InsertScript: ImageMagick – Shell injection via PDF password
“Use ImageMagick® to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG,…
Category: Mix
InsertScript: Blink – DoS of tab via SVG in img tag / CSS context
This is just a quick blogpost to document a behavior in the Blink engine in regards to the processing of SVG images in the context…
Exploiting PostMessage Vulnerabilities: Advanced Exploitation Guide
PostMessage vulnerabilities arise when developers fail to properly validate message origins or sanitize content within cross-origin communication handlers. As modern web applications increasingly rely on…
Remote Access to Every Conversation · Joseph Thacker
My neighbor texted me the other day and said she’d pre-ordered two AI toys for her kids that supposedly used an LLM to dynamically generate…
![[tl;dr sec] #311 - Slack's Security Agents, Cloud-Native Detection Engineering, Trail of Bits' Claude Skills](https://image.cybernoz.com/wp-content/uploads/2026/01/tldr-sec-311-Slacks-Security-Agents-Cloud-Native-Detection-Engineering.png){kind=small}
[tl;dr sec] #313 – MCP Security Hub, IDE-Shepherd, Plaid’s Security Pipeline as Code
Weird Al Last week, I saw something I never thought I would… We cut to the early 2000s, Clint is in high school. I loved…
Intigriti 0126 CTF Challenge: Exploiting insecure postMessage handlers
At Intigriti, we host monthly web-based Capture The Flag (CTF) challenges as a way to engage with the security researcher community. January’s challenge presented participants…
How I sped up exploit validation in Repeater using Burp AI | Blog
Hassan Ud-Deen | 22 January 2026 at 15:18 UTC Note: This is a guest post by IT security consultant Adarsh Kumar. I’ve been using Burp Suite…
Why inaccessible cybersecurity is a security risk: our path to accessibility
In cybersecurity, an inaccessible tool isn’t just a nuisance: it’s a vulnerability. With the European Accessibility Act tightening regulations across Sweden and the EU, “good…
The Last Algorithm | Daniel Miessler
I just had a strange premonition that we’re about to get ASI-like outcomes from AI in 2026, but not from a new model. It’ll be…
Intigriti Bug Bytes #232 – January 2026
Welcome to the latest edition of Bug Bytes (and the first of 2026)! In this month’s issue, we’ll be featuring: Hijacking official AWS GitHub repositories New anonymous bug…
Functional PoCs in less than a minute? Julen Garrido Estévez puts Burp AI to the test | Blog
Hassan Ud-Deen | 16 January 2026 at 00:00 UTC Note: This is a guest post by pentester Julen Garrido Estévez (@b3xal). Pentester Julen Garrido Estévez (@b3xal) wanted…
[tl;dr sec] #311 – Slack’s Security Agents, Cloud-Native Detection Engineering, Trail of Bits’ Claude Skills
Secure, Govern, and Operate AI at Engineering Scale Modern AI infrastructure outgrows traditional access and security models. Whether you’re running GPU training clusters or deploying…