Jekyll2026-06-27T22:41:43+00:00https://aydinnyunus.github.io/feed.xmlYunus Aydın BlogSecurity researcher exploring cybersecurity, vulnerability research, and responsible disclosure. Discover CVEs, conference talks, and security research.Yunus AydınAI Az Önce Bir Secret Sızdırdı2026-06-30T00:00:00+00:002026-06-30T00:00:00+00:00https://aydinnyunus.github.io/2026/06/30/hunting-leaked-secrets-on-github-archive-trYunus AydınYour AI Just Leaked a Secret2026-06-30T00:00:00+00:002026-06-30T00:00:00+00:00https://aydinnyunus.github.io/2026/06/30/hunting-leaked-secrets-on-github-archiveYunus AydınSahte bir iş teklifi aldım. Projedeki npm paketi tam donanımlı bir info-stealer çıktı.2026-06-22T00:00:00+00:002026-06-22T00:00:00+00:00https://aydinnyunus.github.io/2026/06/22/fake-job-offer-npm-supply-chain-malware-foxtopia-trYunus AydınI received a fake job offer. The npm package in the project was a full info-stealer.2026-06-22T00:00:00+00:002026-06-22T00:00:00+00:00https://aydinnyunus.github.io/2026/06/22/fake-job-offer-npm-supply-chain-malware-foxtopiaYunus AydınOdysseus: giriş yapmış herhangi bir kullanıcı sunucu genelindeki embedding endpoint’ini ele geçirebiliyor (broken access control + SSRF)2026-06-16T00:00:00+00:002026-06-16T00:00:00+00:00https://aydinnyunus.github.io/2026/06/16/odysseus-embedding-endpoint-takeover-trYunus AydınOdysseus: any logged-in user can hijack the server-wide embedding endpoint (broken access control + SSRF)2026-06-16T00:00:00+00:002026-06-16T00:00:00+00:00https://aydinnyunus.github.io/2026/06/16/odysseus-embedding-endpoint-takeoverYunus AydınNLTK collocations’da eval() üzerinden komut enjeksiyonu2026-06-07T00:00:00+00:002026-06-07T00:00:00+00:00https://aydinnyunus.github.io/2026/06/07/command-injection-nltk-collocations-eval-trYunus AydınCommand injection in NLTK collocations via eval()2026-06-07T00:00:00+00:002026-06-07T00:00:00+00:00https://aydinnyunus.github.io/2026/06/07/command-injection-nltk-collocations-evalYunus AydınCVE-2026-5728: LollMS chat image upload’unda Content-Type spoofing2026-05-03T00:00:00+00:002026-05-03T00:00:00+00:00https://aydinnyunus.github.io/2026/05/03/content-type-spoofing-lollms-chat-image-cve-2026-5728-trYunus AydınCVE-2026-5728: Content-Type spoofing on LollMS chat image upload2026-05-03T00:00:00+00:002026-05-03T00:00:00+00:00https://aydinnyunus.github.io/2026/05/03/content-type-spoofing-lollms-chat-image-cve-2026-5728Yunus Aydın