I won't keep you in mystery any longer, here's how I found an XSS vulnerability *in* Shazzer! The chain involved some interesting browser techniques no sane developer could foresee. Check out the details below: jorianwoltjer.com/blog/p/stori... (and thanks @garethheyes.co.uk for making Shazzer!)

ICYMI: This week's show is up! @metlstorm.risky.biz and I were joined by our new podcast host @jameswilson.io to talk all about the Notepad++ supply chain compromise and the security angle on the Clawdbot/Moltbook fiasco: VIDEO: www.youtube.com/watch?v=W5hx... AUDIO: risky.biz/RB823

Found an interesting ruby bug, time to see if it impacts rails. Anyone want to collab?

The Pentium's microcode ROM holds 414,720 bits in total: 4608 micro-instructions. For more photos of the Pentium's microcode circuitry along with a detailed explanation, see my latest blog post: www.righto.com/2025/03/pent...

My latest blog post is live! Check your Ruby on Rails applications for the use of params[:_json] nastystereo.com/security/rai...

Ten years ago, I realised I needed to rewrite ActiveScan++ in Java. After putting it off for so long that artificial intelligence was literally able to do 90% of the work for me, I've done it! It's now available in the BApp store. Report issues and feature requests here -> github.com/albinowax/Ac...

Security researcher Luke Jahnke has published an escape for SafeMarshal, a new Ruby security gem that can be used to block deserialization attacks nastystereo.com/security/rub...

My latest blog post is live 🔥 Read it to learn what SafeMarshal is and *two* very different ways to escape and get RCE! Read it to find out why Date is *not* a safe class in Ruby or how to leverage serialized strings being constructed with string concatenation! nastystereo.com/security/rub...

I've just rewritten ActiveScan++ in Java to lay the foundation for some major enhancements. It's not in the BApp store yet but if you'd like to take it for a spin you can grab it here: github.com/albinowax/Ac...

🚨 CORS vulnerabilities in Go 🚨 Misusing strings.HasSuffix, Contains, or HasPrefix? You might be leaving the door wide open! 🔓 Learn how these patterns lead to bypasses 🐛👇 👉 pentesterlab.com/blog/golang-...

New blog post is up! Shiny Vulnerabilities in R's Most Popular Web Framework nastystereo.com/security/r-s... Turns out the programming language R is used for more than statistics, including web apps!

Not sure how I missed that, but we now actually have Ken Thompson's C compiler backdoor code from the classic "Reflections on Trusting Trust". An excellent writeup by @swtch.com - research.swtch.com/nih.

I just wrote a new blog post! This is how I (ab)used a jailed file write bug in Tomcat/Spring. Enjoy! Remote Code Execution with Spring Properties :: srcincite.io/blog/2024/11...

My latest blog post is live! nastystereo.com/security/cro... Read how to send a cross-site POST without including a Content-Type header (without CORS). It even works with navigator.sendBeacon

I just published a new blog post sharing an improved Deserialization Gadget Chain for Ruby! It builds on the work of others, including Leonardo Giovanni, @ulldma.bsky.social and @vakzz.bsky.social nastystereo.com/security/rub...