Autoswagger: Automated Discovery and Testing of OpenAPI and Swagger Endpoints Autoswagger: Automated Discovery and Testing of OpenAPI and Swagger Endpoints

• Swagger Jacker: Auditing OpenAPI Definition Files Swagger Jacker: Auditing OpenAPI Definition Files

• PayloadsAllTheThings: API Key Leaks PayloadsAllTheThings: API Key Leaks

• State of Secrets: 28 Million Credentials Leaked on GitHub in 2025 State of Secrets: 28 Million Credentials Leaked on GitHub in 2025

• Bypassing Rate Limits: All Known Techniques Bypassing Rate Limits: All Known Techniques

• Rate Limit Bypass - HackTricks Rate Limit Bypass - HackTricks

• Hacking APIs: Bypassing Rate Limiting Hacking APIs: Bypassing Rate Limiting

• What is Mass Assignment? Attacks and Security Tips What is Mass Assignment? Attacks and Security Tips

• API Security 101: Mass Assignment and Exploitation in the Wild API Security 101: Mass Assignment and Exploitation in the Wild

• What is BOLA? 3-digit bounty from Topcoder What is BOLA? 3-digit bounty from Topcoder

• API1:2023 Broken Object Level Authorization API1:2023 Broken Object Level Authorization

• Exposing a New BOLA Vulnerability in Grafana Exposing a New BOLA Vulnerability in Grafana

• API Exploitation For Bug Bounty API Exploitation For Bug Bounty

• API Penetration Testing Roadmap (2025) API Penetration Testing Roadmap (2025)

• API Security Testing Tool Checklist (2026) API Security Testing Tool Checklist (2026)

• GraphQL Security Best Practices: A Developer's Guide GraphQL Security Best Practices: A Developer's Guide

• OWASP API Security Top 10 Risks OWASP API Security Top 10 Risks

• API Security Reality Check: Q2 2025 API ThreatStats Report API Security Reality Check: Q2 2025 API ThreatStats Report

• GraphQL Security Testing: Complete Guide GraphQL Security Testing: Complete Guide

• Common API Security Vulnerabilities & Solutions (2026 Guide) Common API Security Vulnerabilities & Solutions (2026 Guide)

• Introduction - OWASP Top 10:2025 Introduction - OWASP Top 10:2025

• OWASP Top 10:2025 OWASP Top 10:2025

• API Security Risks: The 10 Most Exploited in 2026 API Security Risks: The 10 Most Exploited in 2026

• What Are the OWASP Top 10 API Security Risks? - Akamai What Are the OWASP Top 10 API Security Risks? - Akamai

• OWASP API Security Top 10 (2025) Guide with Tests OWASP API Security Top 10 (2025) Guide with Tests

• OWASP Top 10 2025: What's Changed and Why OWASP Top 10 2025: What's Changed and Why

• Top 10 OWASP API Security in 2026 Top 10 OWASP API Security in 2026

• OWASP Top Ten 2025: Key Security Risks for APIs OWASP Top Ten 2025: Key Security Risks for APIs

• OWASP API Security: Top 10 Risks & Remedies for 2026 OWASP API Security: Top 10 Risks & Remedies for 2026

Fuzzing (+41)

• Getting Started with Python Fuzzing Using Atheris Getting Started with Python Fuzzing Using Atheris

• Unleashing Medusa: Smart Contract Fuzzing Unleashing Medusa: Smart Contract Fuzzing

• Mastering Boofuzz: From Basics to Advanced Mastering Boofuzz: From Basics to Advanced

• cargo-fuzz - Testing Handbook cargo-fuzz - Testing Handbook

• LLM-Based Harness Synthesis for Unfuzzed Projects LLM-Based Harness Synthesis for Unfuzzed Projects

• HyperHook: A Harnessing Framework for Nyx HyperHook: A Harnessing Framework for Nyx

• Practical Jazzer for the Snazzy Fuzzer Practical Jazzer for the Snazzy Fuzzer

• Jazzer + LibAFL: Java Fuzzing Insights Jazzer + LibAFL: Java Fuzzing Insights

• Unlocking Java Fuzzing with Jazzer Unlocking Java Fuzzing with Jazzer

• LibAFL - Testing Handbook LibAFL - Testing Handbook

• Fuzzing Rust Using Cargo-libafl Fuzzing Rust Using Cargo-libafl

• LibAFL Tutorial LibAFL Tutorial

• G2Fuzz: Grammar-Aware Fuzzing with LLMs G2Fuzz: Grammar-Aware Fuzzing with LLMs

