Bug Bounty hunter Alex Brumen explains how to detect and exploit syntax confusion in real web apps, recounts how he turned an SSRF and blind file read into a full arbitrary file read, and offers mitigation advice for ambiguous parsing exploits.
Learn about CVE-2025-29927, a critical vulnerability in Next.js that impacts authorization checks in middleware.
Unicode codepoint truncation - also called a Unicode overflow attack - happens when a server tries to store a Unicode character in a single byte. Because the maximum value of a byte is 255, an overflo
Stay updated on the latest PHP vulnerability advisory. Learn about the potential log tampering, file inclusion, and data integrity violations.
Scripts turn malicious, infect webpages after Chinese CDN swallows domain
Five vendors act to thwart generic hack