A technical deep dive into the discovery of an unauthenticated zero-day vulnerability in the Ninja Forms - File Uploads WordPress extension, which allows arbitrary file uploads, remote code execution, and full server compromise.

Exploiting Heap Buffer Overflow in the authentication daemon used by most High Performance Computer.

Uncovering bypasses, RCE, SSRF, CSRF, and account-takeover vulnerabilities in WSO2 products.

Tracking already-established BLE connections using SDR has its own challenges. With custom firmware and multi-channel listening, the presented approach quickly deduces the hidden hopping parameters needed to follow the connection.

The article analyzes the Secp0 ransomware, which emerged in early 2025 and operates as conventional double-extortion ransomware, encrypting data while threatening public disclosure, targeting Linux systems.

This article provides an analysis of World Leaks, a new extortion platform that emerged in early 2025, detailing its origins, operational challenges, and collaborations with other threat actors.