Websec / Blog
Securing Today. Tomorrow could be too late.

Join us as we explore the ever-evolving world of cyber threats and arm yourself with knowledge to defend against potential breaches.

Get Consultation

Discover whats new

Posted 30 Apr

CVE-2026-31431, Linux algif_aead page-cache write to root

English, DutchCVE-2026-31431 is a high severity Linux kernel flaw in algif_aead that can let an unprivileged local user gain root via AF_ALG and splice.

cve-2026-31431rce

Posted 25 Apr

NIS2 Pentest: The Critical Burden of Proof under the Cybersecurity Act (Cbw)

English, DutchHow do you comply with the Cbw duty of care? Discover why an NIS2 pentest is essential for offensive validation and your burden of proof. Learn more about the strategy.

Cbw Duty of Careoffensive validationcybersecurity audit

Posted 16 Apr

CVE-2026-33032: Unauthenticated nginx-ui MCP takeover

English, Dutchnginx-ui <= 2.3.5 exposes an unauthenticated MCP endpoint that can invoke privileged tools and take over Nginx service management.

cve-2026-33032auth-bypassinitial-access

CVE-2026-29014, MetInfo CMS unauthenticated PHP code injection

English, DutchMetInfo CMS 7.9.0 through 8.1.0 is affected by an unauthenticated PHP code injection flaw that can lead to remote code execution via the WeChat module.

Posted 02 April, 26

Ophion: Building a Stealth Intel VT-x Hypervisor for Windows

English, DutchOphion is a stealth Intel VT-x hypervisor that virtualizes Windows while passing AC, AV, and VM-detection checks. This article covers how it works and how it evades detection.

Posted 15 March, 26

Research on ZigBee Security, Interference and SDR-Based Attacks

English, DutchResearch on ZigBee security, interference and SDR attacks using HackRF and GNU Radio in smart home environments.

Posted 13 August, 25

A deep dive into Microsoft Warbird: MS's kernel-mode dynamic packer.

English, DutchMicrosoft Warbird is a kernel-mode dynamic packer that works even in an HVCI-protected kernel. In this blog post, we will reverse engineer and analyze its inner workings.

Posted 14 October, 25

The Most Dangerous Application Security Vulnerabilities of 2024

English, DutchUnderstanding application security vulnerabilities is the first step in protecting applications from compromise. Here are the top app security risks, plus real-world examples.

Posted 10 February, 25

IoT Firmware, what is it and how does it help you hack a router?

English, DutchThis article explores the process of extracting and analyzing firmware from IoT devices, particularly wireless routers.

Posted 11 February, 25

Enhancing Vulnerability Management under NIS2 through Coordinated Vulnerability Disclosure (Part 2)

English, DutchImplementing coordinated vulnerability disclosure (CVD) programs is critical to NIS2 compliance. Learn strategies to strengthen your cybersecurity efforts here.

Posted 06 October, 24

How to Prepare for the EU NIS2 Directive (Part 1)

English, DutchAs cyberattacks grow, the EU’s NIS2 directive builds on NIS1 to provide more rigorous cybersecurity measures. Learn how to ensure NIS2 compliance with WebSec.

Posted 17 July, 24

Need Security?

Are you really sure your organization is secure?

At WebSec we help you answer this question by performing advanced security assessments.

Want to know more? Schedule a call with one of our experts.

Schedule a call

Websec / Blog Securing Today. Tomorrow could be too late.