Engineering notes from the trenches.
Reverse-engineering APIs, automation that survives production, security research, and honest takes on the tools I ship with.
Reverse-engineering APIs, automation that survives production, security research, and honest takes on the tools I ship with.
2 posts ← reset filters
A critical vulnerability in nebula-mesh exposes freshly-minted operator API keys via redirect URL query parameters, leaking them to browser history, Referer headers, and proxy logs. Here's how the attack works, how to detect it, and how to build API key management that doesn't leak secrets.
A critical vulnerability in phpMyFAQ allows unauthenticated password resets by simply knowing a username and email, leading to full account takeover without any token validation.