Blog & Articles | nemati ai

Blog & ArticlesExplore our collection of in-depth articles, insights, and stories from our community. Stay updated with the latest trends and best practices.

Cybersecurity5 hours ago31 sec read

PostMessage Misconfiguration + AI Prompt Injection + Sandbox Escape = XSS & Data Exfiltration

The exploit involves two HTML pages: first sets window.name and opens a second page; second contains an iframe to the target sandbox origin, listens f...The exploit involves two HTML pages: first sets window.name and opens a second page; second contains an iframe to the target sandbox origin, listens for messages from exploited iframe, and uses window.open(url, "Baymax") to navigate original window t...

Ali Nemati

Cybersecurity5 hours ago38 sec read

️Turning Directory Data into Domain Access

The document outlines steps for initial reconnaissance and exploitation in a Kerberos-secured Windows environment using tools like Windapsearch and Im...The document outlines steps for initial reconnaissance and exploitation in a Kerberos-secured Windows environment using tools like Windapsearch and Impacket's GetNPUsers script. The process begins by identifying accessible domain resources anonymousl...

Ali Nemati

Cybersecurity5 hours ago25 sec read

I Built the Ultimate CompTIA Security+ Roadmap! (You don't need anything else)

The author created a comprehensive resource index for preparing for the CompTIA Security+ exam, addressing the issue of outdated and scattered informa...The author created a comprehensive resource index for preparing for the CompTIA Security+ exam, addressing the issue of outdated and scattered information. This curated roadmap includes four phases designed to guide learners through foundational know...

Ali Nemati

Cybersecurity5 hours ago25 sec read

Team Work Makes The (CTF) Dream Work

The article discusses how to form an effective Capture The Flag (CTF) team, emphasizing diversity in expertise, global dispersion for 24/7 support, ac...The article discusses how to form an effective Capture The Flag (CTF) team, emphasizing diversity in expertise, global dispersion for 24/7 support, active learning, and technical skills for hosting infrastructure. It highlights the importance of regi...

Ali Nemati

Cybersecurity5 hours ago39 sec read

Zomato Privacy Flaw: How the 'Friend Recommendations' Feature Enables Location Stalking

The article discusses how an attacker can exploit Zomato's API to gather sensitive information about users through their phone numbers and mutual conn...The article discusses how an attacker can exploit Zomato's API to gather sensitive information about users through their phone numbers and mutual connections. By scraping data from the app, one can obtain details such as restaurant preferences, speci...

Ali Nemati

Cybersecurity5 hours ago54 sec read

I Reverse-Engineered Zomato's Food Rescue Feature - Here's What I Found Inside

A tech enthusiast reverse-engineered Zomato's "Food Rescue" feature, which alerts users about discounted food from canceled orders, to create an autom...A tech enthusiast reverse-engineered Zomato's "Food Rescue" feature, which alerts users about discounted food from canceled orders, to create an automated notification system. The investigation revealed Zomato's use of server-driven UI and MQTT for r...

Ali Nemati

Cybersecurity6 hours ago25 sec read

I Found a Bug That Exposed Private Instagram Posts to Anyone.

A security researcher discovered a vulnerability in Instagram that allowed unauthenticated access to private posts through specific HTTP requests. Met...A security researcher discovered a vulnerability in Instagram that allowed unauthenticated access to private posts through specific HTTP requests. Meta patched the issue but closed the case as "Not Applicable," raising concerns about transparency and...

Ali Nemati

Cybersecurity7 hours ago34 sec read

When Proxies Become the Attack Vectors in Web Architectures

Summary: The article discusses vulnerabilities in HTTP headers that can be exploited through reverse proxies to bypass security controls. It covers tw...Summary: The article discusses vulnerabilities in HTTP headers that can be exploited through reverse proxies to bypass security controls. It covers two main types of attacks: header injection via normalization discrepancies (OAuth2-proxy underscore b...

Ali Nemati

Tech & Gadgets8 hours ago27 sec read

Google starts rolling out Gemini in Chrome to users in Canada, India and New Zealand

Google has expanded its Gemini-powered features in Chrome to users in Canada, India, and New Zealand, adding support for 50 languages including French...Google has expanded its Gemini-powered features in Chrome to users in Canada, India, and New Zealand, adding support for 50 languages including French, Gujarati, Hindi, and Spanish. This rollout is significant as it integrates AI capabilities directl...

Ali Nemati

Travel8 hours ago29 sec read

BREAKING: Global Entry will resume Wednesday, Trump administration confirms

The Trump administration has confirmed that Global Entry services will resume at 5 a.m. EST on Wednesday, ending a suspension that began on February 2...The Trump administration has confirmed that Global Entry services will resume at 5 a.m. EST on Wednesday, ending a suspension that began on February 22 due to the partial government shutdown. This decision reverses an unpopular move and comes as the ...

Ali Nemati

Cybersecurity9 hours ago28 sec read

Microsoft Patch Tuesday, March 2026 Edition

Microsoft released security updates for 77 vulnerabilities in Windows and other software, including critical flaws in SQL Server, .NET applications, a...Microsoft released security updates for 77 vulnerabilities in Windows and other software, including critical flaws in SQL Server, .NET applications, and Microsoft Office that could allow remote code execution or privilege escalation. Notably, an AI a...

Ali Nemati

Gaming10 hours ago25 sec read

Minishoot' Adventures Review

Minishoot' Adventures blends classic Zelda elements with twin-stick shooter gameplay, offering a delightful 10-hour experience on Nintendo Switch 2 th...Minishoot' Adventures blends classic Zelda elements with twin-stick shooter gameplay, offering a delightful 10-hour experience on Nintendo Switch 2 that pays homage to The Legend of Zelda while maintaining its own identity. Content creators can learn...

Ali Nemati