• Bugs That Survive Continuous Fuzzing Bugs That Survive Continuous Fuzzing

• Fuzzing Web Apps using FFUF: Complete Guide Fuzzing Web Apps using FFUF: Complete Guide

• FFUF Mastery: Advanced Web Fuzzing FFUF Mastery: Advanced Web Fuzzing

• Looking for RCE Bugs in the Linux Kernel Looking for RCE Bugs in the Linux Kernel

• Syzkaller Summer: Fixing False Positive Soft Lockups in net/sched Syzkaller Summer: Fixing False Positive Soft Lockups in net/sched

• Writing Harnesses - Testing Handbook Writing Harnesses - Testing Handbook

• Secrets of Effective Fuzzing Harnesses Secrets of Effective Fuzzing Harnesses

• Beginner's Guide to Writing a Fuzzing Harness Beginner's Guide to Writing a Fuzzing Harness

• The Art of Fuzzing: Harnessing Libraries The Art of Fuzzing: Harnessing Libraries

• AFL++ - Testing Handbook AFL++ - Testing Handbook

• AFL++ Tutorials AFL++ Tutorials

• Fuzzing with AFL++: Exercise 1 (simple_crash) Fuzzing with AFL++: Exercise 1 (simple_crash)

• Fuzzing in Smart City IoT Ecosystems Fuzzing in Smart City IoT Ecosystems

• Multi-target Coverage-based Greybox Fuzzer Multi-target Coverage-based Greybox Fuzzer

• A Gentle Introduction to Linux Kernel Fuzzing A Gentle Introduction to Linux Kernel Fuzzing

• Fuzzing Cheat Sheet: AFL++, libFuzzer, Boofuzz, WinDBG, Ghidra Fuzzing Cheat Sheet: AFL++, libFuzzer, Boofuzz, WinDBG, Ghidra

• Fuzzing: What Are the Latest Developments? Fuzzing: What Are the Latest Developments?

• A Survey of Kernel Fuzzing A Survey of Kernel Fuzzing

• Step-by-Step Guide to Coverage-Guided Fuzzing with libFuzzer Step-by-Step Guide to Coverage-Guided Fuzzing with libFuzzer

• Fuzzing: Brute Force Vulnerability Discovery - ACM Fuzzing: Brute Force Vulnerability Discovery - ACM

• Fuzzing Vulnerability Discovery Techniques - ACM Fuzzing Vulnerability Discovery Techniques - ACM

• Vulnerability Discovery in ICS Using Fuzzing Vulnerability Discovery in ICS Using Fuzzing

• A Directed Greybox Fuzzer for Windows Applications A Directed Greybox Fuzzer for Windows Applications

• GRLFuzz: Optimizing Mutation Strategies with Reinforcement Learning GRLFuzz: Optimizing Mutation Strategies with Reinforcement Learning

• Fuzzing Vulnerability Discovery Techniques: Survey and Future Directions Fuzzing Vulnerability Discovery Techniques: Survey and Future Directions

• Ultimate Guide to Fuzzing and Exploit Development Ultimate Guide to Fuzzing and Exploit Development

• Mastering Fuzzing For Vulnerability Research: A Practical Guide Mastering Fuzzing For Vulnerability Research: A Practical Guide

• Revolutionizing Vulnerability Discovery with AI-Powered Fuzzing Revolutionizing Vulnerability Discovery with AI-Powered Fuzzing

Supply Chain (+40)

• DPRK Threat Actor Compromises Axios NPM Package DPRK Threat Actor Compromises Axios NPM Package

• 16 Minutes to Impact: npm crypto-draining malware 16 Minutes to Impact: npm crypto-draining malware

• Widespread npm Supply Chain Attack: Billions at Risk Widespread npm Supply Chain Attack: Billions at Risk

• npm Supply Chain Attack: debug, chalk, and Beyond npm Supply Chain Attack: debug, chalk, and Beyond

• The Nx s1ngularity Attack: Inside the Credential Leak The Nx s1ngularity Attack: Inside the Credential Leak

• s1ngularity: Nx supply chain attack leaks secrets s1ngularity: Nx supply chain attack leaks secrets

