Technical writeup: Pre-auth RCE via command injection in Ubiquiti UniFi Access backup API. Discovered by Catchify Security.

Every application built on Firebase that we've looked at has had the same vulnerabilities. These common vulnerabilities aren’t hard to prevent but they're easy to overlook.

Happy Friday, friends and.. others.

We’re glad/sorry to hear that your week has been good/bad, and it’s the weekend/but at least it’s almost the weekend!


What’re We Doing Today, Mr Fox?

Today, in a tale that seems all too familar at this point,

Hello Bug Hunters!

Organizations are increasingly seeking platforms that prioritize quality over quantity, fast response times, and strict data compliance. Here are eight elements to consider when selecting your bug bounty provider.

What's Changed
Features & Improvements

Remove singletons from Nuclei engine (continuation of #6210) (#6296) by @hdm
Address race conditions in http.Request and MemGuardian (#6321) by @hdm
...

Learn how to identify and exploit JSON Web Token (JWT) vulnerabilities using several different testing methods. Read the article now!

Imagine discovering that your company's login credentials are sitting in plain sight on the internet, accessible to anyone who knows where to look. Unfortunately, this isn't hypothetical – it's happening right now to organizations worldwide through malware…

What's Changed

Fixed context leak in flow by @tarunKoyalwar in #6282

Other Changes

fixed log level mismatch by @knakul853 in #6271
fixed hex dump issue by @knakul853 in #6273
fix(headless): ...

What's Changed
Other Changes

Fixed issue with go install (github.com/zmap/zgrab2 v0.2.0 => v0.1.8) by @dwisiswant0 in #6295

Full Changelog: v3.4.6...v3.4.7

What's Changed
Other Changes

feat: fixed output event for skipped hosts by @Ice3man543 in #6415

Full Changelog: v3.4.8...v3.4.9

We are excited to announce the release of our new, native Jira integration for SonarQube Cloud, available for Team and Enterprise plans. This integration streamlines the development workflow by allowing users to create Jira issues from SonarQube findings…

What's Changed
Other Changes

fix: segfault in template caching logic by @dwisiswant0 in #6421

Full Changelog: v3.4.9...v3.4.10

We are excited to announce the release of our new, native Jira integration for SonarQube Cloud, available for Team and Enterprise plans. This integration streamlines the development workflow by allowing users to create Jira issues from SonarQube findings…

From Universal XSS to native library hijacking: A comprehensive guide to Android exploitation using WebViews, Intent abuse, and Zip Slip.

We are excited to announce the release of our new, native Jira integration for SonarQube Cloud, available for Team and Enterprise plans. This integration streamlines the development workflow by allowing users to create Jira issues from SonarQube findings…

Posted by Lyubov Farafonova, Product Manager, Phone by Google; Alberto Pastor Nieto, Sr. Product Manager Google Messages and RCS Spam and Ab...

A retrospective on the $100M Balancer hack that occurred in November 2025, including long-term, strategic guidance on how to avoid similar bugs.

AI is transforming software development and turbocharging many aspects of a developer's daily work. But it’s also bringing new challenges to your teams: how do you maintain code quality and security standards as the volume of AI-generated code doubles, triples…

AI is transforming software development and turbocharging many aspects of a developer's daily work. But it’s also bringing new challenges to your teams: how do you maintain code quality and security standards as the volume of AI-generated code doubles, triples…