AnchorSec’s research team investigate the Liferay application and find a Cross-Site Scripting vulnerability that leads to Remote Code Execution, via CAPTCHA bypass. This blog explains the vulnerability and how it was exploited.

AnchorSec’s founder, Gareth, develops a tool to help him find and verify Regular Expression Denial of Service (ReDoS) vulnerabilities in code. This blog explores the cause of this class of vulnerability, how to find ReDoS vulnerabilities and the implications for security. The blog also describes the development of a new tool to assist in finding these vulnerabilities, and the next steps for security testers.

AnchorSec’s founder, Gareth, develops a tool to help him find and verify Regular Expression Denial of Service (ReDoS) vulnerabilities in code. This blog explores the cause of this class of vulnerability, how to find ReDoS vulnerabilities and the implications for security. The blog also describes the development of a new tool to assist in finding these vulnerabilities, and the next steps for security testers.

AnchorSec explores the key themes shaping cyber security in 2026 and shares ideas to help you navigate the changes and protect your business. From accelerating use of AI to upcoming legislation, this blog contains straightforward advice to stay on top of the trends.

OT environments were not initially designed with security as a priority. As OT environments become increasingly connected to IT infrastructure, and our daily lives become ever more dependent on the smooth, safe running of this technology, ensuring it is deployed, maintained and operated securely is increasingly important.

As organisations embrace the cost benefits and technical capabilities of automated tools and AI supported security testing, AnchorSec asks what the implications are for the offensive security industry, and the real world security of your IT systems.

A write-what-where vulnerability was discovered in LibTiff. Here we discuss some of the details of the finding.

I recently embarked upon a journey through time and space to learn some new things, challenge myself technically and wipe off the rust of a near dead skill I once used to cultivate when cybersec was still a little more space cowboy.