Sicuranext Blog

Vtenext 25.02: A three-way path to RCE

Influencing LLM Output using logprobs and Token Distribution

Breaking Down Multipart Parsers: File upload validation bypass

Hunt3r Kill3rs and the Italian Critical Infrastructure risks

Medical Devices Exposed

Response Filter Denial of Service (RFDoS): shut down a website by triggering WAF rule

ModSecurity: Path Confusion and really easy bypass on v2 and v3

Emails and barcodes: a phishing story

OT Exposed Italy

How attackers fingerprint your WordPress website

AWS WAF Bypass: invalid JSON object and unicode escape sequences

Unleashing the Power of Data: Indexing Over 15 Million WordPress Websites with PWNPress

PWNPress: collect vulnerable WordPress websites over internet

Building Octofence WAAP Cache System & CDN: Lessons Learned and Best Practices

Why text/plain is evil for Web Application Firewall and Input validation