Archive (33)

2026-04-12 article Deconstructing CVE-2026-3055: A Critical Memory Disclosure in Citrix NetScaler ADC and Gateway

2026-04-10 article Apache ActiveMQ RCE via Jolokia API (CVE-2026-34197)

2026-04-08 article Anthropic's Claude Mythos: AI's Unprecedented Vulnerability Discovery and Project Glasswing

2026-04-06 article Critical Memory Overread in Citrix NetScaler ADC and Gateway (CVE-2026-3055)

2026-04-04 article Weaponizing Legitimate IT Tools: The Stryker Cyberattack and Microsoft Intune Exploitation

2026-04-02 article Emerging Threats in AI Agent Security: Prompt Injection and Beyond

2026-03-31 article Supply Chain Attack on AI Development Libraries: The LiteLLM Compromise

2026-03-29 article TeamPCP: A Multi-Stage Supply Chain Attack Campaign Targeting Development Tools

2026-03-27 article The Alarming Rise of Vulnerabilities in AI-Generated Code

2026-03-25 article State-Sponsored "Living Off The Land" Attack Wipes 200,000 Devices via Microsoft Intune

2026-03-23 article Unpacking CVE-2026-26144: Zero-Click Data Exfiltration via XSS in Excel with AI Copilot

2026-03-20 article Interlock Ransomware Exploits Cisco Secure Firewall Management Center Zero-Day (CVE-2026-20131) for Root Access

2026-03-18 article AI-Discovered Critical Vulnerability (CVE-2026-21536) in Microsoft Devices Pricing Program

2026-03-15 article Malicious Chrome Extensions Exploiting AI Assistants for Eavesdropping and Data Theft (CVE-2026-0628)

2026-03-13 article Critical Unauthenticated RCE in React Server Components (CVE-2025-55182)

2026-03-11 article AI-Powered Vulnerability Discovery: The Case of CVE-2026-21536 and Microsoft's March Patch Tuesday

2017-10-01 paper PostScript and GhostScript - Ruxcon 2017

2017-05-01 article Sourcetree Arbitrary Command Execution (CVE-2017-8768)

2017-03-01 article WebKit Same-Origin Policy Bypass (CVE-2017-2488)

2017-03-01 article WebKit URL Bar Spoofing (CVE-2017-2486)

2017-01-01 paper Attack Surface Extended by URL Schemes

2017-01-01 article Kingslayer - A supply chain attack -- Part 2

2017-01-01 article Kingslayer - A supply chain attack -- Part 1

2016-11-01 article Lynx Invalid URL Parsing with '?' (CVE-2016-9179)

2016-10-01 article GhostScript Sandbox Bypass Leading to ImageMagick RCE (CVE-2016-7976)

2016-09-01 article Airmail URLScheme Render and file:// XSS

2016-08-01 article Heap Overflow Vulnerabilities in MuPDF (CVE-2016-6525)

2016-06-01 article Ruby: HTTP Header Injection in 'net/http'

2016-01-01 paper Java Unserialization RCE

2015-09-01 writeup SSCTF Writeup

2015-07-01 writeup AliCTF 2015 Writeup

2015-01-01 paper Intranet Penetration

2015-01-01 paper Embedded Devices Hacking