Team82 uncovered a one-click remote-code execution vulnerability affecting IDIS Cloud Manager viewer that could be exploited to give an attacker the ability to view live video feeds, recordings, and search images on the video surveillance system.

Stop hypervisor escapes. Compare KASLR vs HVCI, calculate SED TCO ($0.04/GB), and eliminate config drift. Deterministic engineering for Day 2 Ops.

The gap between tracking where data flows and reasoning about whether the logic is correct.

A deep dive into OpenSSL’s January 2026 CMS and PKCS#12 vulnerabilities, including a pre-auth stack overflow and a PKCS#12 parsing bug.

Following the search of Washington Post reporter Hannah Natanson’s home, here are concrete steps to take to safeguard yourself and your sources

Swarmer enables stealthy Windows registry persistence by exploiting mandatory user profiles and the Offline Registry API to bypass EDR detection. Learn how this technique leverages NTUSER.MAN files to modify the registry without triggering standard API monitoring.

28,194 threats detected. Interactive analysis of AI attack patterns targeting LLMs and AI agents.

In this post, I introduce and demonstrate the attack method Blind Boolean-Based Prompt Injection (BBPI) which is a prompt injection…

Horizon3.ai discovered multiple vulnerabilities in SolarWinds Web Help Desk that enable unauthenticated remote code execution.

[this work was conducted collaboratively by Bryan Alexander and Jordan Whitehead] This post details several vulnerabilities discovered in the popular online game Command & Conquer: Generals. We recently presented some of this work at an information security…

AI-driven penetration testing now executes thousands of actions per hour but still lacks the strategic intuition humans apply in competitive security. To build cybersecurity superintelligence...

Overview Over the past few weeks, I have been tracking a credential harvesting campaign that repeatedly abuses newly registered *.contractors domains to deliver Gmail and Microsoft 365/Outlook phis…

Share passwords and credentials securely with self-destructing, encrypted links. Zero-knowledge encryption means we never see your data.

Security research, vulnerability disclosures, and application security insights.

Our AI pentester, Hackian, found a RCE on Clawdbot/Moltbot by hacking it fully autonomously in under 2 hours. Learn how and read the logs in this blog.

CVE-Alert helps organizations and individuals track Common Vulnerabilities and Exposures (CVEs) in real-time with vendor/product subscriptions and email notifications.

A defensive technique for constraining LLM agent database access using object-capabilities, plus a live CTF challenge.