I’ve been digging into HTTP Trailers and found some new smuggling techniques: https://t.co/gpaIiYkSHs

See you in Japan!

Hello! We’ve just launched a new wargame site called damn vulnerable web! It consists only of web challenges, primarily designed for intermediate to advanced players rather than beginners. We hope this wargame helps more people gain deeper and broader knowledge in web hacking

TR.MRG HTTP Request Smuggling? author writeup for Trailing Danger - m0lecon 2026 teaser CTF 👉 https://t.co/1VdPNURFMH I'll share more about trailer fields parsing vulnerabilities soon.

The watchTowr Labs team is back, providing our full analysis of the Oracle E-Business Suite Pre-Auth RCE exploit chain (CVE-2025-61882). Enjoy with us (or cry, your choice..) https://t.co/ffDKb723N6

I found that python hyper-h2 didn't correctly validate headers allowing http2 request splitting via crlf injection on http1 downgrades. So any proxy that uses it (like mitmproxy) might be vulnerable.

CVE-2025-8671: HTTP/2 implementations are vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames

Interesting one :)

I have just updated my site, here's the writeup of cve-2024-48962 I found in Apache Ofbiz. https://t.co/dxW9qaMFgi

Here's my research about Python dirty Arbitrary File Write to RCE via overwriting shared object files or overwriting bytecode files. Enjoy! https://t.co/P3V2y0yGH9 #Research #WebAppSec

The recording is uploaded)

🩸 First blood went to @s3bsrt in under 15 mins 👏

🤯 https://t.co/rkUQpPDqc5

📚 You can find all of the community writeups on our gitbook, including @frevadiscor89, @b0ffm4n, @s3bsrt, @system_LFE and @kabilan1290 💜 https://t.co/cFYpjauxiH

Our third winner is @s3bsrt! 🎊 Straight to the point but all the key elements are in there. Good one if you are in a hurry 👀 Read it here 👇 https://t.co/bjD34kCs8x