2025
When WebSockets Lead to RCE in CurseForge
An unauthenticated local WebSocket server in the CurseForge launcher allowed any website to trigger remote code execution via attacker-controlled JVM arguments.
Supershy: Remote Code Execution in a VPN Client
How I found a RCE vulnerability in a privacy VPN.
Lockbit Wallet Tracking
Scanned 62k Bitcoin addresses from the LockBit ransomware leak to see which wallets were funded. Here’s what I found.
