Articles

Avaliei a segurança digital de 1.000 prefeituras brasileiras. Os resultados mostram um cenário que merece atenção. Continue reading on Medium »

Every few months, the internet discovers a new opinion about VPNs. One week they are essential tools that everyone should use. The next… Continue reading on Med

Hi everyone, I am Trends 24/7 and in this blog I’m going to show you the single most important data structure in all of blockchain, one… Continue reading on Med

A segment-by-segment teardown of a stacked prompt-injection payload: what each piece does, why it works, and how the layers compound. Continue reading on OSINT

Here is everything I know about HTML Injection, how I test for it, how people bypass filters, and what it actually scores on CVSS Continue reading on OSINT Team

The next wave of consumer cybercrime may not arrive through a dramatic hack. It may arrive as a text that says your package is delayed… Continue reading on Medi

CVE-2026–9189. Public on cve.org since 2026–05–29. CVSS 5.3 (CWE-345). Found and reported by me, Muni Nitish Kumar Yaddala, through… Continue reading on Medium

The most dangerous cybersecurity threat of 2026 isn’t a Russian APT group. It’s Karen from Accounting clicking “Claim Your Prize.” Continue reading on Medium »

If you opened a bank account, a digital wallet, and a marketplace signup this week, you probably uploaded the same government ID three… Continue reading on Medi

Somewhere on a network right now, a username and password are crossing the wire in plain, readable text — and someone could be quietly… Continue reading on Medi

You keep seeing two terms thrown around everywhere in active directory write-ups: Responder and Pass-the-Hash (PtH). Continue reading on Medium »

SOAR platforms are designed to execute security actions automatically. They possess privileged access to firewalls, EDR, Active Directory… Continue reading on M

# 120+ SOC & DFIR Tools Every Windows Server Incident Responder Needs in 2026 Continue reading on Medium »

LameHug didn’t carry its attack commands. On every infected PC it asked a chatbot to write them fresh — the first malware caught… Continue reading on Medium »

We did it manually. Now let’s see what happens when you hand it to a tool. Last part of the SSTI series. Continue reading on System Weakness »

A beginner-friendly penetration testing walkthrough of the DC-1 boot2root machine Continue reading on Medium »

The Ultimate Account Takeover One-Two Punch Continue reading on InfoSec Write-ups »

IPv4 addresses remain the backbone of the internet. Continue reading on Medium »

One of the mistakes security professionals occasionally make is assuming attackers care about technology. Continue reading on Medium »

Russian forces used 43 FPV drones to bring down a two-lane road bridge, suggesting that small drones can successfully destroy a range of infrastructure targets.

For years, the threat of quantum computing lived comfortably in the category of “interesting but distant,” but that comfort is gone.

If your network is still flat between radiology and the rest of your biomed estate, you are out of step with both the threat and the regulator.

The npm Ecosystem Is Being Used as a Weapon: Understanding Modern Supply-Chain Worms Continue reading on Medium »

Lab 9 - Reflected XSS into attribute with angle brackets HTML-encoded. Continue reading on Medium »