Long-form writeups of recent CVEs, methodology for finding the same class of bugs in the wild, and the occasional rant about why the industry keeps shipping the same mistake in a new framework. Read at your own risk — you may end up filing reports.
I'm zvenden10 — a security researcher who spends most days reading source code that someone else thought was finished, and the rest writing reports about why it wasn't.
This blog is where I publish what I learn: deep dives on CVEs that caught my attention, methodology notes from bug bounty work, and the occasional rant about an industry that keeps shipping the same mistake in a new framework.
No newsletter, no course, no affiliate links. Read carefully, then go test something on a program that has explicit permission. Get in touch if you want to compare notes.