• CISA 2025 Minimum Elements for SBOM CISA 2025 Minimum Elements for SBOM

• SLSA 3 Compliance with GitHub Actions and Sigstore SLSA 3 Compliance with GitHub Actions and Sigstore

• cosign Verification of npm Provenance and GitHub Attestations cosign Verification of npm Provenance and GitHub Attestations

• Securing CI/CD After tj-actions and reviewdog Attacks Securing CI/CD After tj-actions and reviewdog Attacks

• GitHub Actions Supply Chain Attack: Coinbase to tj-actions GitHub Actions Supply Chain Attack: Coinbase to tj-actions

• tj-actions/changed-files supply chain attack tj-actions/changed-files supply chain attack

• tj-actions/changed-files compromise (CVE-2025-30066) tj-actions/changed-files compromise (CVE-2025-30066)

• XZ Backdoor CVE-2024-3094 - JFrog XZ Backdoor CVE-2024-3094 - JFrog

• xz Backdoor CVE-2024-3094 - OpenSSF xz Backdoor CVE-2024-3094 - OpenSSF

• XZ Utils backdoor (CVE-2024-3094) overview XZ Utils backdoor (CVE-2024-3094) overview

• Ultralytics PyPI package delivers coinminer Ultralytics PyPI package delivers coinminer

• Supply-chain attack analysis: Ultralytics Supply-chain attack analysis: Ultralytics

• GitLab discovers widespread npm supply chain attack GitLab discovers widespread npm supply chain attack

• Shai-Hulud: Self-Replicating Worm Compromises 500+ NPM Packages Shai-Hulud: Self-Replicating Worm Compromises 500+ NPM Packages

• Shai-Hulud npm supply chain attack overview Shai-Hulud npm supply chain attack overview

• Shai-Hulud Worm Compromises npm Ecosystem Shai-Hulud Worm Compromises npm Ecosystem

• Shai-Hulud 2.0: 25K+ Repos Exposed Shai-Hulud 2.0: 25K+ Repos Exposed

• Shai-Hulud 2.0: Detection and Defense Guidance Shai-Hulud 2.0: Detection and Defense Guidance

• Shai-Hulud 2.0 npm worm: analysis Shai-Hulud 2.0 npm worm: analysis

• Supply Chain Attacks Are Exploiting Our Assumptions Supply Chain Attacks Are Exploiting Our Assumptions

• Protecting Your Software Supply Chain: Typosquatting and Dependency Confusion Protecting Your Software Supply Chain: Typosquatting and Dependency Confusion

• LiteLLM PyPI Packages Compromised in TeamPCP Supply Chain Attacks LiteLLM PyPI Packages Compromised in TeamPCP Supply Chain Attacks

• Supply-Chain Attack Defense: Developer Host Machine Hardening Supply-Chain Attack Defense: Developer Host Machine Hardening

• TeamPCP Credential Infostealer Chain Attack Reaches Python's LiteLLM TeamPCP Credential Infostealer Chain Attack Reaches Python's LiteLLM

• Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers

• N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust

• The Next Wave of Supply Chain Attacks: NPM, PyPI, and Docker Hub The Next Wave of Supply Chain Attacks: NPM, PyPI, and Docker Hub

• PyPI, npm, and the New Frontline of Software Supply Chain Attacks PyPI, npm, and the New Frontline of Software Supply Chain Attacks

• Malicious PyPI and npm Packages Exploiting Dependencies in Supply Chain Attacks Malicious PyPI and npm Packages Exploiting Dependencies in Supply Chain Attacks

• Supply Chain Attack: How Attackers Weaponize Software Supply Chain Attack: How Attackers Weaponize Software

• 2026 Supply Chain Security Report: Attack Analysis 2026 Supply Chain Security Report: Attack Analysis

• Securing Software Supply Chains: 2026 Priorities Securing Software Supply Chains: 2026 Priorities

• 2026 Software Supply Chain Report 2026 Software Supply Chain Report

• Supply Chain Attacks 2025-2026: Axios, Shai-Hulud, and More Supply Chain Attacks 2025-2026: Axios, Shai-Hulud, and More

AuthZ (+39)

• RBAC vs ABAC vs PBAC - Styra RBAC vs ABAC vs PBAC - Styra

• Policy as Code: Fine-Grained Authorization Policy as Code: Fine-Grained Authorization

