The Cache That Bites Back: GitHub Actions Cache Poisoning Attacks
How attackers turn GitHub Actions' shared build cache into a supply chain weapon — real cases, attack mechanics, detection logic, and mitigations.
Security Research & Analysis
Offensive thinking.
Offensive thinking.
Defensive expertise.
In-depth red team research, blue team strategy — and privacy-first security tools that run entirely in your browser. No accounts. No telemetry. No data leaves your machine.
Featured
Latest research
Archive
Recent posts
When the Weapon Learns: How Nation-States Weaponized AI Across the Full Attack Chain
Google GTIG's May 2026 report documents a turning point: state actors now use AI to write zero-day exploits, build self-navigating backdoors, and poison the AI supply chain itself.
Europe's Digital Independence Push: EuroStack, Sovereign Cloud, and Breaking Free from US Infrastructure
France is migrating 2.5 million government PCs to Linux. Europe is building its own payment network to rival Visa and Mastercard. EuroStack aims to replace AWS and Azure. Here's what's happening, why it matters for security, and how realistic it is.
Dirty Frag & Copy Fail: Two New Linux Kernel Vulnerabilities Grant Root Privileges
Two new Linux kernel vulnerabilities — Dirty Frag (CVE-2026-43284/43500) and Copy Fail (CVE-2026-31431) — enable local privilege escalation to root on nearly all major distros. What users and admins need to know.
CallPhantom: How 28 Fake Apps Collected Payments for Data That Never Existed
ESET uncovered CallPhantom — 28 Android apps with 7.3M downloads that sold fabricated call histories. A deep dive into the fraud mechanics, billing bypass, and how to protect yourself.
AD Attack Chains: From Initial Access to Domain Admin
A complete purple team walkthrough of Active Directory attack chains — from initial foothold through Kerberoasting, DCSync, and Golden Tickets to full domain compromise, with detection rules for every technique.
ADCS Abuse with Certipy: From Low-Priv User to Domain Admin via Certificate Services
Active Directory Certificate Services is installed in most enterprise networks — and almost always misconfigured. Here's how attackers exploit ESC1 through ESC8 with Certipy, and how to detect and stop them.