π₯ Intigriti Challenge 1125βββJWT Confusion to SSTI β RCE (My Fastest CTF Solve Ever)
https://savi0r.medium.com/intigriti-challenge-1125-jwt-confusion-to-ssti-rce-my-fastest-ctf-solve-ever-43d43df4182c
https://savi0r.medium.com/intigriti-challenge-1125-jwt-confusion-to-ssti-rce-my-fastest-ctf-solve-ever-43d43df4182c
Medium
π₯ Intigriti Challenge 1125 β JWT Confusion to SSTI β RCE (My Fastest CTF Solve Ever)
By: savi0r Date: November 2025 Duration: ~3 hours Result: Full Solve (JWT Admin Takeover β SSTI β RCE β Flag) Status: β
Completed
π₯5β€1
An Evening with Claude (Code) - SpecterOps
https://specterops.io/blog/2025/11/21/an-evening-with-claude-code/
https://specterops.io/blog/2025/11/21/an-evening-with-claude-code/
SpecterOps
An Evening with Claude (Code) - SpecterOps
This blog post explores a bug, (CVE-2025-64755), I found while trying to find a command execution primitive within Claude Code to demonstrate the risks of web-hosted MCP to a client.
π3β€2
November CTF Challenge: Exploiting JWT vulnerabilities to achieve RCE
https://www.intigriti.com/researchers/blog/hacking-tools/november-ctf-challenge-exploiting-jwt-vulnerabilities
https://www.intigriti.com/researchers/blog/hacking-tools/november-ctf-challenge-exploiting-jwt-vulnerabilities
Intigriti
November CTF Challenge: Exploiting JWT vulnerabilities to achieve RCE
At Intigriti, we host monthly web-based Capture The Flag (CTF) challenges as a way to engage with the security research community. This month, we've decided to take on a challenge ourselves as a way t...
β€1
Sonar launches integration program to unify code governance across the SDLC
https://www.sonarsource.com/blog/sonar-launches-integration-program/
https://www.sonarsource.com/blog/sonar-launches-integration-program/
Sonarsource
Sonar launches integration program to unify code governance across the SDLC
We are thrilled to announce the launch of the Sonar Integration Program. This strategic initiative formalizes and expands our partner ecosystem, unifying SonarQube's integrations with leading technology partners under a single, comprehensive program.
β€1
How to Research & Reverse Web Vulnerabilities 101 β ProjectDiscovery Blog
https://projectdiscovery.io/blog/how-to-research-web-vulnerabilities
https://projectdiscovery.io/blog/how-to-research-web-vulnerabilities
ProjectDiscovery
How to Research & Reverse Web Vulnerabilities 101 β ProjectDiscovery Blog
Introduction
This blog serves as a detailed methodology guide for analyzing, reversing, and researching web vulnerabilities, particularly those with CVEs assigned. The content outlines repeatable processes used to evaluate vague advisories, analyze vulnerableβ¦
This blog serves as a detailed methodology guide for analyzing, reversing, and researching web vulnerabilities, particularly those with CVEs assigned. The content outlines repeatable processes used to evaluate vague advisories, analyze vulnerableβ¦
β€6
Apple Developer Stored XSSβββ$5,000 Bounty | Writeup 2025
https://medium.com/@ZombieHack/apple-developer-stored-xss-5-000-bounty-writeup-2025-cc34a030a5bf
https://medium.com/@ZombieHack/apple-developer-stored-xss-5-000-bounty-writeup-2025-cc34a030a5bf
Medium
Apple Developer Stored XSSβββ$5,000 Bounty | Writeup 2025
Hello Security Researchers & Bug Bounty Community,
β€5π2
β³ Time is ticking! Black Friday is your chance to get πππΏπ½ ππΌππ»ππ π£πΏπΌ and πππΏπ½ ππΌππ»ππ ππΌ with 40% OFF!
π―Advanced customization, faster audits, and the power to detect vulnerabilities with less effort.
πDonβt wait! bountysecurity.ai
π―Advanced customization, faster audits, and the power to detect vulnerabilities with less effort.
πDonβt wait! bountysecurity.ai
π4β€3
Sonar launches integration program to unify code governance across the SDLC
https://www.sonarsource.com/blog/sonar-launches-integration-program/
https://www.sonarsource.com/blog/sonar-launches-integration-program/
Sonarsource
Sonar launches integration program to unify code governance across the SDLC
We are thrilled to announce the launch of the Sonar Integration Program. This strategic initiative formalizes and expands our partner ecosystem, unifying SonarQube's integrations with leading technology partners under a single, comprehensive program.
β€3
How I Hacked an AI Chatbot to Expose Thousands of Customer Records (IDOR + Prompt Injection)
https://medium.com/@sumitshahorg/how-i-hacked-an-ai-chatbot-to-expose-thousands-of-customer-records-idor-prompt-injection-760092ed99a4
https://medium.com/@sumitshahorg/how-i-hacked-an-ai-chatbot-to-expose-thousands-of-customer-records-idor-prompt-injection-760092ed99a4
Medium
How I Hacked an AI Chatbot to Expose Thousands of Customer Records (IDOR + Prompt Injection)
Hey there, security enthusiasts and fellow hackers! πββοΈ
β€12
Introducing audit logs in SonarQube Cloud: Enhancing compliance and security
https://www.sonarsource.com/blog/introducing-audit-logs-in-sonarqube-cloud-enhancing-compliance-and-security/
https://www.sonarsource.com/blog/introducing-audit-logs-in-sonarqube-cloud-enhancing-compliance-and-security/
Sonarsource
Introducing audit logs in SonarQube Cloud: Enhancing compliance and security
Enhance compliance and security with the new audit logs for SonarQube Cloud Enterprise plan. Get a chronological record of key IAM events, accessible via API to integrate with your SIEM tools.
