Turning a SELECT-only PostgreSQL SQL injection into remote command execution when the injected role is a PostgreSQL superuser.

A technical deep dive into the discovery of an unauthenticated zero-day vulnerability in the Ninja Forms - File Uploads WordPress extension, which allows arbitrary file uploads, remote code execution, and full server compromise.

Exploiting Heap Buffer Overflow in the authentication daemon used by most High Performance Computer.

Uncovering bypasses, RCE, SSRF, CSRF, and account-takeover vulnerabilities in WSO2 products.

Tracking already-established BLE connections using SDR has its own challenges. With custom firmware and multi-channel listening, the presented approach quickly deduces the hidden hopping parameters needed to follow the connection.

The article analyzes the Secp0 ransomware, which emerged in early 2025 and operates as conventional double-extortion ransomware, encrypting data while threatening public disclosure, targeting Linux systems.