• Policy Engine Showdown: OPA vs OpenFGA vs Cedar Policy Engine Showdown: OPA vs OpenFGA vs Cedar

• ReBAC Authorization Academy - Oso ReBAC Authorization Academy - Oso

• RBAC vs ABAC vs PBAC - Oso RBAC vs ABAC vs PBAC - Oso

• RBAC vs ABAC vs ReBAC - Oso RBAC vs ABAC vs ReBAC - Oso

• Fine Grained Authorization using SpiceDB for RAG Fine Grained Authorization using SpiceDB for RAG

• Relationship-Based Permissions in SpiceDB Relationship-Based Permissions in SpiceDB

• Introduction to Google Zanzibar Introduction to Google Zanzibar

• OpenFGA: Open-Source Engine for Access Control OpenFGA: Open-Source Engine for Access Control

• Announcing OpenFGA Announcing OpenFGA

• Authorization Concepts - OpenFGA Authorization Concepts - OpenFGA

• Cedar Policy Language Complete Guide Cedar Policy Language Complete Guide

• Amazon Verified Permissions - Cedar Amazon Verified Permissions - Cedar

• Cedar Policy Language Reference Cedar Policy Language Reference

• Basic ABAC with OPA and Rego - AWS Basic ABAC with OPA and Rego - AWS

• OPA Rego Language Tutorial OPA Rego Language Tutorial

• What is Open Policy Agent (OPA)? What is Open Policy Agent (OPA)?

• OPA: Best Practices for Secure Deployment - CNCF OPA: Best Practices for Secure Deployment - CNCF

• Kubernetes RBAC Best Practices Kubernetes RBAC Best Practices

• Kubernetes RBAC Good Practices Kubernetes RBAC Good Practices

• NIST SP 800-162: Guide to ABAC NIST SP 800-162: Guide to ABAC

• Authorization Testing Automation Cheat Sheet - OWASP Authorization Testing Automation Cheat Sheet - OWASP

• Access Control Cheat Sheet - OWASP Access Control Cheat Sheet - OWASP

• Authorization Cheat Sheet - OWASP Authorization Cheat Sheet - OWASP

• BLA9:2025 Broken Access Control - OWASP BLA9:2025 Broken Access Control - OWASP

• Broken Access Control: 40% Surge in 2025 Broken Access Control: 40% Surge in 2025

• Defending Against Broken Access Control Defending Against Broken Access Control

• Broken Access Control A01:2025 Complete Guide Broken Access Control A01:2025 Complete Guide

• Why Broken Access Control Dominates OWASP Top 10 in 2026 Why Broken Access Control Dominates OWASP Top 10 in 2026

• Broken Access Control: How to Detect and Prevent Broken Access Control: How to Detect and Prevent

• OWASP A01: Broken Access Control Risks and Prevention OWASP A01: Broken Access Control Risks and Prevention

• OWASP-TOP-10 A01:2025 Broken Access Control OWASP-TOP-10 A01:2025 Broken Access Control

• OpenClaw: Authorization Bypass and Privilege Escalation OpenClaw: Authorization Bypass and Privilege Escalation

• CVE-2025-67274: Broken Access Control in aangine CVE-2025-67274: Broken Access Control in aangine

• CVE-2026-33312: BOLA in Vikunja CVE-2026-33312: BOLA in Vikunja

• BOLA Vulnerability - Vulnsy BOLA Vulnerability - Vulnsy

• BOLA: API Attack & Prevention - StackHawk BOLA: API Attack & Prevention - StackHawk

• What is BOLA - Imperva What is BOLA - Imperva

Talks (+19)

• BSidesSLC 2026 BSidesSLC 2026

• Approov Events and Conferences Approov Events and Conferences

• OWASP Global AppSec USA 2025 - CFP OWASP Global AppSec USA 2025 - CFP

• OWASP Global AppSec EU 2025 - GenAI Focus OWASP Global AppSec EU 2025 - GenAI Focus

• OWASP Global AppSec EU 2025 (Barcelona) OWASP Global AppSec EU 2025 (Barcelona)

• OWASP Global AppSec USA 2025 (Washington DC) OWASP Global AppSec USA 2025 (Washington DC)

• OWASP Global & Regional Events OWASP Global & Regional Events

• OWASP AppSec Days Developer Security Summit OWASP AppSec Days Developer Security Summit

