Threat intel
News from the field.
Vulnerability write-ups, advisories, and research from the chaosbyte crew — what we're finding, exploiting, and fixing right now.
Next.js middleware bypass: one header to skip your auth
A crafted x-middleware-subrequest header lets attackers skip middleware entirely. If your auth lives there, patch now — we walk through detection, exploitation, and the fix.
by Zach Winchester · 6 minGitHub Actions supply chain: pinning tags is not enough
Mutable action tags keep getting retargeted to malicious commits. How we caught one in a client pipeline, and the SHA-pinning policy we now deploy by default.
by @cbrhex · 4 minWhat 500 automated pentests taught us about JWT handling
alg:none is dead, but weak secrets and unverified issuers are everywhere. The five JWT mistakes our AI finds most, ranked by real-world exploitability.
by Bogdan Chayka · 9 minSSRF via PDF renderers: your invoice generator is an internal proxy
Headless browsers rendering user HTML into PDFs will happily fetch cloud metadata endpoints. Two clients, same bug, one week. Here is the checklist.
by Zach Winchester · 5 minExposed .git directories are back — blame misconfigured CDNs
A CDN migration pattern we keep seeing re-exposes .git on production origins. One curl command tells you if you are affected; one config line fixes it.
by @cbrhex · 3 minPrompt injection is the new SQLi: attacking LLM features in prod
Support bots with tool access are the softest target we test. How our AI chains prompt injection into data exfiltration, and what actually mitigates it.
by Bogdan Chayka · 7 min