Check my other posts & tools MeetC2 & AWS XRayC2..

Overview

Some time ago I documented how I configured WireGuard on my OpenWrt router at home, to connect securely to my home network (and the Internet, really) from wherever I am.
I feel safer connecting to public Wi-Fi this way, also abroad when it allows me to save…

ZeroPath uncovered an unauthenticated API key creation flaw in better-auth's API keys plugin that enables attackers to mint privileged credentials for arbitrary users; this post details the bypass, exploitation path, and how we found it.

An undocumented parameter of the "web-auth" command could allow an authenticated attacker to execute commands remotely due to improper input sanitization, potentially resulting in full device compromise.

Our agents discovered the vulnerability, provided a risk assessment, and generated a patch autonomously. I shared the results with the Netty maintainers who assigned CVE-2025-59419 and merged our fix.

Magento is still one of the most popular e-commerce solutions in use on the internet, estimated to be running on more than 130,000 websites. It is also offered as an enterprise offering by Adobe under the name Adobe Commerce, which receives automatic patching.…

I was recently flying between HKG & LHR via British Airways. I’d done the same flight back in 2023, and remember relying on the in-flight entertainment for the 14 hour journey. However, this time on my way to London, they had an interesting offer: Free WiFi…

Local LLMs prioritize privacy over security. Our research reveals a 95% backdoor injection success rate.

2 min read