Back in June my team and I found a vulnerability in the way multiple languages parse cookies which could allow a potential attacker to bypass cookie prefixes. (CVE-2020-8184, CVE-2020-7070, CVE-2020-1045)
Continue readingBack in August I found a vulnerability in Slack which allowed me to keylog slack input via custom themes.
Continue reading