HTTP/3 downgrade desync via a QUIC FIN! This is a really nice finding. There used to be a significant cognitive & fiddly-coding barrier to testing lower-level HTTP/2 & 3 techniques but AI has largely eliminated it. As ever, the fix is... upstream HTTP/1 must …
Back in 2021, "Certified Pre-Owned" by @tifkin_ & @harmj0y aimed to fix this class of issues. But these misconfigs still everywhere? The reason isn’t just technical; it’s abt guidance, incentives, & responsibility. Read up before Martin's talk! https:// ghst.…
Posted by Alan Coopersmith on Apr 18 https://blog.calif.io/p/we-asked-claude-to-audit-sagredos and https://github.com/califio/publications/tree/main/MADBugs/qmail https:…
Posted by cyber security on Apr 18 After deep analysis we confirm, that CVE-2026-33691 aka it alias https://unlockoldupload.hashnode.dev/disable-modsecurity-waf-using-cv… | Posted by Solar Designer on Apr 18 Hi, This gives a 404 Page Not Found, but more importantly actual content should have been d…