[CVE-2026-34612] AI-Assisted Discovery of SQL Injection Leading to RCE in Kestra v1.3.2I. Introduction Kestra is an open-source tool that helps automate and manage workflows. It allows users to create and run workflows on a schedule or when an event occurs. With Kestra, users can easilyMay 17, 2026·5 min read
[ZVE-2025-3566] Stored XSS to RCE in Manage Engine OpManagerIn this article, I share my experience discovering a stored XSS vulnerability in Manage Engine OpManager and the creative approach taken to escalate its severity to achieve remote code execution (RCE). The vulnerability stems from inconsistencies in ...Jul 30, 2025·3 min read
Two RCE Design Flaws in ManageEngine Exchange Reporter Plus 5721ManageEngine Exchange Reporter Plus is a web-based tool for managing and monitoring Exchange Server and Exchange Online environments. It offers over 450 built-in reports on mailboxes, email traffic, user activity, and permissions. The tool supports r...Jul 30, 2025·5 min read
Abusing Content Delivery Networks (CDNs): Phishing, Malware, and EvasionContent Delivery Networks (CDNs) like jsDelivr, Webflow CDN, CloudFront, and Google APIs are trusted internet infrastructure – and attackers are abusing that trust. By hosting malicious pages and payloads on CDN domains, adversaries exploit the domai...May 24, 2025·15 min read
Threat Analysis: Investigating Suspicious Outbound Connections to cdn.jsdelivrs[.]com (Adware or Supply Chain Foothold?)Alert Overview On May 8, 2025, analysts at the FPT SOC identified a cluster of outbound HTTP requests from several internal endpoints targeting the domain cdn.jsdelivrs[.]com. This domain, which resolves to IP 91.195.240.12, is registered under AS478...May 21, 2025·3 min read
Fortifying AWS EKS: A Comprehensive Guide to Securing Containerized Workloads with AWS and Open-Source Tools1. Introduction Securing containerized workloads in today's cloud-centric landscape is paramount to ensuring robust and reliable application deployment. Amazon Web Services (AWS) Elastic Kubernetes Service (EKS) provides a scalable platform for runni...May 7, 2025·19 min read
Nuclei Multi-Step Template Gen: AI-Powered Automation for Chain-Based Functions in Penetration TestingIn recent years, AI and Generative AI have made significant advancements, but their practical use in the field of Penetration Testing is still met with doubt. In this article, we’ll share how we used Generative AI to automate the process of handling ...Mar 27, 2025·5 min read
![[CVE-2026-34612] AI-Assisted Discovery of SQL Injection Leading to RCE in Kestra v1.3.2](/_next/image?url=https%3A%2F%2Fcdn.hashnode.com%2Fuploads%2Fcovers%2F699fec8cc9015c37f6e5364f%2Fb524a566-1628-4c53-8b67-c2c37a822717.png&w=3840&q=75)
![[ZVE-2025-3566] Stored XSS to RCE in Manage Engine OpManager](/_next/image?url=https%3A%2F%2Fcdn.hashnode.com%2Fres%2Fhashnode%2Fimage%2Fupload%2Fv1753930975579%2Fb835c2ae-2b5b-425e-9210-09bb506d46c1.png&w=3840&q=75)
![Threat Analysis: Investigating Suspicious Outbound Connections to cdn.jsdelivrs[.]com (Adware or Supply Chain Foothold?)](/_next/image?url=https%3A%2F%2Fcdn.hashnode.com%2Fres%2Fhashnode%2Fimage%2Fupload%2Fv1753931320526%2F96970cc3-2372-4aa3-a7ef-79db43716d51.png&w=3840&q=75)
