Security Vulnerability articles

1/14/2026 • EN

Claude Cowork Exfiltrates Files

Security researchers found a vulnerability in Claude Cowork allowing data exfiltration via the Anthropic API, bypassing default HTTP restrictions.

Anthropic API API Security Data Exfiltration prompt injection Security Vulnerability

Simon Willison

12/19/2025 • EN

Introducing RSC Explorer

Introduces RSC Explorer, an open-source tool for visualizing and understanding the React Server Components protocol and its streaming behavior.

Debugging Tool react server components Rsc Protocol Security Vulnerability serialization

Dan Abramov

11/6/2025 • EN

Open redirect endpoint in Datasette prior to 0.65.2 and 1.0a21

Security advisory for Datasette open redirect vulnerability fixed in versions 0.65.2 and 1.0a21, including additional features.

Datasette Github Advisory Open Redirect Python Security Vulnerability

Simon Willison

10/28/2025 • EN

Understanding the worst .NET vulnerability ever: request smuggling and CVE-2025-55315

Analysis of CVE-2025-55315, a critical HTTP request smuggling vulnerability in ASP.NET Core with a CVSS 9.9 score, its impact, and mitigation.

Aspnet Core Cve 2025 55315 HTTP Request Smuggling Security Vulnerability web security

Andrew Lock

1/26/2025 • EN

Responsible disclosure: retrieving a user's private Facebook friends.

A security researcher details a privacy flaw allowing retrieval of private Facebook friends via Instagram's signup process, and the responsible disclosure timeline.

Data Privacy Facebook API Instagram API Responsible Disclosure Security Vulnerability

Riccardo Padovani

1/26/2025 • EN

Responsible disclosure: improper access control in Gitlab private project.

A security researcher details a GitLab access control vulnerability, its disclosure timeline, and the communication issues with GitLab's security team.

Access Control Gitlab Private Projects Responsible Disclosure Security Vulnerability

Riccardo Padovani

12/6/2018 • EN

Critical Vulnerability in Kubernetes API Server (CVE-2018-1002105)

Analysis of CVE-2018-1002105, a critical Kubernetes API server vulnerability allowing privilege escalation and arbitrary backend requests.

api server authentication Cve 2018 1002105 Kubernetes Security Vulnerability

Marco Lancini

Security Vulnerability Articles