insecure-deserialization
A 10/10: CVE-2025-55182 haunting React and Next.js
React2Shell seems to be the Log4Shell of the JavaScript world. We break down the unsafe deserialization in React's Flight protocol, why APT groups like Earth Lamia tried to exploit it instantly, and why your audit checklist needs to check for architectural integrity. Patch immediately!
insecure-deserialization
Python Deserialization Attacks Explained: How Hackers Exploit Pickle (and How to Defend)
Learn how Python deserialization attacks work, see a real Pickle exploit in action, and discover best practices to secure your code against remote code execution vulnerabilities.
htb
Breaking in before the VPN broke down - A Journey through Precious (HTB Writeup)
A full walkthrough of the Hack The Box machine "Precious"; from enumeration to exploitation, including a clever pdfkit command injection and Ruby YAML deserialization for root. With shell stabilisation and some VPN drama on the side.
