43961
Happy hunting! thebugbountyhunter.com hello@thebugbountyhunter.com
Ollama Remote Code Execution: Securing the Code That Runs LLMs
https://www.sonarsource.com/blog/ollama-remote-code-execution-securing-the-code-that-runs-llms/
A Deep And Very Technical Analysis of CVE-2025-55182 (React2Shell)
https://i0.rs/blog/a-deep-and-very-technical-analysis-of-cve-2025-55182-react2-shell/
Ollama Remote Code Execution: Securing the Code That Runs LLMs
https://www.sonarsource.com/blog/ollama-remote-code-execution-securing-the-code-that-runs-llms/
The Fragile Lock: Novel Bypasses For SAML Authentication
https://portswigger.net/research/the-fragile-lock
Catching malicious package releases using a transparency log
https://blog.trailofbits.com/2025/12/12/catching-malicious-package-releases-using-a-transparency-log/
DAST without disruption: Burp Suite DAST winter update 2025
https://portswigger.net/blog/burp-suite-dast-winter-update-2025
Introducing mrva, a terminal-first approach to CodeQL multi-repo variant analysis
https://blog.trailofbits.com/2025/12/11/introducing-mrva-a-terminal-first-approach-to-codeql-multi-repo-variant-analysis/
.NET SOAPwn Flaw Opens Door for File Writes and Remote Code Execution via Rogue WSDL
https://thehackernews.com/2025/12/net-soapwn-flaw-opens-door-for-file.html?m=1
HTTPS certificate industry phasing out less secure domain validation methods
http://security.googleblog.com/2025/12/https-certificate-industry-phasing-out.html
New Prompt Injection Attack Vectors Through MCP Sampling
https://unit42.paloaltonetworks.com/model-context-protocol-attack-vectors/
CVE-2025-55182 and CVE-2025-66478 ("React2Shell") - All you need to know
https://jfrog.com/blog/2025-55182-and-2025-66478-react2shell-all-you-need-to-know/
SonarQube Compare Community vs Developer vs Enterprise vs Data Center
https://www.sonarsource.com/blog/sonarqube-compare-editions/
Intigriti insights: React2Shell CVE-2025-55182
https://www.intigriti.com/blog/business-insights/intigriti-insights-react2shell-cve-2025-55182
Introducing audit logs in SonarQube Cloud: Enhancing compliance and security
https://www.sonarsource.com/blog/introducing-audit-logs-in-sonarqube-cloud-enhancing-compliance-and-security/
Release v3.6.0 · projectdiscovery/nuclei
https://github.com/projectdiscovery/nuclei/releases/tag/v3.6.0
Use GWP-ASan to detect exploits in production environments
https://blog.trailofbits.com/2025/12/16/use-gwp-asan-to-detect-exploits-in-production-environments/
Release v3.6.1 · projectdiscovery/nuclei
https://github.com/projectdiscovery/nuclei/releases/tag/v3.6.1
Vibe, then verify: How to navigate the risks of AI-generated code
https://www.sonarsource.com/blog/how-to-navigate-the-risks-of-ai-generated-code/
Burp On Tour 2025: bringing the AppSec community together around the world
https://portswigger.net/blog/burp-on-tour-2025-bringing-the-appsec-community-together-around-the-world
Beyond cybersecurity awareness: Make a strategic shift to code security
https://www.sonarsource.com/blog/make-a-strategic-shift-to-code-security/
CVE-2025-55182: New Detection Profiles for Burp Bounty Pro
https://bountysecurity.ai/blogs/news/cve-2025-55182-react2shell-new-detection-profiles-for-burp-bounty-pro
SOAPwn: Pwning .NET Framework Applications Through HTTP Client Proxies And WSDL
https://labs.watchtowr.com/soapwn-pwning-net-framework-applications-through-http-client-proxies-and-wsdl/
Privilege Escalation Vulnerability in Soledad Theme Affecting 50k+ Sites - Patchstack
https://patchstack.com/articles/privilege-escalation-vulnerability-in-soledad-theme-affecting-50k-sites/
Architecting Security for Agentic Capabilities in Chrome
http://security.googleblog.com/2025/12/architecting-security-for-agentic.html
Announcing Tracebit Community Edition | Tracebit
https://tracebit.com/blog/announcing-tracebit-community-edition
PyTorch tensors, neural networks and Autograd: an introduction
https://www.sonarsource.com/blog/pytorch-tensors-neural-networks-and-autograd/
How to detect React2Shell with Burp Suite
https://portswigger.net/blog/how-to-detect-react2shell-with-burp-suite
When AI Turns on Its Team: Exploiting Agent-to-Agent Discovery via Prompt Injection
https://appomni.com/ao-labs/ai-agent-to-agent-discovery-prompt-injection/
Arista Firewall XSS to RCE Chain
https://bishopfox.com/blog/arista-nextgen-firewall-xss-to-rce-chain
Prompt Injection Inside GitHub Actions: The New Frontier of Supply Chain Attacks
https://www.aikido.dev/blog/promptpwnd-github-actions-ai-agents