diff --git a/Encoding Transformations/README.md b/Encoding Transformations/README.md
index faa3db54..172decfb 100644
--- a/Encoding Transformations/README.md	
+++ b/Encoding Transformations/README.md	
@@ -106,4 +106,6 @@ admin
 
 * [Puny-Code, 0-Click Account Takeover - Voorivex - June 1, 2025](https://blog.voorivex.team/puny-code-0-click-account-takeover)
 * [Unicode normalization vulnerabilities - Lazar - September 30, 2021](https://lazarv.com/posts/unicode-normalization-vulnerabilities/)
+* [Unicode Normalization Vulnerabilities & the Special K Polyglot - AppCheck - September 2, 2019](https://appcheck-ng.com/unicode-normalization-vulnerabilities-the-special-k-polyglot/)
 * [WAF Bypassing with Unicode Compatibility - Jorge Lajara - February 19, 2020](https://jlajara.gitlab.io/Bypass_WAF_Unicode)
+* [When "Zoë" !== "Zoë". Or why you need to normalize Unicode strings - Alessandro Segala - March 11, 2019](https://withblue.ink/2019/03/11/why-you-need-to-normalize-unicode-strings.html)
\ No newline at end of file
diff --git a/SQL Injection/README.md b/SQL Injection/README.md
index ee808f0f..e658fb5b 100644
--- a/SQL Injection/README.md	
+++ b/SQL Injection/README.md	
@@ -361,24 +361,24 @@ Second Order SQL Injection is a subtype of SQL injection where the malicious SQL
 Unlike first-order SQLi, the injection doesn’t happen right away. It is **triggered in a separate step**, often in a different part of the application.
 
 1. User submits input that is stored (e.g., during registration or profile update).
-   
+
    ```text
    Username: attacker'--
    Email: attacker@example.com
    ```
-   
+
 2. That input is saved **without validation** but doesn't trigger a SQL injection.
 
    ```sql
    INSERT INTO users (username, email) VALUES ('attacker\'--', 'attacker@example.com');
    ```
- 
+
 3. Later, the application retrieves and uses the stored data in a SQL query.
-   
+
    ```python
    query = "SELECT * FROM logs WHERE username = '" + user_from_db + "'"
    ```
-   
+
 4. If this query is built unsafely, the injection is triggered.
 
 ## PDO Prepared Statements
@@ -453,6 +453,7 @@ PDO allows for binding of input parameters, which ensures that user data is prop
     ```
 
 ## Generic WAF Bypass
+
 ---
 
 ### No Space Allowed