• OWASP 25th Anniversary Virtual Conference OWASP 25th Anniversary Virtual Conference

• AppSec & Cybersecurity Events Calendar 2026: 60+ Conferences AppSec & Cybersecurity Events Calendar 2026: 60+ Conferences

• Annual Computer Security Applications Conference Annual Computer Security Applications Conference

• GPSEC Cybersecurity Conference GPSEC Cybersecurity Conference

• IEEE Symposium on Security and Privacy 2026 IEEE Symposium on Security and Privacy 2026

• The Elephant in AppSec Conference The Elephant in AppSec Conference

• RSA Conference 2026 RSA Conference 2026

• Cybersecurity Conferences 2026-2027 Cybersecurity Conferences 2026-2027

• NDC Security 2026 NDC Security 2026

• The Best Security Conferences & Events 2026 The Best Security Conferences & Events 2026

• LASCON – Lonestar Application Security Conference LASCON – Lonestar Application Security Conference

Python (+18)

• Python CVE Details Python CVE Details

• Python Security Vulnerabilities CVE Database Python Security Vulnerabilities CVE Database

• Picklescan Allows RCE via Malicious Pickle File Picklescan Allows RCE via Malicious Pickle File

• CVE-2025-56005: PLY RCE Vulnerability CVE-2025-56005: PLY RCE Vulnerability

• Multi-Stage Malware Attack on Python Package Index Multi-Stage Malware Attack on Python Package Index

• CVE-2025-1716 Sonatype Security Advisory CVE-2025-1716 Sonatype Security Advisory

• Picklescan Fails to Detect Unsafe Globals Advisory Picklescan Fails to Detect Unsafe Globals Advisory

• CVE-2025-1716: Picklescan Analysis Bypass RCE CVE-2025-1716: Picklescan Analysis Bypass RCE

• Critical Python PLY Library Vulnerability Enables RCE Critical Python PLY Library Vulnerability Enables RCE

• CVE-2025-56005: Python PLY Flaw Enables Remote Code Execution CVE-2025-56005: Python PLY Flaw Enables Remote Code Execution

• CVE Search: Python CVE Search: Python

• Python CVE Details Python CVE Details

• Python Security Vulnerabilities & Risk Score Python Security Vulnerabilities & Risk Score

• Top 10 High-Risk Vulnerabilities Of 2025 Exploited in the Wild Top 10 High-Risk Vulnerabilities Of 2025 Exploited in the Wild

• Python Security Vulnerabilities in 2026 Python Security Vulnerabilities in 2026

• RCE With Modern AI/ML Formats and Python Libraries RCE With Modern AI/ML Formats and Python Libraries

• Critical PickleScan Vulnerabilities Expose AI Model Supply Chains Critical PickleScan Vulnerabilities Expose AI Model Supply Chains

• How a Poisoned Security Scanner Backdoored LiteLLM How a Poisoned Security Scanner Backdoored LiteLLM

Bug Bounty (+16)

• Automate Recon and Detect Subdomain Takeovers Automate Recon and Detect Subdomain Takeovers

• Writeups - Pentester Land Writeups - Pentester Land

• The Unfiltered 2025 Guide to Web Pentesting & Bug Bounties The Unfiltered 2025 Guide to Web Pentesting & Bug Bounties

• Bug Bounty Hunter Software in 2026: What Belongs in Your Stack Bug Bounty Hunter Software in 2026: What Belongs in Your Stack

• How I'd Start Bug Bounty Hunting in 2026: A 90-Day Plan How I'd Start Bug Bounty Hunting in 2026: A 90-Day Plan

• Backend Mastery: The Real Bug Bounty Superpower (2026) Backend Mastery: The Real Bug Bounty Superpower (2026)

• Fix Your Bug Bounty Strategy: The 2026 Blueprint Fix Your Bug Bounty Strategy: The 2026 Blueprint

• How I Started a Bug-Bounty Career in 2026 How I Started a Bug-Bounty Career in 2026

• Bug Bounty Hunting Methodology 2025 - Amr Elsagaei Bug Bounty Hunting Methodology 2025 - Amr Elsagaei

• Bug Bounty Hunting in 2026 - DEV Community Bug Bounty Hunting in 2026 - DEV Community

