How to detect React2Shell with Burp Suite | Blog
Tom Ryder | 05 December 2025 at 13:53 UTC Detecting React2Shell with Burp Suite React2Shell vulnerabilities in Next.js applications are now scannable across Burp Suite,…
Category: Mix
Security Update: Critical RCE in React Server Components & Next.js (CVE-2025-55182)
A Critical Remote Code Execution (RCE) vulnerability, identified as CVE-2025-55182, has been discovered in Next.js applications utilizing React Server Components (RSC) and Server Actions. This…
Defense for Vulnerable React Server Component Workflows — API Security
On December 3, 2025, React maintainers disclosed a critical unauthenticated remote code execution (RCE) vulnerability in React Server Components (RSC), tracked as CVE-2025-55182. A working…
Attackers Don’t Need to Breach Your API -They’ll Breach the Tools That Touch It — API Security
The API supply chain is the new security blind spot. Attackers no longer need to breach your APIs directly; they can target the third-party services…
Autonomous Cars or No? Stunning Data on Autonomous Car Safety Benefits
Dr. Jonathan Slotkin, a neurosurgeon and co-founder of Scrub Capital, published an excellent piece in the NYT today about autonomous car safety. [DANIEL: Opening commentary…
How to Fix an Unbearably Slow iCloud Drive
I was recently going insane trying to figure out why everything on my Mac was DeathGod slow. Apps were taking forever to open Finder was…
How AI is leveraged to enhance the Intigriti platform
At Intigriti, we believe AI is a powerful ally to, not a replacement of, our community of security researchers. We will use AI to empower…
PortSwigger x TryHackMe: Supporting Advent of Cyber
Hassan Ud-Deen | 01 December 2025 at 09:00 UTC Every December, TryHackMe’s Advent of Cyber brings the security community together around a simple idea: learn…
CSP Bypasses: Advanced Exploitation Guide
Content Security Policies (CSPs) are often deployed as the last line of defense against client-side attacks such as cross-site scripting (XSS) and clickjacking. Since their…
The Actual Bubble Is Human Labor
If you think about it, human (big-L) Labor is something of an unnatural side-effect. I don’t mean the human labor that we do for ourselves,…
Why traditional black box testing is failing modern AppSec teams
Applications have long evolved from monolithic structures to complex, cloud-native architectures. This means that the tried-and-true methods we rely on are becoming dangerously outdated. For…
When your AI Assistant Becomes the Attacker’s Command-and-Control — API Security
Earlier this month, Microsoft uncovered SesameOp, a new backdoor malware that abuses the OpenAI Assistants API as a covert command-and-control (C2) channel. The discovery has…