When Hospitality Software is Too Hospitable (CVE-2026-21966, CVE-2026-21967)
An XSS Filter Bypass and a Curious SSRF in Oracle Hospitality OPERA
Sharing is Caring: Arbitrary Code Execution for Breakfast
A CTF challenge exploring binary exploitation in C++, gadget mania, and a new form of deserialization attack.
Reverse Engineering a Siemens Programmable Logic Controller for Funs and Vulns (CVE-2024-54089, CVE-2024-54090 & CVE-2025-40757)
When security by obscurity breaks...
Output-Invariant and Time-Based Testing – Practical Techniques for Black-Box Enumeration of LLMs
Abusing inherent context and sluggishness in LLMs for stealthy enumeration of prompt injection points.
5 Weekend Reads You Missed: BOOMlang v2, Blue Team Strikes Back, ET, CVSS 4.1, and DLLModules
Breaking news, awesome stuff happened!
Delay and Interactive Pause in Multi-Threaded Python
It's like musical chairs for threads (except no one gets left behind)!
12 Days of Christmas – Reflections from a Pentester
Secure Your Janky Systems, 2024 Edition