• Getting Started With Bug Bounties: 2026 Guide - Coursera Getting Started With Bug Bounties: 2026 Guide - Coursera

• A Beginner's Guide to Bug Bounties A Beginner's Guide to Bug Bounties

• Bug Bounty Hunting Methodology 2025 - Phirojshah Bug Bounty Hunting Methodology 2025 - Phirojshah

• Bug Bounty 101: Complete Roadmap for Beginners (2026) Bug Bounty 101: Complete Roadmap for Beginners (2026)

• Bug Bounty Methodology Version 2025 Bug Bounty Methodology Version 2025

• 31 Bite-Sized Tips and Bug Bounty Resources for 2026 31 Bite-Sized Tips and Bug Bounty Resources for 2026

Recon (+15)

• Recon Roundup: Ultimate Reconnaissance Guide Recon Roundup: Ultimate Reconnaissance Guide

• From Recon to Report: Complete Workflow 2025 From Recon to Report: Complete Workflow 2025

• Mastering Recon in Bug Bounty: Advanced Techniques 2025 Mastering Recon in Bug Bounty: Advanced Techniques 2025

• 0-Day Hunting Guide: Recon Techniques Nobody Talks About 0-Day Hunting Guide: Recon Techniques Nobody Talks About

• Recon to Master: Complete Bug Bounty Checklist Recon to Master: Complete Bug Bounty Checklist

• Awesome Bug Bounty Tools - GitHub Awesome Bug Bounty Tools - GitHub

• Automating Subdomain Enumeration: Tools and Techniques at Scale Automating Subdomain Enumeration: Tools and Techniques at Scale

• Ultimate Guide to Subdomain Enumeration for Bug Bounty Ultimate Guide to Subdomain Enumeration for Bug Bounty

• Amass Cheat Sheet: 70+ Commands for Recon & Bug Bounty Amass Cheat Sheet: 70+ Commands for Recon & Bug Bounty

• The Complete Bug Bounty Recon Playbook: 2025 Edition The Complete Bug Bounty Recon Playbook: 2025 Edition

• Master Bug Bounty Hunting with Top Recon Tools Master Bug Bounty Hunting with Top Recon Tools

• Recon for Bug Bounty: 8 Essential Tools Recon for Bug Bounty: 8 Essential Tools

• Bug Bounty 101: Top 10 Reconnaissance Tools Bug Bounty 101: Top 10 Reconnaissance Tools

• 2025 Bug Bounty Methodology and Persistent Recon 2025 Bug Bounty Methodology and Persistent Recon

• Bug Bounty Recon Methodology 2025 - GitHub Bug Bounty Recon Methodology 2025 - GitHub

OSINT (+15)

• OWASP OSINT Resources OWASP OSINT Resources

• OSINT Framework - GeeksforGeeks OSINT Framework - GeeksforGeeks

• Top 10 OSINT Tools and Software for 2026 Top 10 OSINT Tools and Software for 2026

• How to Conduct Investigations Using OSINT & Maltego How to Conduct Investigations Using OSINT & Maltego

• 8 Best OSINT Tools (Paid & Free) in 2025 8 Best OSINT Tools (Paid & Free) in 2025

• AI-Driven Reconnaissance Tools You Should Know AI-Driven Reconnaissance Tools You Should Know

• Best OSINT Tools for Cybersecurity and Investigations 2026 Best OSINT Tools for Cybersecurity and Investigations 2026

• Best Open Source Windows OSINT Tools 2026 Best Open Source Windows OSINT Tools 2026

• Top 10 OSINT Tools 2026 - DevOpsSchool Top 10 OSINT Tools 2026 - DevOpsSchool

• Open Source Intelligence GitHub Topics Open Source Intelligence GitHub Topics

• 13 Best OSINT Tools for 2025 13 Best OSINT Tools for 2025

• Top 10 Open Source Intelligence Tools 2026 Top 10 Open Source Intelligence Tools 2026

• 9 Top OSINT Tools & How to Evaluate Them 9 Top OSINT Tools & How to Evaluate Them

• Best OSINT Tools for Intelligence Gathering (2026) Best OSINT Tools for Intelligence Gathering (2026)

• OSINT Bible: Comprehensive 2026 Guide OSINT Bible: Comprehensive 2026 Guide

Burp Suite (+14)

• Burp Suite Certified Practitioner Guide 2026 Burp Suite Certified Practitioner Guide 2026

