In our Adrian Denkiewicz's latest post, see how combining AFL++ with GPT-5 Codex sped up triaging the results from fuzzing NASA’s CFITSIO library and uncovered numerous vulnerabilities.
Introducing SafeUpdater by Michael Pastor - A security-first update framework for Electron apps, built around explicit threat models, integrity and authenticity guarantees, and real attack mitigations. Check it out today!
Dennis Goodlett's "Cracking Pickles With r2" presentation from radareorg's r2con2024 is now available online! If you're interested in learning about bypassing malicious pickle detection - check it out today!
CSRF in modern web apps? It's still possible! Our latest research by Maxence Schmitt dives into using Client-Side Path Traversal to perform CSRF. Check out our latest blogpost and brand new Burp extension for finding bugs.
PoIEx, a new Doyensec tool, identifies "Points of Intersection" where code & IaC definitions meet. Visualize & explore IaC, plus create & share real-time notes w/ teammates in VS Code. Try it out today‼
New feature drop! In addition to being able to visually interact with hijacked browsers, our Session Hijacking Visual Exploitation (SHVE) tool now includes the ability to seamlessly inject malicious macros into downloads of common file types.
As a result of research & coordinated disclosure by our Francesco Lacerenza, a new patch was released for the crewjam SAML #golang library. Affected versions (< 0.4.14) are vulnerable to cross-site scripting (XSS) on the IdP.
