Cybersecurity

Bypassing Zammad's AI text tool authorization via REST API (CVE-2026-34782 / CVE-2026-34837)

How missing authorization checks in Zammad's REST API let agents execute group-restricted AI text tools and inject unauthorized ticket context into AI prompts.

Bypassing Wazuh's UNC Mitigation in Windows OSQuery via \\?\UNC\ (CVE-2025-30201 / GHSA-x697-jf34-gp5x)

How I bypassed Wazuh's UNC path mitigation in Windows OSQuery using extended-length UNC paths (\\?\UNC\), leaking NetNTLMv2 hashes despite the original CVE-2025-30201 fix.

Detecting the Notepad++ Supply Chain Attack: A PowerShell Triage Script

A PowerShell-based triage script to check systems for indicators of compromise related to the Notepad++ supply chain attack attributed to Lotus Blossom APT.