π€2β€1
Cache Poisoning: $100K+ Case Studies Part 1 | Herish Blog
https://herish.me/blog/cache-poisoning-case-studies-part-1-foundational-attacks/
https://herish.me/blog/cache-poisoning-case-studies-part-1-foundational-attacks/
herish.me
Cache Poisoning: $100K+ Case Studies Part 1 | Herish Blog
Dive into $100K+ cache poisoning vulnerabilities. Part 1 covers real-world attacks on HackerOne, GitHub, and Shopify. Read the analysis!
β€6
Nuclei Templates - November 2025 β ProjectDiscovery Blog
https://projectdiscovery.io/blog/nuclei-templates-november-2025
https://projectdiscovery.io/blog/nuclei-templates-november-2025
ProjectDiscovery
Nuclei Templates - November 2025 β ProjectDiscovery Blog
Summary of Releases v10.3.2 & v10.3.4
This month, we had two releases of Nuclei Templates, introducing numerous improvements and new templates for Nuclei users.
π November Stats
Release
New Templates Added
CVEs Added
First-time Contributors
Bountiesβ¦
This month, we had two releases of Nuclei Templates, introducing numerous improvements and new templates for Nuclei users.
π November Stats
Release
New Templates Added
CVEs Added
First-time Contributors
Bountiesβ¦
π₯5β€4
CSP Bypasses: Advanced Exploitation Guide
https://www.intigriti.com/researchers/blog/hacking-tools/content-security-policy-csp-bypasses
https://www.intigriti.com/researchers/blog/hacking-tools/content-security-policy-csp-bypasses
Intigriti
CSP Bypasses: Advanced Exploitation Guide
Learn how to identify and hunt for Content Security Policy (CSP) bypasses using multiple testing methods. Read the article now!
β€3π₯2
PortSwigger x TryHackMe: Supporting Advent of Cyber
https://portswigger.net/blog/portswigger-x-tryhackme-supporting-advent-of-cyber
https://portswigger.net/blog/portswigger-x-tryhackme-supporting-advent-of-cyber
π5β€4
SonarQube Compare Community vs Developer vs Enterprise vs Data Center
https://www.sonarsource.com/blog/sonarqube-compare-editions/
https://www.sonarsource.com/blog/sonarqube-compare-editions/
Sonarsource
SonarQube Compare Community vs Developer vs Enterprise vs Data Center
SonarQube has emerged as a leading automated code review platform that empowers development teams to achieve a high level of code quality and code security.
π3β€1
How AI is leveraged to enhance the Intigriti platform.
https://www.intigriti.com/blog/news/how-ai-is-leveraged-to-enhance-the-intigriti-platform
https://www.intigriti.com/blog/news/how-ai-is-leveraged-to-enhance-the-intigriti-platform
Intigriti
How AI is leveraged to enhance the Intigriti platform.
How Intigriti uses the implementation of AI to solve three key business challenges relating to vulnerability submissions.
β€2π2
Introducing constant-time support for LLVM to protect cryptographic code
https://blog.trailofbits.com/2025/12/02/introducing-constant-time-support-for-llvm-to-protect-cryptographic-code/
https://blog.trailofbits.com/2025/12/02/introducing-constant-time-support-for-llvm-to-protect-cryptographic-code/
The Trail of Bits Blog
Introducing constant-time support for LLVM to protect cryptographic code
Trail of Bits developed constant-time coding support for LLVM that prevents compilers from breaking cryptographic implementations vulnerable to timing attacks, introducing the __builtin_ct_select family of intrinsics that preserve constant-time propertiesβ¦
β€2
Introducing Neo, an AI security engineer for complex security tasks β ProjectDiscovery Blog
https://projectdiscovery.io/blog/introducing-neo
https://projectdiscovery.io/blog/introducing-neo
ProjectDiscovery
Introducing Neo, an AI security engineer for complex security tasks β ProjectDiscovery Blog
Neo is a cloud-based AI security engineer that works alongside your team and takes on real security tasks like a true co-engineer. As it operates, it continuously learns your systems and processes, improving over time just like an engineer ramping up on yourβ¦
π3β€2
Introducing audit logs in SonarQube Cloud: Enhancing compliance and security
https://www.sonarsource.com/blog/introducing-audit-logs-in-sonarqube-cloud-enhancing-compliance-and-security/
https://www.sonarsource.com/blog/introducing-audit-logs-in-sonarqube-cloud-enhancing-compliance-and-security/
Sonarsource
Introducing audit logs in SonarQube Cloud: Enhancing compliance and security
Enhance compliance and security with the new audit logs for SonarQube Cloud Enterprise plan. Get a chronological record of key IAM events, accessible via API to integrate with your SIEM tools.
β€3
InQL v6.1.0 Just Landed with New Features and Contribution Swag! π · Doyensec's Blog
https://blog.doyensec.com/2025/12/02/inql-v610.html
https://blog.doyensec.com/2025/12/02/inql-v610.html
Doyensec
InQL v6.1.0 Just Landed with New Features and Contribution Swag! π
We are excited to announce a new release of our Burp Suite Extension - InQL v6.1.0! The complete re-write from Jython to Kotlin in our previous update (v6.0.0) laid the groundwork for us to start implementing powerful new features, and this update deliversβ¦
β€2