- 2026-06-23 Why prompt injection works: a Transformer-level view
- 2026-06-04 Anatomy of Prompt Injection
- 2026-05-17 Build your own agentic framework β the no-magic version
- 2026-05-08 Your AI coding assistant is quietly shipping your secrets [1, 2]
- 2024-10-24 Reliable automatic code fixes with AI
- 2022-05-24 Snyk finds 200+ malicious npm packages, including Cobalt Strike dependency confusion attacks
- 2022-04-04 Exploring 3 types of directory traversal vulnerabilities in C/C++
- 2022-01-10 Exploiting URL parser confusion
- 2021-06-02 Mitigating and remediating intent-based Android security vulnerabilities
- 2021-05-27 Hunting intent-based Android security vulnerabilities with Snyk Code
- 2021-05-18 Exploring intent-based Android security vulnerabilities on Google Play
- 2021-05-06 Deep dive into Visual Studio Code extension security vulnerabilities
- 2020-10-15 SourMint Malicious SDK Research write up
- 2020-03-26 Exploring the minimist prototype pollution security vulnerability
- 2016-12-07 Remote (dev)tools ΡΠ²ΠΎΠΈΠΌΠΈ ΡΡΠΊΠ°ΠΌΠΈ β ΠΈΠ½ΡΠ΅ΡΠ²ΡΡ Ρ Π ΠΎΠΌΠ°Π½ΠΎΠΌ ΠΠ²ΠΎΡΠ½ΠΎΠ²ΡΠΌ (ΠΠ²ΠΈΡΠΎ)
- 2016-10-21 ΠΡΠΎΠ±ΠΈΠΌ ΠΌΠΎΠ½ΠΎΠ»ΠΈΡ: Π Π΅ΡΠ°ΠΊΡΠΎΡΠΈΠ½Π³ Π°ΡΡ ΠΈΡΠ΅ΠΊΡΡΡΡ Web-ΠΏΡΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΠΉ
- 2016-08-16 ΠΠ°ΠΏΡΡΠΊΠ°Π΅ΠΌ Node.js Π½Π° JVM
- 2012-02-06 MSP430, ΡΡΠΈΠΌΡΡ ΠΏΡΠΎΠ³ΡΠ°ΠΌΠΌΠΈΡΠΎΠ²Π°ΡΡ ΠΈ ΠΎΡΠ»Π°ΠΆΠΈΠ²Π°ΡΡ ΠΆΠ΅Π»Π΅Π·ΠΎ (ΡΠ°ΡΡΡ 3)
- 2012-02-01 MSP430, ΡΡΠΈΠΌΡΡ ΠΏΡΠΎΠ³ΡΠ°ΠΌΠΌΠΈΡΠΎΠ²Π°ΡΡ ΠΈ ΠΎΡΠ»Π°ΠΆΠΈΠ²Π°ΡΡ ΠΆΠ΅Π»Π΅Π·ΠΎ (ΡΠ°ΡΡΡ 2)
- 2012-01-09 MSP430, ΡΡΠΈΠΌΡΡ ΠΏΡΠΎΠ³ΡΠ°ΠΌΠΌΠΈΡΠΎΠ²Π°ΡΡ ΠΈ ΠΎΡΠ»Π°ΠΆΠΈΠ²Π°ΡΡ ΠΆΠ΅Π»Π΅Π·ΠΎ
- 2011-06-20 Amazon Route 53 ΠΈ Π±Π΅ΡΠΏΠ΅ΡΠ΅Π±ΠΎΠΉΠ½Π°Ρ ΡΠ°Π±ΠΎΡΠ° ΡΠ°ΠΉΡΠ°
- 2025-05-30 OWASP 2025 Global AppSec EU: LLMs vs. SAST: How AI Delivers Accurate Vulnerability Detection and Reduces False Positives
- 2024-09-14 BSides KrakΓ³w: Donβt Make This Mistake: Painful Learnings of Applying AI in Security
- 2024-08-06 BSides Las Vegas: Donβt Make This Mistake: Painful Learnings of Applying AI in Security
- 2021-12-15 Log4Shell: What You Need to Know About the Log4j Vulnerability
- 2021-11-23 WeAreDevelopers JavaScript Congress 2021: Vulnerable VS Code extensions are now at your front door
- 2021-11-16 INTENT Summit: 1-click to infiltrate your org via vulnerable VS Code extensions
- 2021-11-03 Ekoparty 2021: 1-click to infiltrate your organization via vulnerable VS Code extensions
- 2021-06-02 I can use VS Code to hack into your development environment
- 2020-10-15 Security BSides Dublin: The Case Of Malicious Advertisement SDK Affecting Thousands Of Mobile Apps
- 2015-10-10 Π£ΡΠΈΠΌ linux Π²ΠΌΠ΅ΡΡΠ΅: ΠΠ°ΡΡΡΠΎΠΉΠΊΠ° ΠΎΠΊΡΡΠΆΠ΅Π½ΠΈΡ Π΄Π»Ρ Π½Π°ΠΏΠΈΡΠ°Π½ΠΈΡ ΠΌΠΎΠ΄ΡΠ»Π΅ΠΉ
- 2015-10-10 Π£ΡΠΈΠΌ linux Π²ΠΌΠ΅ΡΡΠ΅: ΠΠ·Π°ΠΈΠΌΠΎΠ΄Π΅ΠΉΡΡΠ²ΠΈΠ΅ Ρ proc fs
- 2015-09-19 Π£ΡΠΈΠΌ linux Π²ΠΌΠ΅ΡΡΠ΅: ΠΠ°ΠΊ ΠΏΡΠΎΠΈΡΡ ΠΎΠ΄ΠΈΡ Π·Π°Π³ΡΡΠ·ΠΊΠ° ΠΠ‘
- Open Redirect in Gophish
- Path Traversal in Pistache
CVE-2022-26068,C/C++ - Path Traversal in Webcc
CVE-2022-25298,C/C++ - Arbitrary File Write in Drogon
CVE-2022-25297,C/C++ - Arbitrary File Write in Mongoose
CVE-2022-25299,C/C++ - Content Injection in Crow
CVE-2021-23824,C/C++ - Path Traversal in Crow
CVE-2021-23514,C/C++ - Arbitrary File Write in Iris Web Framework
CVE-2021-23772,Go - Open Redirect in Clearance
CVE-2021-23435,Ruby - DOM-based XSS in Video.js
CVE-2021-23414,JavaScript - Open Redirect in Gitpod
Go - Prototype Pollution in nedb
CVE-2021-23395,JavaScript - Prototype Pollution in yargs-parser
CVE-2020-7608,JavaScript - Prototype Pollution in minimist
CVE-2020-7598,JavaScript - Denial of Service in ecstatic
CVE-2019-10775,JavaScript - Command Injection in php-shellcommand
CVE-2019-10774,PHP - SQL Injection in Medoo
CVE-2019-10762,PHP - SQL Injection in Pixie Query Builder
CVE-2019-10766,PHP - Prototype Pollution in AngularJS
CVE-2019-10768,JavaScript - SQL Injection in knex.js
CVE-2019-10757,JavaScript - SQL Injection in sequelize
CVE-2019-10748,JavaScript - Prototype Pollution in lodash and lodash.merge
CVE-2019-10744,JavaScript





