Engineering notes from the trenches.
Reverse-engineering APIs, automation that survives production, security research, and honest takes on the tools I ship with.
Reverse-engineering APIs, automation that survives production, security research, and honest takes on the tools I ship with.
2 posts ← reset filters
A default empty API client token in phpMyFAQ lets any unauthenticated user create and modify FAQ entries, categories, and questions via the REST API. Here's what happened, why it matters, and how to fix it.
A critical RCE vulnerability in PenPot's MCP module exposed instances to trivial code execution due to binding to all interfaces and an unauthenticated /execute endpoint. Learn what happened, why it matters, and how to secure your systems.