漏洞报告
【Grammarly】Bypassing the Grammarly plagiarism checker by simply replacing characters in the source text
https://hackerone.com/reports/1282282
【U.S. Dept Of Defense】某站点子域名劫持
https://hackerone.com/reports/1329792
【U.S. Dept Of Defense】某处反射xss
https://hackerone.com/reports/1305472
挖洞技巧
Agent 007:GoCD 中构建管道的预授权接管
https://blog.sonarsource.com/gocd-pre-auth-pipeline-takeover
Fake npm Roblox API Package Installs Ransomware and has a Spooky Surprise
https://blog.sonatype.com/fake-npm-roblox-api-package-installs-ransomware-spooky-surprise
