A vulnerability of over a decade’s standing has been unearthed within a preeminent messaging server, facilitating unauthorized command execution—often without the requirement of administrative credentials. The security lapse, designated CVE-2026-34197, resides in Apache ActiveMQ...
Anthropic has heralded the culmination of its collaborative endeavor with Mozilla, wherein the artificial intelligence architecture Claude Opus 4.6 was instrumental in unearthing 22 nascent vulnerabilities within the Firefox browser. This narrative is profoundly...
Within the Node.js ecosystem, a vulnerability has been unearthed pertaining to the foundational logic of the HTTP client, empowering threat actors to circumvent preexisting defenses against request splitting. Martino Spagnolo, operating under the moniker...
DiffRays is a research-oriented tool for binary patch diffing, designed to aid in vulnerability research, exploit development, and reverse engineering. It leverages IDA Pro and the IDA Domain API to extract pseudocode of functions and perform structured diffing between patched...
PolarDNS is a specialized authoritative DNS server written in Python 3.x, originally developed as a tool for security testing of DNS recursive resolvers from the server-side. It allows the operator to produce custom DNS...
Over the past two decades, China’s vulnerability research industry has evolved from a disorganized network of enthusiasts into a highly structured ecosystem deeply intertwined with state interests. In the early 2000s, it was a...
The vulnerability rewards platform HackerOne has announced that over the past twelve months, white-hat hackers around the world have earned a total of $81 million in payouts — a 13% increase compared to the...
The book From Day Zero to Zero Day, published by No Starch Press, has been released, offering a comprehensive introduction to the fundamentals of vulnerability research. The author presented it at DEF CON 33...
The legendary hacker journal Phrack has turned forty, marking the occasion with its anniversary 72nd issue, published on August 19, 2025. Founded in the mid-1980s, this iconic publication is regarded as one of the...
The United Kingdom’s National Cyber Security Centre (NCSC) has unveiled a new program titled the Vulnerability Research Initiative (VRI), aimed at deepening collaboration with independent experts in vulnerability discovery. This initiative seeks to bolster...
jxscout is a tool designed to help security researchers analyze and find vulnerabilities in JavaScript code. It works with your favorite proxy (Burp or Caido), capturing requests and saving optimized versions locally for easy analysis...
