Security Insights

Vulnerability Analysis | Threat Intel | Research

Bug Bounty Writeup

Disclosure of Private Playlist Metadata via Deezer API

A deep dive into an IDOR vulnerability I discovered in Deezer's legacy API. This logic flaw allowed authenticated users to bypass privacy controls and access full metadata of private playlists belonging to other users.

                         Dec 19, 2025  |  Status: Resolved
                    

Read Full Report

Critical RCE

Dec 13, 2025

React2Shell (CVE-2025-55182): Active Exploitation Analysis

Deep dive into the CVSS 10.0 RCE in React Server Components. Analysis of active campaigns dropping MINOCAT tunnelers and XMRig miners.

Red Team

Dec 01, 2025

The Art of Privilege Escalation: From User to Root

Mastering the climb. Exploring common Linux misconfigurations, SUID binaries, and kernel exploits to elevate privileges in a compromised environment.

Blue Team

Nov 25, 2025

SIEM 101: Building Your First Detection Rule

Moving from logs to alerts. A practical guide to crafting effective detection rules in Splunk and ELK to spot malicious activity like brute-force attacks.

Back to Blog