How I managed to hack User accounts of a billion-dollar sport platform

Unlocking the Weak Spot: Exploiting Insecure Password Reset Tokens

Vulnerabilities in Open Source C2 Frameworks

[2,500$ Bug Bounty Write-Up] Remote Code Execution (RCE) via unclaimed Node package

Attacking PowerShell CLIXML Deserialization

Zero-Click Calendar invite — Critical zero-click vulnerability chain in macOS