January 27, 2026 Unsafe Reflection Vulnerabilities How unsafe reflection turns user input into arbitrary class instantiation, from the mechanics of CWE-470 to exploitation and prevention across Java and Ruby.

February 18, 2022 Java Deserialization Vulnerabilities Understanding Java deserialization from serialization internals to exploitation, with a walkthrough of using ysoserial gadget chains to achieve RCE on Apache OpenMeetings.