Jashid Sany

Security researcher and malware developer. Offensive security, Windows internals, and AI coding tool vulnerability research.

Security Research Malware Dev HackTheBox

Latest Posts

Windsurf Cascade: Overly Permissive IDE Agent Bypasses Auto Execution Controls

Windsurf’s Cascade agent reads and writes files outside the workspace with zero confirmation, even with Auto Execution set to Disabled. The review prompt on writes is cosmetic: files exist on …

Windsurf Cascade: Indirect Prompt Injection and Credential Exfiltration via Github Gists

How a hidden HTML comment in a GitHub Gist caused Windsurf’s Cascade agent to read SSH keys and AWS credentials, then exfiltrate them to an attacker-controlled endpoint with zero user …

Research Paper: Trust Boundary Failures in AI Coding Agents

Empirical analysis of MCP configuration attacks in Claude Code with enterprise defensive architecture recommendations.

Enterprise Risk Assessment: Claude Desktop and Cowork Security

Comprehensive security risk assessment for organizations deploying Claude Desktop and Cowork in regulated environments, covering publicly disclosed vulnerabilities and independent research findings.

Claude Code Finding 4: Remote Control Session Hijacking via Missing Per-Session Authentication

The Claude Code remote-control session events endpoint lacks per-session authentication, enabling invisible remote command execution from any machine on the internet.