@mizu.re just launched a service to list XSS gadgets that bypass CSP or sanitizers. A good thing to keep in the arsenal - and a good thing to contribute on, if you have something to add!

gmsgadget.com

Very cool project!

Challenges_2025_Public/web/legendary at main · DownUnderCTF/Challenges_2025_Public Files + Solutions for DownUnderCTF 2025 Challenges - DownUnderCTF/Challenges_2025_Public

DUCTF released a challenge that was really fun, from hash_kitten - @assetnote.io !

Happy to be part of the only team that solved it. It was a challenge full of nice tricks - check it out!

github.com/DownUnderCTF...

Read @assetnote.io partial writeup on it : slcyber.io/assetnote-se...

Adobe patches critical Magento admin takeover via menu injection A new attack on Adobe Commerce may break the menu bar for admin users. If your menu bar is missing, someone is stealing your session via CVE-2025-47110.

Sansec published a small article regarding a serious cache poisonning issue I recently found in Adobe Commerce : sansec.io/research/mag...

It is quite a good idea to patch your instances if it's not done - there's even an isolated patch for it!

helpx.adobe.com/security/pro...