PentesterLab: Penetration Testing & Web App Security Blog

3 min read Original article β†—

Research Worth Reading - Week 24, 2026

Research

Research Worth Reading - Week 24, 2026

πŸͺ² Jupyter Enterprise Gateway β€’ πŸ€– Measuring LLMs’ impact on N-day exploits β€’ πŸŽ† Bypassing a 3 layer SVG sanitizer: Stored XSS in Mozilla

June 15, 2026

Filter: All Research APPSEC AuthZ CAREER Code Review Insight JWT PENTESTING

Weekly Research

Research Worth Reading - Week 23, 2026

πŸ” Let’s talk about encrypted reasoning β€’ πŸ‘ Golang code review notes II β€’ πŸ€– The sorry state of skill distribution

PentesterLab Jun 8, 2026

CVE in Your CVE: When the Patch Doesn't Fix the Vulnerability

A big part of what I do for PentesterLab is reading CVEs. I spend a lot of time going through them: ...

Louis Nyffenegger Jun 3, 2026 Β· 8 min read

Weekly Research

Research Worth Reading - Week 21, 2026

βš’οΈ evilsocket / audit β€’ πŸ€– Autonomous fuzzing process under LLM supervision β€’ πŸ’° StubZero: $148,337 RCE in Google Cloud Production

PentesterLab May 27, 2026

Weekly Research

Research Worth Reading - Week 20, 2026

🐚 The React2Shell Story and What Happened Next.js β€’ πŸ›οΈ Mythos finds a curl vulnerability β€’ πŸ€– Claude Code RCE: Exploiting Deeplink Handlers via Settings Injection

PentesterLab May 27, 2026

Weekly Research

Research Worth Reading - Week 18, 2026

πŸ€– AI threats in the wild: The current state of prompt injections on the web β€’ πŸͺŸ Persistence Atlas: 19 Techniques Nobody Talks About β€’ 😳 Securing GitHub: Wiz Research uncovers RCE in GitHub.com

PentesterLab May 4, 2026

Weekly Research

Research Worth Reading - Week 17, 2026

πŸ“† The zero-days are numbered β€’ πŸ” High-Quality Chaos β€’ πŸͺ‘ Needle in the haystack: LLMs for vulnerability research

PentesterLab May 1, 2026

Vibe Before You Buy!

Back when I worked in appsec, I wrote the same tool twice for two different companies. Both times it was a ...

Louis Nyffenegger May 1, 2026 Β· 7 min read

Weekly Research

Research Worth Reading - Week 16, 2026

πŸ€– Lessons Learned From RITSEC CTF β€’ 😼 Fail Open, Game Over: Turning a One-Line Tomcat Fix into Unauthenticated RCE β€’ πŸ€– I Let Claude Opus Write a Chrome Exploit

PentesterLab Apr 27, 2026

Weekly Research

Research Worth Reading - Week 15, 2026

πŸ‘Ύ GDDRHammer and GeForge: GPU Rowhammer Now Achieves Full System Compromise β€’ πŸ€– Assessing Claude Mythos Preview’s cybersecurity capabilities

PentesterLab Apr 15, 2026

Weekly Research

Research Worth Reading - Week 14, 2026

✨ ImageMagick: From Arbitrary File Read to File Write In Every Policy β€’ πŸ§‘πŸ»β€πŸ’» Leveling Up Secure Code Reviews with Claude Code β€’ πŸ€– Vulnerability Research Is Cooked

PentesterLab Apr 13, 2026

Defenders Finally Have the Edge

Everyone is panicking about AI-generated zero days. They should be paying attention to the other side of the equation. Anthropic recently ...

Louis Nyffenegger Mar 31, 2026 Β· 8 min read

Weekly Research

Research Worth Reading - Week 13, 2026

☁️ Remote Command Execution in Google Cloud with Single Directory Deletion

PentesterLab Mar 29, 2026