CVE-2026-30815 An os command injection vulnerability exists in the Openvpn configuration restore client_connect functionality of Tp-Link Archer AX53 v1.0 1.3.1 Build 20241120 rel.54901(5553). A specially crafted configuration value can lead to arbitrary command execution. An attacker can upload a malicious file to trigger this vulnerability. The versions below were either […]

# Make it Blink: Over-the-Air Exploitation of the Philips Hue Bridge The year-end edition of **Pwn2Own** took place in Cork, Ireland. For the first time, this event featured smart home devices, including the **Amazon Smart Plug**, **Home Assistant Green**, and the **Philips Hue Bridge**. The attack scenario defined by the […]

# The Danger of Multi-SSO AWS Cognito User Pools 05 May 2026 – Posted by Francesco Lacerenza, Mohamed Ouad After a small detour, the **CloudSecTidbits** series is back with new episodes. We had the opportunity to present them at the first DEFCON in Singapore few days ago during our DemoLabs […]

# Copirate 365 at DEF CON: Plundering in the Depths of Microsoft Copilot (CVE-2026-24299) This is a writeup of my DEF CON Singapore talk that walks through vulnerabilities and exploits in M365 Copilot and Consumer Copilot. I disclosed these to Microsoft last year. MSRC assigned CVE-2026-24299 and the issues are […]

CVE-2025-58074 A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store. A low-privilege user can replace files during the installation process, which may result in deletion of arbitrary files that can lead to elevation of privileges. The versions below were either tested or verified […]

# From a stale README to a security research intelligence platform A stale security-papers README grew into AI Scholar: a production system that ingests papers, deduplicates identities, extracts structured security-research records, maps the corpus as an atlas, and surfaces tensions between papers before I read them end to end. ## […]

Some organisations’ most sensitive information is only ever discussed in person. Ironically, the equipment in meeting rooms, conference halls, and other physical locations is often among the least-monitored and most insecurely-configured attack surfaces in an organisation. I recently got the opportunity to research some of this equipment to better understand […]

Since I published Carrot disclosure: Forgejo two days ago, numerous things happened: – Friends of mine were reached out to, to “talk to me from a place of trust”, or simply to tell them what an horrible person I am, which they found hilarious. – The toot linking to the […]

In early 2026, Shielder was hired by OSTIF to perform a security audit of Inspektor Gadget, an eBPF-based framework that provides powerful and flexible observability tools for Kubernetes and Linux hosts. **Today, we are publishing the full report in our dedicated repository**. Inspektor Gadget is both a framework and a […]

# Bypassing Windows authentication reflection mitigations for SYSTEM shells – Part ② In part 1 of this blogpost series, we proved our initial theory that the patch for CVE-2025-33073 was insufficient, by disclosing a trivial NTLM reflection vulnerability leading to LPE. In this second part, we turn to Kerberos and […]