Lightning Security Blog

Security findings by Jack Cable

LinkedIn AutoFill Exposed Visitor Name, Email to Third-Party Websites

April 19, 2018

Bypassing Payment Using Webhooks

March 13, 2018

Don't Trust the Host Header for Sending Password Reset Emails

December 13, 2017

Exploiting and Protecting Against Race Conditions

November 1, 2017

Password Not Provided - Compromising Any Flurry User's Account [Yahoo Bug Bounty]

August 15, 2017

How I Hacked Medium’s Top Stories

August 7, 2017