Archive (62)

2026-06-08 article Microsoft Defender Zero-Days (BlueHammer, RedSun, UnDefend) and the Responsible Disclosure Debate

2026-06-06 article Microsoft's MDASH: Pioneering AI-Driven Vulnerability Discovery

2026-06-04 article CVE-2026-0257: GlobalProtect Authentication Bypass via Cookie Manipulation

2026-06-02 article Palo Alto Networks PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257)

2026-05-31 article AI-Generated Zero Days: The Evolving Landscape of Autonomous Vulnerability Discovery

2026-05-29 article Exploiting CVE-2024-24919: Critical Information Disclosure in Check Point Security Gateways

2026-05-27 article Deep Dive into CVE-2024-24919: The Check Point Security Gateway Information Disclosure Zero-Day

2026-05-25 article Chaining CVE-2024-4358 and CVE-2024-1800 for Unauthenticated RCE in Telerik Report Server

2026-05-23 article CVE-2024-32002: Remote Code Execution via Git Submodule Case-Insensitivity Confusion

2026-05-21 article Deep Dive into CVE-2024-34351: The Next.js SSRF Vulnerability via Header Manipulation

2026-05-19 article CVE-2024-32002: Achieving Remote Code Execution via Git Submodule Symbolic Links

2026-05-17 article TunnelVision: De-cloaking VPN Traffic via DHCP Option 121 (CVE-2024-3661)

2026-05-16 article TunnelVision (CVE-2024-3661): Decloaking VPNs via DHCP Option 121

2026-05-14 article NGINX Rift: 18-Year-Old Heap Buffer Overflow in Rewrite Module (CVE-2026-42945)

2026-05-12 article TunnelVision (CVE-2024-3661): Bypassing VPN Encapsulation via DHCP Option 121

2026-05-10 article CVE-2024-4040: Technical Analysis of the CrushFTP VFS Sandbox Escape Zero-Day

2026-05-08 article Kaspersky Uncovers DAEMON Tools Supply Chain Attack via Compromised Signed Installers

2026-05-06 article Linux Kernel "Copy Fail" Local Privilege Escalation (CVE-2026-31431)

2026-05-04 article AI's Breakthrough in Vulnerability Discovery: The Rise of Autonomous Security Research

2026-05-02 article Critical GitHub RCE (CVE-2026-3854) via Malicious Git Push Options

2026-04-30 article Supply Chain Attack on Bitwarden CLI via npm Package Hijacking

2026-04-28 article The Deluge of AI-Discovered Zero-Day Vulnerabilities and its Impact on Cybersecurity

2026-04-26 article Microsoft Defender Zero-Day Privilege Escalation (CVE-2026-33825)

2026-04-24 article Vercel Breach: OAuth Supply Chain Attack and the Exposure of Environment Variables

2026-04-22 article Mythos: Anthropic's AI Model and its Autonomous Zero-Day Exploitation Capabilities

2026-04-20 article CVE-2026-32201: Actively Exploited SharePoint Server Spoofing Vulnerability

2026-04-18 article April 2026 Microsoft Patch Tuesday Highlights: Actively Exploited SharePoint Zero-Day and Critical RCEs

2026-04-16 article AI's Autonomous Zero-Day Discovery: Anthropic's Claude Mythos Reshaping Vulnerability Research

2026-04-14 article Actively Exploited Adobe Acrobat Reader Prototype Pollution Vulnerability (CVE-2026-34621)

2026-04-12 article Deconstructing CVE-2026-3055: A Critical Memory Disclosure in Citrix NetScaler ADC and Gateway

2026-04-10 article Apache ActiveMQ RCE via Jolokia API (CVE-2026-34197)

2026-04-08 article Anthropic's Claude Mythos: AI's Unprecedented Vulnerability Discovery and Project Glasswing

2026-04-06 article Critical Memory Overread in Citrix NetScaler ADC and Gateway (CVE-2026-3055)

2026-04-04 article Weaponizing Legitimate IT Tools: The Stryker Cyberattack and Microsoft Intune Exploitation

2026-04-02 article Emerging Threats in AI Agent Security: Prompt Injection and Beyond

2026-03-31 article Supply Chain Attack on AI Development Libraries: The LiteLLM Compromise

2026-03-29 article TeamPCP: A Multi-Stage Supply Chain Attack Campaign Targeting Development Tools

2026-03-27 article The Alarming Rise of Vulnerabilities in AI-Generated Code

2026-03-25 article State-Sponsored "Living Off The Land" Attack Wipes 200,000 Devices via Microsoft Intune

2026-03-23 article Unpacking CVE-2026-26144: Zero-Click Data Exfiltration via XSS in Excel with AI Copilot

2026-03-20 article Interlock Ransomware Exploits Cisco Secure Firewall Management Center Zero-Day (CVE-2026-20131) for Root Access

2026-03-18 article AI-Discovered Critical Vulnerability (CVE-2026-21536) in Microsoft Devices Pricing Program

2026-03-15 article Malicious Chrome Extensions Exploiting AI Assistants for Eavesdropping and Data Theft (CVE-2026-0628)

2026-03-13 article Critical Unauthenticated RCE in React Server Components (CVE-2025-55182)

2026-03-11 article AI-Powered Vulnerability Discovery: The Case of CVE-2026-21536 and Microsoft's March Patch Tuesday

2017-10-01 paper PostScript and GhostScript - Ruxcon 2017

2017-05-01 article Sourcetree Arbitrary Command Execution (CVE-2017-8768)

2017-03-01 article WebKit Same-Origin Policy Bypass (CVE-2017-2488)

2017-03-01 article WebKit URL Bar Spoofing (CVE-2017-2486)

2017-01-01 paper Attack Surface Extended by URL Schemes

2017-01-01 article Kingslayer - A supply chain attack -- Part 2

2017-01-01 article Kingslayer - A supply chain attack -- Part 1

2016-11-01 article Lynx Invalid URL Parsing with '?' (CVE-2016-9179)

2016-10-01 article GhostScript Sandbox Bypass Leading to ImageMagick RCE (CVE-2016-7976)

2016-09-01 article Airmail URLScheme Render and file:// XSS

2016-08-01 article Heap Overflow Vulnerabilities in MuPDF (CVE-2016-6525)

2016-06-01 article Ruby: HTTP Header Injection in 'net/http'

2016-01-01 paper Java Unserialization RCE

2015-09-01 writeup SSCTF Writeup

2015-07-01 writeup AliCTF 2015 Writeup

2015-01-01 paper Intranet Penetration

2015-01-01 paper Embedded Devices Hacking