• Top 10 Burp Extensions Every Pentester Should Use Top 10 Burp Extensions Every Pentester Should Use

• Burp AI in 2026: Real Workflow Changes Burp AI in 2026: Real Workflow Changes

• Burp Suite Reviews 2026 Burp Suite Reviews 2026

• Burp Suite Professional 2026.1 Release Burp Suite Professional 2026.1 Release

• Burp Suite Professional 2025.5 Release Burp Suite Professional 2025.5 Release

• 10 Burp Suite Extensions That Will Instantly Boost Your Work 10 Burp Suite Extensions That Will Instantly Boost Your Work

• How Burp Suite DAST Is Leveling Up Enterprise Security in 2025 How Burp Suite DAST Is Leveling Up Enterprise Security in 2025

• Burp Suite Professional 2025.2: Built-in AI Integration Burp Suite Professional 2025.2: Built-in AI Integration

• 100+ Burp Suite Online Courses for 2026 100+ Burp Suite Online Courses for 2026

• Burp Suite AI Extension for Pentester Burp Suite AI Extension for Pentester

• Burp Suite Goes AI: Revolutionizing Web Pentesting Burp Suite Goes AI: Revolutionizing Web Pentesting

• Burp Suite Integration for Neuron Burp Suite Integration for Neuron

• The Future of Pentesting: Burp Suite + Cursor AI The Future of Pentesting: Burp Suite + Cursor AI

XXE (+14)

• XXE in Apache Struts CVE-2025-68493 XXE in Apache Struts CVE-2025-68493

• PortSwigger Blind XXE Lab Write-up PortSwigger Blind XXE Lab Write-up

• Out-of-Band XXE Attack with Sensitive Data Exfiltration Out-of-Band XXE Attack with Sensitive Data Exfiltration

• Advanced XXE Exploitation: File Disclosure, Blind OOB, and RCE Advanced XXE Exploitation: File Disclosure, Blind OOB, and RCE

• XXE Injection Overview XXE Injection Overview

• Stop Trusting Your XML Parser: Deep Dive into XXE Stop Trusting Your XML Parser: Deep Dive into XXE

• Exploiting Blind XXE: Data Exfiltration Through External DTD Exploiting Blind XXE: Data Exfiltration Through External DTD

• PortSwigger XXE Injection Writeups PortSwigger XXE Injection Writeups

• Blind XXE Lab: Exfiltrate Data Using Malicious External DTD Blind XXE Lab: Exfiltrate Data Using Malicious External DTD

• XML External Entity - GeeksforGeeks XML External Entity - GeeksforGeeks

• Cisco ISE XXE Information Disclosure Cisco ISE XXE Information Disclosure

• XXE Injection: Advanced Exploitation Guide XXE Injection: Advanced Exploitation Guide

• XXE Complete Guide: Impact, Examples, and Prevention XXE Complete Guide: Impact, Examples, and Prevention

• CVE-2025-49493: XXE in Akamai CloudTest CVE-2025-49493: XXE in Akamai CloudTest

CSRF (+13)

• Web Application Security: Anti-CSRF & Cookie SameSite Options Web Application Security: Anti-CSRF & Cookie SameSite Options

• CSRF Protection - Clerk Docs CSRF Protection - Clerk Docs

• Preventing CSRF with the SameSite Cookie Attribute Preventing CSRF with the SameSite Cookie Attribute

• CSRF Attacks: Bypassing SameSite Cookies CSRF Attacks: Bypassing SameSite Cookies

• Advanced CSRF: How to Bypass SameSite Cookie Protections Advanced CSRF: How to Bypass SameSite Cookie Protections

• CSRF & Bypasses - Cobalt CSRF & Bypasses - Cobalt

• Cross-site request forgery - Wikipedia Cross-site request forgery - Wikipedia

• CSRF - OWASP Foundation CSRF - OWASP Foundation

• CSRF: Cross Site Request Forgery Example - Imperva CSRF: Cross Site Request Forgery Example - Imperva

• CWE-352: Cross-Site Request Forgery CWE-352: Cross-Site Request Forgery

• What Is CSRF? - Palo Alto Networks What Is CSRF? - Palo Alto Networks

• What is CSRF? Attacks, Mitigation, Prevention - Acunetix What is CSRF? Attacks, Mitigation, Prevention - Acunetix

