Cookies

• Existence oracle for Secure cookies on insecure Web origins Sep 12
• Scraping the bottom of the CORS barrel (part 1) Aug 4
• CVE-2022-21703: cross-origin request forgery against Grafana Feb 8

• Abusing Slack's file-sharing functionality to de-anonymise fellow workspace members Oct 12
• Subdomain takeover: ignore this vulnerability at your peril Feb 12
• The great SameSite confusion Jan 29