CVE-2026-33186 - A path normalization flaw in grpc-go v1.79.2 and earlier allows attackers to bypass path-based authorization interceptors by omitting the leading slash.

Some thoughts around Django SQL Injection CVE-2025-64459

AI-powered security scanning tool using agentic loops to hunt vulnerabilities - discovered 300+ issues in WordPress plugins with 12+ AI model support and DefectDojo integration.

This blog post will discuss about Eindhoven Quantifier Notation adopted by CodeQL

Code Execution via Java & Kotlin Deserialization in Android Application

A comprehensive writeup that helps to understand Heap Two exercise heap buffer overflow and Use-After-Free (UAF) vulnerability with learning resources.

A comprehensive writeup that helps to understand Heap One exercise heap buffer overflow vulnerability with learning resources.

A comprehensive writeup that helps to understand Heap Zero exercise heap buffer overflow vulnerability with learning resources.

A comprehensive writeup that helps to understand format-four exercise - format string vulnerability with learning resources.

A comprehensive writeup that helps to understand format-three exercise - format string vulnerability with learning resources.

A comprehensive writeup that helps to understand format-two exercise - format string vulnerability with learning resources.

A comprehensive writeup that helps to understand format one exercise format string vulnerability with learning resources.

A comprehensive writeup that helps to understand Zero Click Net-NTLMv2 Credential Hash on Outlook Client.

A comprehensive writeup on HackTheBox Active VM which helps learn and practice for OSCP Active Directory Track.

A comprehensive writeup that helps to understand Format Zero exercise format string vulnerability with learning resources.

A comprehensive writeup that helps to understand Stack Six exercise stack-overflow vulnerability with learning resources.

A comprehensive writeup on HackTheBox Jerry VM which helps learn and practice for OSCP.

A Index of HackTheBox OSCP Machine Writeups.

A comprehensive writeup on HackTheBox Bashed VM which helps learn and practice for OSCP.

Android Webview has multiple security configuration that may lead to security vulnerabilities. <br /> We'll take a deep dive into those webview configs, breakdown vulnerable configs and leverage semgrep to identify those pattern.

A comprehensive writeup that helps to understand Stack Five exercise stack-overflow vulnerability with learning resources.

A comprehensive writeup that helps to understand Stack Four exercise stack-overflow vulnerability with learning resources.

A comprehensive writeup that helps to understand Stack Three exercise stack-overflow vulnerability with learning resources.

A comprehensive writeup that helps to understand Stack Two exercise stack-overflow vulnerability with learning resources.

A comprehensive writeup that helps to understand Stack One exercise stack-overflow vulnerability with learning resources.

A comprehensive writeup that helps to understand Stack Zero exercise stack-overflow vulnerability with learning resources.

Basic exploit.education lab setup for memory corruption based security bugs

Interesting post on integer overflow while performing a basic binary search

Content provider APIs are powerful way to expose data to internal or external apps within Android ecosystem. However, there are lot of ways these APIs are implemented with flaws that leads to serious data leakage and even Remote code execution.

DOM Cross-Site Scripting attack on leetcode.com.

Strategies for securing expressjs server.