Research, threat reports, and field notes from a Swiss security studio.
Written by the team behind Sentinel, Hacked, and Academy. Vulnerability analysis, attack walkthroughs, and the work we do to keep small companies harder to break into.
301 D-Link Cameras Wide Open in Switzerland
We looked for the new D-Link Mirai router bug in Swiss IP space. Found zero. Then we found 301 D-Link cameras leaking video, MAC, and LAN topology.
1'370 SharePoint Servers Still Open a Week After the Patch
Shadowserver counts 1'370 SharePoint servers exposed and unpatched against CVE-2026-32201. Fewer than 200 got patched after release. Attacks continue.
We Measured 1'448 Swiss NetScalers for CitrixBleed 3
Passive measurement of Swiss Citrix NetScaler exposure to CVE-2026-3055. 57 hosts still on pre patch builds, a new fingerprinting signal, and one very ambitious honeypot.
How an AI Tool Got Vercel Breached
On April 19, Vercel confirmed a breach traced to Context.ai, a third-party AI tool with broad OAuth scopes. The supply chain blind spot is universal.
Adobe Acrobat Zero-Day Was Live for Five Months
CVE-2026-34621 is a prototype pollution zero-day in Adobe Acrobat Reader, exploited in the wild since November 2025 via invoice and legal PDF lures.
Inside APT28's MikroTik DNS Hijacking Campaign
APT28 hijacked 18,000 routers to steal Microsoft 365 logins. How FrostArmada worked, why MikroTik keeps getting hit, and how to check your own.
Two HTTP Requests to Full Nginx Takeover
CVE-2026-33032 is a CVSS 9.8 auth bypass in nginx-ui. One unprotected MCP endpoint lets attackers rewrite nginx configs and take over the server.
A Security Vendor Got Owned by SQL Injection
CVE-2026-21643 is an unauthenticated SQL injection in FortiClient EMS 7.4.4. A Python f-string gave attackers access to every managed endpoint.
Is Port 3389 (RDP) Safe to Have Open?
Port 3389 is the default for Remote Desktop. Over 4 million instances sit exposed on the internet. Here is why that is a problem and what to do about it.
How to Scan Your Home Network for Vulnerabilities
Your home IP is being probed by bots every hour. Here is how to find out what is exposed and how to fix it, step by step.
Endolum Sentinel vs Shodan: Which One Should You Use?
Shodan shows you what is exposed. Sentinel tells you what to fix. Here is how they compare and when to use each one.
CVE-2026-20841: Notepad Markdown RCE Explained
Technical analysis of the Windows Notepad RCE vulnerability, attack vectors, detection strategies, and IOCs for defenders.
0APT: The Fastest Ransomware Crew of 2026
71 victims in 48 hours. A deep dive into the new RaaS syndicate, their TTPs, and actionable detection guidance.
Infostealer Malware: How Your Credentials End Up For Sale
Infostealers harvest browser passwords, session tokens, and crypto wallets. Here is how they work, what they target, and how to detect them.
SQL Injection Still Works in 2026
It has been over two decades since SQL injection was first documented. Companies still get breached by it. Here is how it works and how to actually prevent it.
Notepad++ Supply Chain Attack: Chrysalis Backdoor
Chinese APT compromised Notepad++ update infrastructure to deliver a sophisticated backdoor to targeted victims. Full technical breakdown with IOCs.
Threat Landscape: Swiss Financial Sector in 2026
Switzerland's banks and fintech companies face a specific set of threats. From APT groups to regulatory pressure, here is what security teams should watch.
Moltbook Hacked in 3 Minutes: Vibe-Coding vs Security
The AI social network exposed 1.5 million API keys because of two missing SQL statements. A breakdown of what went wrong and how to avoid it.
Ransomware in 2026: What Changed and What Stayed Broken
The ransomware ecosystem evolved again. Double extortion is old news. Here is what groups are doing now and why your backups alone will not save you.
Welcome to the Endolum blog
We are opening a public space for the research, walkthroughs, and field notes that come out of running Sentinel and Hacked. This is what to expect.