This guide walks through using Frida to hook common Android methods, print stack traces, and extract runtime data, providing ready-to-use code snippets for functions like HashMap.put, ArrayList.add, TextUtils.isEmpty, Base64 encoding, and UI event handling.
This article provides a comprehensive security analysis of the Model Context Protocol (MCP), exposing multiple attack vectors such as prompt poisoning, tool poisoning, command and code injection, and illustrating how MCP’s design flaws make it more vulnerable than traditional applications while offering concrete mitigation recommendations.
A crypto firm lost hundreds of thousands of USDT after a hard‑coded wallet address, allegedly inserted by an employee who blamed AI, prompting investigators to rule out AI misconduct and highlight human sabotage, while a separate ChatGPT‑generated code snippet secretly exfiltrated private keys, underscoring the emerging security risks of AI‑assisted programming.
This article guides pure frontend developers with little or no Node.js experience through the fundamentals of creating Vite plugins, covering concepts such as code injection, file operations, and file routing, and provides practical examples and best‑practice tips to enhance development efficiency.
A former Bilibili engineer inserted malicious JavaScript into the platform's web frontend, causing some users to see a fake account‑ban notice, which exposed internal code‑review weaknesses and sparked widespread discussion about insider threats and web security.
This article introduces a compile‑time, zero‑intrusion auto‑instrumentation technique for Go applications that enables seamless monitoring, service governance, security checks, and traffic protection through modular JSON‑driven code injection, with practical examples covering HTTP headers, sorting algorithms, SQL injection prevention, and gRPC traffic control.
Python, a widely used high‑level language, suffers from several critical vulnerabilities—including command injection, outdated versions, insecure temporary files, misuse of assert statements, and import path issues—each explained with practical mitigation strategies to help developers secure their applications.
The article explains how using the $PYTHONPATH environment variable and running Python from the Downloads folder can expose systems to code injection attacks, demonstrates exploit examples, and provides safe practices such as using virtualenv and proper path handling to protect Python execution.
The article outlines two Spring Cloud Gateway CVEs—CVE-2022-22947 (critical code injection) and CVE-2022-22946 (medium HTTP/2 TrustManager issue)—detailing their severity, affected versions, and recommended mitigation steps such as upgrading to 3.1.1+, disabling Actuator, or securing it with Spring Security.
This article details how a former technical director inserted malicious code into a company's WeChat payment platform, diverting millions of yuan to his own account, the subsequent investigation, witness testimonies, and the court's judgment sentencing him for large‑scale theft.
A controversial university paper on covertly injecting vulnerabilities into open‑source software sparked a chain of malicious Linux kernel patches, provoked a fierce response from maintainer Greg Kroah‑Hartman, and forced the University of Minnesota to suspend the research amid heated community debate.
This article explains how the open‑source AspectD library enables Aspect‑Oriented Programming in Flutter by modifying the app.dill intermediate file, covering Flutter's compilation process, AST manipulation, point‑cut designs, code conversion flow, and practical use cases such as performance monitoring and page‑view tracking.
This article explains how Python's eval can execute arbitrary code, demonstrates multiple bypass techniques—including __import__, __builtins__ manipulation, and object subclass exploitation—and shows how to safely restrict eval using whitelist globals or ast.literal_eval to prevent code injection and denial‑of‑service attacks.
Understanding the nature of security blind spots, this article explains how malicious modules can attach global hooks to inject arbitrary code into Node.js applications, highlighting the risks of module imports and offering insight into protecting against such injection attacks.
This article explains a practical approach to implementing hot‑update in Unity games by injecting Lua‑based patches into C# methods using SLua and the NRefactory library, detailing the execution environment, code‑injection process, Lua patch creation, and a reusable MethodInjector class.
The article examines why databases are frequent targets of security breaches, explains the most common SQL injection vulnerability, categorizes injection paths, methods, and examples—including manipulation, code, function‑call, and buffer‑overflow attacks—then outlines practical defense measures such as input encryption, database firewalls, and patching.
