I’ve been digging into HTTP Trailers and found some new smuggling techniques: sebsrt.xyz/blog/trailing-dan…

We published a new research article on the Chromium 146 Renderer Process! In this article, we start from the CVE-2026-3910 Maglev write barrier elision bug and walk through the full exploit chain: building a V8 heap R/W primitive via a GC-induced UAF, achieving an out-of-sandbox read using WebAssembly internals, abusing JSPI UAF and StackMemory / JumpBuffer, and ultimately reaching renderer process RCE. Our goal was to provide a structured explanation of how modern V8 exploitation works in practice, from compiler-level bug analysis to sandbox-boundary primitives and final code execution. Huge thanks to our team member @m411k_ for conducting this research! Check out the PoC! Full article: research.rewritelab.org/2026…

Shellcode execution as a service! To exploit an argument injection in Jellyfin, we searched and found a gadget in the .NET runtime to turn file writes into code execution. Learn about the bug and this new technique: sonarsource.com/blog/jellyfi… #appsec #security #vulnerability

💿Crafting shared object/image polyglots by abusing a forgotten image format: blog.babelo.xyz/posts/elf-in…

🐘 PHP JPEG bugs: how image parsing leads to memory corruption. Our researcher Nikita Sveshnikov discovered two JPEG-related memory-safety bugs in PHP’s ext/standard: CVE-2025-14177 in getimagesize and a heap buffer overflow in iptcembed. swarm.ptsecurity.com/hack-th…

Big slay! maitai (@MaitaiThe) of Doyensec was able to exploit OpenAI Codex! If confirmed, they win $40,000 and 4 Master of Pwn points. They're off to the disclosure room for the deep dive. #Pwn2Own #P2OBerlin

NGINX rift: We autonomously discovered this 18 yr old heap overflow (CVE-2026-42945) in @nginx impacting version 0.6.27 to 1.30.0. If you use rewrite and set directive, you maybe impacted! Please update your NGINX or change the config to mitigate it. Read more at depthfirst.com/nginx-rift

Running a Figma plugin is enough to land cross-platform zero-click RCE on Figma Desktop... Read the writeup on the Critical Research Lab lab.ctbb.show/research/figma… And thanks @Dav3nn for the incredible post, what an amazing chain! =)

MAD Bugs: Finding and Exploiting a 21-Year-Old Vulnerability in PHP @i0n1c was "the PHP security guy" twenty years ago, so we thought it'd be fun to welcome him with a fresh unserialize UAF. open.substack.com/pub/calif/…

The Internet is falling down, falling down, falling down Welcome back to another disaster - this time, an Auth Bypass in cPanel/WHM, tracked as CVE-2026-41940 Enjoy with us.. labs.watchtowr.com/the-inter…

Brand new blog post by @streypaws Three Adobe Reader prototype pollution bugs chained into arbitrary file read, first identified by @HaifeiLi of @EXPMON_ Check it out starlabs.sg/blog/2026/04-thr…

And this makes sense given how many CTFs are held per year. However, the ideal CTF challenge, in my opinion, should follow this formula: "The author conducted a mini-research project and instead of publishing it, turned it into a challenge."

Just published the writeup on qwik's deserialization RCE: sebsrt.xyz/blog/a-qwik-rce/

I found an interesting RCE due to unsafe deserialization in qwik js framework. I'll post the writeup analysis github.com/QwikDev/qwik/secu…

See you in Japan!

Hello! We’ve just launched a new wargame site called damn vulnerable web! It consists only of web challenges, primarily designed for intermediate to advanced players rather than beginners. We hope this wargame helps more people gain deeper and broader knowledge in web hacking :) For now, we’re planning to accept only 300 users initially for open beta testing and capacity checks. Starting from this tweet, we’ll gradually increase the number of allowed sign-ups each week. Your interest and support will be a huge help to our future activities We’ll do our best to deliver even better work going forward. Thank you! Wargame site: wargame.rewritelab.org Join our Discord: discord.gg/wYAm2n4M4J

TR.MRG HTTP Request Smuggling? author writeup for Trailing Danger - m0lecon 2026 teaser CTF 👉github.com/sebastianosrt/My-… I'll share more about trailer fields parsing vulnerabilities soon.

The watchTowr Labs team is back, providing our full analysis of the Oracle E-Business Suite Pre-Auth RCE exploit chain (CVE-2025-61882). Enjoy with us (or cry, your choice..) labs.watchtowr.com/well-well…

I found that python hyper-h2 didn't correctly validate headers allowing http2 request splitting via crlf injection on http1 downgrades. So any proxy that uses it (like mitmproxy) might be vulnerable. github.com/python-hyper/h2/s…