Full-time bug bounty hunter who is willing to share everything he knows and how he does things.
Dec 17, 2025
•
2 min read
Gemini hacks, novel SAML auth bypasses, and Next.js middleware mutations.
Dec 10, 2025
3 min read
We're running a Christmas giveaway! Also, here's another heavy client-side issue waiting for you.
Dec 2, 2025
Google's Antigravity vulnerabilities, a dive into React internals for bugs, and Chrome exploitation.
Nov 26, 2025
In today's issue, we explore whether prompt injections are a real vulnerability and pop some universal XSS on an AI browser.
Nov 24, 2025
We have more AI hacking, which is great for expanding our view of this new attack surface, but hey, we also have good old SQL injection today! Yeah, SQLi is not dead.
Nov 21, 2025
4 min read
Client-side hacking via postMessage, the AssetNote team discovering another pre-auth RCE, and Gemini exploits.
