All authors

Amirmohammad Safari

Security Researcher

Part-time bug hunter, full-time thinker of thoughts nobody asked for.

Twitter
— Posts 07 / 07
  1. 2026 · 05 · 19

    Two cPanel Zero Day Vulnerabilities
  2. 2026 · 05 · 08

    We Need to Talk About CSRF Again
  3. 2026 · 02 · 10

    When Two Parsers Disagree: Exploiting Query String Differentials for XSS
  4. 2026 · 02 · 03

    Shaking the MCP Tree: a security deep dive
  5. 2025 · 10 · 19

    Cloudflare Image Proxy as a CSPT Gadget: A Cross-Origin CSPT Exploit
  6. 2025 · 06 · 01

    Puny-Code, 0-Click Account Takeover
  7. 2025 · 02 · 15

    CSS Data Exfiltration to Steal OAuth Token