Security Research & Analysis
Technical documentation focused on real-world security incidents, vulnerability research, and offensive security techniques.
Research by Sohan Kanna | Security Researcher
Latest Updates
View Archives
The Axios npm Compromise: How the Internet's Most Popular HTTP Client Became a Trojan Horse
A hijacked maintainer account. A phantom dependency. A self-erasing Remote Access Trojan. If you ran `npm install` on March 31, 2026, your infrastructure might already be compromised
Your Secure Messenger is Spying on You (And You Can't Turn It Off)
No malware. No clicking on sketchy links. All a hacker needs is your phone number to track your sleep schedule, app usage, and physical location.
The End of an Era: Microsoft Kills WDS Hands-Free Deployment for Windows 11 & Server 2025 Following Critical RCE
CVE-2026-0386 marks the end of WDS hands-free imaging. Why Microsoft is forcing a shift to Zero Trust to prevent supply-chain attacks.
The Quantum Heist: Defeating "Store Now, Decrypt Later" with Merkle Tree Certificates
State-sponsored hackers are hoarding encrypted data today to break it tomorrow. Here is how Google’s new Merkle Tree Certificates will stop them.
How Attackers Use WebDAV to Deliver Malware Without Browser Warnings
Why malware no longer needs your web browser to breach your network-and how attackers are weaponizing legacy WebDAV protocols.
Silent Privilege Escalation: How Public Google API Keys Now Expose Gemini Data
For over a decade, Google told developers it was safe to put API keys in public code. Then, AI changed the rules.