Check out the show notes for links to the articles we covered.

A Scary Season of Appsec News

Hello Proto-ghouls, Dropped Packets, and Zombie Processes,

Halloween is almost here.

What scary costume will you wear this year?

Old-school Freddy Krueger?

A classic vampire?

A howling werewolf?

Client side validation?

Server side JavaScript?

A CVE?

Or,

A path traversal that goes dot, dot, slash?

This was one of the first times where I started to wonder about the economic and efficiency comparisons between fuzzers and LLM-based agents. I wrote more about that in this 2026 article.