• CSRF Attacks - Rapid7 CSRF Attacks - Rapid7

GraphQL (+13)

• Common Attacks on REST APIs and GraphQL APIs Common Attacks on REST APIs and GraphQL APIs

• GraphQL API Security: Common Vulnerabilities and Exploits GraphQL API Security: Common Vulnerabilities and Exploits

• GraphQL Security Testing: Introspection Abuse, Injection, and DoS GraphQL Security Testing: Introspection Abuse, Injection, and DoS

• Hacking (and Securing) GraphQL Hacking (and Securing) GraphQL

• GraphQL API Vulnerabilities - PortSwigger GraphQL API Vulnerabilities - PortSwigger

• GraphQL Attacks and Vulnerabilities GraphQL Attacks and Vulnerabilities

• How a GraphQL Bug Resulted in Authentication Bypass How a GraphQL Bug Resulted in Authentication Bypass

• Top GraphQL Security Vulnerabilities: Analyzing 1,500+ Endpoints Top GraphQL Security Vulnerabilities: Analyzing 1,500+ Endpoints

• GraphQL API Security Risks Every Developer Should Know GraphQL API Security Risks Every Developer Should Know

• GraphQL API Vulnerabilities and Common Attacks GraphQL API Vulnerabilities and Common Attacks

• Exploiting Broken Access Control on GraphQL Exploiting Broken Access Control on GraphQL

• GraphQL Security: 7 Common Vulnerabilities and Mitigations GraphQL Security: 7 Common Vulnerabilities and Mitigations

• GraphQL Security Flaws and Exploitation GraphQL Security Flaws and Exploitation

IDOR (+13)

• IDOR - PortSwigger Web Security IDOR - PortSwigger Web Security

• IDOR - OWASP Foundation IDOR - OWASP Foundation

• Learn about IDOR - BugBountyHunter.com Learn about IDOR - BugBountyHunter.com

• How-To: Find IDOR Vulnerabilities for Large Bounty Rewards How-To: Find IDOR Vulnerabilities for Large Bounty Rewards

• Bug Bounty Hunting: Insecure Direct Object References Bug Bounty Hunting: Insecure Direct Object References

• How I Found Easy IDOR: Bug Bounty Writeup How I Found Easy IDOR: Bug Bounty Writeup

• HackerOne Report: IDOR Allows Viewing HackerOne Report: IDOR Allows Viewing

• IDOR Prevention Cheat Sheet IDOR Prevention Cheat Sheet

• IDOR Writeup TryHackMe IDOR Writeup TryHackMe

• What is IDOR? Complete Guide What is IDOR? Complete Guide

• IDOR - MDN Web Security IDOR - MDN Web Security

• Flowise IDOR & Business Logic Flaw (CVE-2025) Flowise IDOR & Business Logic Flaw (CVE-2025)

• Insecure Direct Object Reference (IDOR) - A Deep Dive Insecure Direct Object Reference (IDOR) - A Deep Dive

SQLi (+12)

• SQL Injection in 2026: It Took One Apostrophe SQL Injection in 2026: It Took One Apostrophe

• How to Learn SQL Injection Step by Step How to Learn SQL Injection Step by Step

• Advanced SQL Injection Techniques in Modern Web Apps Advanced SQL Injection Techniques in Modern Web Apps

• Bypassing WAF with Adversarial SQL Bypassing WAF with Adversarial SQL

• WAF Bypass Using JSON-Based SQL Injection Attacks WAF Bypass Using JSON-Based SQL Injection Attacks

• SQL Injection Security Vulnerabilities SQL Injection Security Vulnerabilities

• CVE Search: SQL Injection CVE Search: SQL Injection

• SQL Injection - OWASP SQL Injection - OWASP

• SQL Injection Tutorial & Examples - PortSwigger SQL Injection Tutorial & Examples - PortSwigger

• CVE-2026-26116: SQL Server SQL Injection CVE-2026-26116: SQL Server SQL Injection

• SQL Injection 2025 Advanced Exploitation & Defense Guide SQL Injection 2025 Advanced Exploitation & Defense Guide

• CVE-2025-25257: Critical SQLi in Fortinet FortiWeb CVE-2025-25257: Critical SQLi in Fortinet FortiWeb

---

Browse all resources at appsec.fyi | Changelog | Explore Topics