We're leveling your security
Through a cybersecurity intelligence and learning platform delivering in-depth coverage of data breaches, cyberattacks, vulnerabilities, and offensive/defensive security insights.
Latest Updates
Understanding CVE-2025-7659: A High-Severity GitLab Web IDE Vulnerability
An analysis of CVE-2025-7659, a high-severity vulnerability in the GitLab Web IDE that could allow for the theft of private access tokens due to incomplete input validation.
WAGO Industrial Switches: Understanding CVE-2026-22903, CVE-2026-22904, and CVE-2026-22906
An analysis of three critical vulnerabilities in WAGO Industrial Managed Switches, including stack-based buffer overflows and hard-coded cryptographic keys.
Critical WPvivid Backup Flaw (CVSS 9.8) - CVE-2026-1357
A critical unauthenticated arbitrary file upload vulnerability (CVSS 9.8) in the WPvivid Backup & Migration plugin allows for full site takeover.
Adobe February 2026 Security Updates Explained
A breakdown of Adobe's February 2026 security updates, covering 44 CVEs across nine products and prioritizing which patches matter most for creative and enterprise environments.
Understanding the February 2026 SAP Security Updates
A summary of the critical vulnerabilities addressed in SAP's February 2026 Security Patch Day, including a high-impact SQL injection and an authorization bypass.
Reflections on Cybercrime, Trust, and Responsibility
A Q&A with Brett Johnson, former ShadowCrew founder, on reflection, accountability, and prevention in cybercrime, focusing on human and systemic factors.
BridgePay and the Anatomy of a Ransomware Incident
An analysis of the BridgePay ransomware attack using the CyberLeveling Breach Anatomy Model, exploring how the incident became possible and what it reveals about risks in financial infrastructure.
Understanding Microsoft’s February 10, 2026 Security Update: What You Need to Know
A breakdown of Microsoft's February 2026 security update, focusing on the most critical RCE and security bypass vulnerabilities across Windows, Office, and Azure.
CVE Review: CVE-2026-1486 and CVE-2026-1529 in Keycloak
An analysis of two logic flaws in Keycloak (CVE-2026-1486 and CVE-2026-1529) that could allow authorization bypass and unauthorized access.
CVE-2026-25848: A Critical Authentication Bypass in JetBrains Hub
An analysis of CVE-2026-25848, a critical authentication bypass in JetBrains Hub that allows unauthenticated administrative actions, and why it poses a serious risk.
CVE-2026-25892 Explained: When a Small Bug Turns Into a Big Denial of Service
An analysis of CVE-2026-25892, a denial of service vulnerability in Adminer caused by improper input validation, and how it can impact service availability.
Analyzing Phishing Emails: A Practical SOC Analyst Guide to URLs, Attachments, and Threat Intelligence
A step-by-step guide for SOC analysts on how to safely analyze phishing emails, extract indicators, and use threat intelligence to determine impact.
A Guide to Europe’s Big Cybersecurity Conferences in 2026
A curated overview of some of the most well-known cybersecurity conferences taking place across Europe in 2026.
Guide to threat hunting Hunting LOLBins/GTFOBins
A field manual for threat hunters on how to hunt for Living Off the Land Binaries (LOLBins) on both Windows and Linux systems.
When a University Goes Dark: Lessons from the La Sapienza Cyberattack
An analysis of the cyberattack on La Sapienza University, applying a seven-level framework to understand the incident's causes, impact, and lessons for other large institutions.
Why Unauthenticated Admin Takeovers Keep Happening in WordPress Plugins CVE-2025-15027
An analysis of CVE-2025-15027, a critical privilege escalation vulnerability in the JAY Login & Register WordPress plugin that allows for a full site takeover without authentication.
CVE-2026-25751: Critical Information Disclosure in FUXA SCADA Software
An analysis of CVE-2026-25751, a critical information disclosure vulnerability in FUXA SCADA software that can lead to full system compromise.
When “Trusted” Infrastructure Isn’t: How Attackers Abuse Microsoft Cloud Services for Phishing
An analysis of how attackers are using trusted Microsoft cloud services like Azure Blob Storage to host phishing campaigns, bypassing traditional security controls.
Understanding the Flickr Data Breach (February 2026): A Clear Look at What Happened and Why
An analysis of the Flickr data breach, where a third-party email service provider's vulnerability led to potential user data exposure, highlighting supply chain risks.
CVE-2026-1731 Explained: A Critical Pre-Authentication RCE in BeyondTrust
An analysis of CVE-2026-1731, a critical pre-authentication RCE in BeyondTrust Remote Support and Privileged Remote Access, and its risks.