This is research on detecting attacks on Kerberos using traffic analysis.

Our security agent found a business logic flaw in how Netty handled one of the internet's oldest and most trusted protocols. To understand the vulnerability, we need to take a quick journey back to the humble beginnings of email.

Magento is still one of the most popular e-commerce solutions in use on the internet, estimated to be running on more than 130,000 websites. It is also offered as an enterprise offering by Adobe under the name Adobe Commerce, which receives automatic patching.…

I was recently flying between HKG & LHR via British Airways. I’d done the same flight back in 2023, and remember relying on the in-flight entertainment for the 14 hour journey. However, this time on my way to London, they had an interesting offer: Free WiFi…

ZeroPath's AI-based static analyzer uncovered 170 verified issues in curl, from C footguns to logic and RFC compliance bugs across HTTP/3, SMTP, IMAP, TFTP, Telnet, and SSH/SFTP, with curl maintainer Daniel Stenberg praising the quality -- proof that AI source…

Local LLMs prioritize privacy over security. Our research reveals a 95% backdoor injection success rate.

2 min read

We found a path traversal vulnerability in Smithery.ai that compromised over 3,000 MCP servers and exposed thousands of API keys. Here's how a single Docker build bug nearly triggered one of the largest AI supply chain attacks to date.

Join Chris Young's workshop to discover the 9 core principles of infrastructure security. They are proven, repeatable, and often ignored.

AI browsers remain vulnerable to prompt injection attacks via screenshots and hidden content, allowing attackers to exploit users' authenticated sessions.

Walkthrough of how to embed frida noscripts in apps to distribute proper mods. Supports frida 17+.

A detailed account of how my personal AWS account was compromised, the attack timeline, and lessons learned from a cloud security incident.

After a major takedown, LockBit is back with version 5.0, targeting Windows, Linux, and ESXi systems worldwide. Check Point Research reveals new victims.

Edera uncovers TARmageddon (CVE-2025-62518), a Rust async-tar RCE flaw exposing the real dangers of open-source abandonware and supply chain security.

Adversis releases a Burp Extension for NextJS Hash-to-Function Mapping

In June, 2025, Shubs Shah and I discovered a vulnerability in the online poker website ClubWPT Gold which would have allowed an attacker to fully access the core back office application that is used for all administrative site functionality.