This podcast cover a range of cybersecurity vulnerabilities and attack techniques. One source details the reverse engineering of an Android application leading to a remote code execution exploit. Another explores a novel perspective on Server-Side Request Forgery for account takeover. Cross-Window Forgery, a new class of web attack exploiting HTML ID attributes, is also examined. Additionally, the increasing cyber threats to EV charging infrastructure and the role of penetration testing in mitigating them are discussed. Research into exploiting "unexploitable" aspects of Kibana, including remote code execution and prototype pollution, is presented. Furthermore, the concept of smuggling SQL injection queries at the protocol level is explored, alongside vulnerabilities in database wire protocols. DoubleClickjacking, a new UI redressing attack bypassing clickjacking protections, is introduced. Client-Side Path Traversal leading to Cross-Site Request Forgery is another vulnerability discussed, along with hijacking OAuth flows via cookie tossing. Techniques for red teaming Identity Providers like OneLogin and Ping are outlined. Finally, various old and new email attack methods, including address parsing inconsistencies and SMTP injection, are analyzed, and a source code disclosure vulnerability in ASP.NET applications through cookieless sessions is described.