SameSite

• Scraping the bottom of the CORS barrel (part 1) Aug 4
• CVE-2022-21703: cross-origin request forgery against Grafana Feb 8

• Abusing Slack's file-sharing functionality to de-anonymise fellow workspace members Oct 12
• The great SameSite confusion Jan 29