← Blog contact
  • March 13
     Github Actions and the threat of malicious pull requests

  • July 15
     Shaking secrets out of CircleCI builds - insecure configuration and the threat of malicious pull requests

  • February 25
     Cache poisoning DoS in CloudFoundry gorouter (CVE-2020-5401)

  • January 27
     Exploiting email address parsing with AWS SES

  • October 31
     Abusing HTTP hop-by-hop request headers

  • September 19
     HAProxy HTTP request smuggling (CVE-2019-18277)

  • March 09
     CORS'ing a Denial of Service via cache poisoning

© Copyright 2023