Series

AI Security

Data goes in. Exploits come out.

Deleting any file on a Coolify managed server with a single `..`
I. Introduction Coolify is an open-source, self-hostable PaaS that lets you deploy apps, databases, and pre-baked services on your own servers — the "Vercel/Heroku/Netlify replacement, but you own the
Jun 16, 202610 min read20
Bypassing Kestra's path-traversal guard with a single backslash
I. Introduction Kestra is an open-source event-driven workflow orchestration platform written in Java on top of Micronaut. It lets teams declare "flows" — task graphs that move data, call APIs, run sc
Jun 16, 202614 min read58
[CVE-2026-48731] AI-Assisted Discovery of Command Injection in Warp Terminal
Disclosure status: Reported to vendor and coordinated through a private fix path. I. Introduction Warp is an agentic development environment, born out of the terminal. Use Warp's built-in coding agent
Jun 8, 20267 min read140
AI-Powered Bug Hunting in Closed-Source Software:
Author: Anhlt91, Thuanhn Date: May 2026Tags: AI Claude Bug Hunting Closed-Source Security Research Overview I used Claude AI to find real security vulnerabilities in a closed-source enterprise produc
Jun 1, 202636 min read298
Anatomy of a GHSA Collaboration: Fixing Filament's MFA Race Together
I. Introduction Filament is an open-source full-stack UI framework for Laravel built on top of Livewire. It lets developers compose admin panels, forms, tables, infolists, actions, and notifications a
May 29, 202611 min read88
How I Use Claude Code to Fix Security Vulnerabilities
About this article This article documents how I use Claude Code in my CVE research workflow — specifically, how I handle the moment Claude gives me a fix recommendation for a vulnerability I've found
May 29, 202611 min read85

Command Palette