Exploiting Logic Flaws: Advanced Exploitation Guide
It’s no secret that complexity is the biggest rival of safe applications. As web apps become more sophisticated, they create countless opportunities for logic flaws…
Category: Mix
Update on React Server Components RCE Vulnerability (CVE-2025-55182 / CVE-2025-66478) — API Security
The attack landscape has been dynamic following the disclosure of the React Server Components RCE vulnerability. New information has emerged regarding the initial Proof-of-Concept exploit,…
A Year of Smarter, Context-Aware API Security — API Security
As the year draws to a close, it’s worth pausing to look back on what has been an extraordinary year for Wallarm and, more importantly,…
Thoughts on Doctorow’s ‘Reverse Centaurs’ AI Talk
This is another brilliantly written and highly misguided essay by Cory Doctorow. It demonstrates a complete lack of understanding of what AI actually is and…
The Real Bubble Is Human Labor
I don’t mean the human labor that we do for ourselves, like washing our own dishes or cooking our own food. That’s all as natural…
I Built Two Claude Code Features a Week Before Anthropic Released Them
I’m not the type who brags, but I have to brag about this. I guess it’s not really bragging. It’s more like validation. Anyway. I’m…
Intigriti insights: React2Shell CVE-2025-55182 | Intigriti
This blog explores the widespread and critical state of the React2Shell vulnerability. It provides a technical overview, suggested mitigations, and actions to safeguard people, processes,…
How to detect React2Shell with Burp Suite | Blog
Tom Ryder | 05 December 2025 at 13:53 UTC Detecting React2Shell with Burp Suite React2Shell vulnerabilities in Next.js applications are now scannable across Burp Suite,…
Security Update: Critical RCE in React Server Components & Next.js (CVE-2025-55182)
A Critical Remote Code Execution (RCE) vulnerability, identified as CVE-2025-55182, has been discovered in Next.js applications utilizing React Server Components (RSC) and Server Actions. This…
Defense for Vulnerable React Server Component Workflows — API Security
On December 3, 2025, React maintainers disclosed a critical unauthenticated remote code execution (RCE) vulnerability in React Server Components (RSC), tracked as CVE-2025-55182. A working…
Attackers Don’t Need to Breach Your API -They’ll Breach the Tools That Touch It — API Security
The API supply chain is the new security blind spot. Attackers no longer need to breach your APIs directly; they can target the third-party services…
Autonomous Cars or No? Stunning Data on Autonomous Car Safety Benefits
Dr. Jonathan Slotkin, a neurosurgeon and co-founder of Scrub Capital, published an excellent piece in the NYT today about autonomous car safety. [DANIEL: Opening commentary…