https://endolum.io/blog/ Cybersecurity research, threat intelligence, and tutorials from Endolum, a Swiss security studio. en Endolum GmbH Wed, 13 May 2026 15:40:04 GMT https://endolum.io/blog/cve-2026-23918-apache-http2-double-free/ https://endolum.io/blog/cve-2026-23918-apache-http2-double-free/ Tue, 05 May 2026 00:00:00 GMT CVE-2026-23918 is a double free in Apache 2.4.66 mod_http2. An HTTP/2 early reset can trigger remote code execution. Apache 2.4.67 ships the fix. Endolum Academy cve apache rce threat-intel https://endolum.io/blog/swiss-apache-cve-2026-23918-exposure/ https://endolum.io/blog/swiss-apache-cve-2026-23918-exposure/ Tue, 05 May 2026 00:00:00 GMT 7'141 Swiss servers run Apache 2.4.66 the day after CVE-2026-23918. Only 14.8% have HTTP/2 enabled, the actual exploit gate. Inside our 749 host probe. Endolum Academy cve apache threat-intel switzerland https://endolum.io/blog/swiss-dlink-camera-exposure-2026/ https://endolum.io/blog/swiss-dlink-camera-exposure-2026/ Wed, 29 Apr 2026 00:00:00 GMT We looked for the new D-Link Mirai router bug in Swiss IP space. Found zero. Then we found 301 D-Link cameras leaking video, MAC, and LAN topology. Endolum Academy threat-intel vulnerability-scanning network-security https://endolum.io/blog/sharepoint-1370-unpatched-ongoing-attacks/ https://endolum.io/blog/sharepoint-1370-unpatched-ongoing-attacks/ Wed, 22 Apr 2026 00:00:00 GMT Shadowserver counts 1'370 SharePoint servers exposed and unpatched against CVE-2026-32201. Fewer than 200 got patched after release. Attacks continue. Endolum Academy cve threat-intel microsoft https://endolum.io/blog/swiss-netscaler-citrixbleed-3-exposure/ https://endolum.io/blog/swiss-netscaler-citrixbleed-3-exposure/ Mon, 20 Apr 2026 00:00:00 GMT Passive measurement of Swiss Citrix NetScaler exposure to CVE-2026-3055. 57 hosts still on pre patch builds, a new fingerprinting signal, and one very ambitious honeypot. Endolum Academy threat-intel vulnerability-scanning network-security https://endolum.io/blog/vercel-context-ai-breach/ https://endolum.io/blog/vercel-context-ai-breach/ Mon, 20 Apr 2026 00:00:00 GMT On April 19, Vercel confirmed a breach traced to Context.ai, a third-party AI tool with broad OAuth scopes. The supply chain blind spot is universal. Endolum Academy threat-intel supply-chain incident-analysis https://endolum.io/blog/cve-2026-34621-adobe-acrobat/ https://endolum.io/blog/cve-2026-34621-adobe-acrobat/ Sat, 18 Apr 2026 00:00:00 GMT CVE-2026-34621 is a prototype pollution zero-day in Adobe Acrobat Reader, exploited in the wild since November 2025 via invoice and legal PDF lures. Endolum Academy cve threat-intel https://endolum.io/blog/apt28-mikrotik-dns-hijacking/ https://endolum.io/blog/apt28-mikrotik-dns-hijacking/ Sat, 18 Apr 2026 00:00:00 GMT APT28 hijacked 18,000 routers to steal Microsoft 365 logins. How FrostArmada worked, why MikroTik keeps getting hit, and how to check your own. Endolum Academy threat-intel network-security apt https://endolum.io/blog/cve-2026-33032-nginx-ui/ https://endolum.io/blog/cve-2026-33032-nginx-ui/ Thu, 16 Apr 2026 00:00:00 GMT CVE-2026-33032 is a CVSS 9.8 auth bypass in nginx-ui. One unprotected MCP endpoint lets attackers rewrite nginx configs and take over the server. Endolum Academy cve web-security threat-intel https://endolum.io/blog/forticlient-ems-sql-injection/ https://endolum.io/blog/forticlient-ems-sql-injection/ Wed, 15 Apr 2026 00:00:00 GMT CVE-2026-21643 is an unauthenticated SQL injection in FortiClient EMS 7.4.4. A Python f-string gave attackers access to every managed endpoint. Endolum Academy threat-intel web-security sql-injection https://endolum.io/blog/port-3389-rdp-security/ https://endolum.io/blog/port-3389-rdp-security/ Mon, 13 Apr 2026 00:00:00 GMT Port 3389 is the default for Remote Desktop. Over 4 million instances sit exposed on the internet. Here is why that is a problem and what to do about it. Endolum Academy network-security tutorial vulnerability-scanning https://endolum.io/blog/scan-your-home-network/ https://endolum.io/blog/scan-your-home-network/ Mon, 30 Mar 2026 00:00:00 GMT Your home IP is being probed by bots every hour. Here is how to find out what is exposed and how to fix it, step by step. Endolum Academy tutorial network-security home-network https://endolum.io/blog/sentinel-vs-shodan/ https://endolum.io/blog/sentinel-vs-shodan/ Mon, 30 Mar 2026 00:00:00 GMT Shodan shows you what is exposed. Sentinel tells you what to fix. Here is how they compare and when to use each one. Endolum Academy comparison vulnerability-scanning shodan https://endolum.io/blog/cve-2026-20841-notepad-markdown-rce/ https://endolum.io/blog/cve-2026-20841-notepad-markdown-rce/ Thu, 12 Feb 2026 00:00:00 GMT Technical analysis of the Windows Notepad RCE vulnerability, attack vectors, detection strategies, and IOCs for defenders. Endolum Academy cve windows rce threat-intel detection https://endolum.io/blog/0apt-ransomware-fastest-crew-2026/ https://endolum.io/blog/0apt-ransomware-fastest-crew-2026/ Tue, 10 Feb 2026 00:00:00 GMT 71 victims in 48 hours. A deep dive into the new RaaS syndicate, their TTPs, and actionable detection guidance. Endolum Academy ransomware threat-intel detection iocs https://endolum.io/blog/infostealer-malware-breakdown/ https://endolum.io/blog/infostealer-malware-breakdown/ Thu, 05 Feb 2026 00:00:00 GMT Infostealers harvest browser passwords, session tokens, and crypto wallets. Here is how they work, what they target, and how to detect them. Endolum Academy malware threat-intel infostealers https://endolum.io/blog/sql-injection-still-works/ https://endolum.io/blog/sql-injection-still-works/ Wed, 04 Feb 2026 00:00:00 GMT It has been over two decades since SQL injection was first documented. Companies still get breached by it. Here is how it works and how to actually prevent it. Endolum Academy tutorial web-security sql-injection https://endolum.io/blog/notepad-plus-plus-supply-chain-chrysalis/ https://endolum.io/blog/notepad-plus-plus-supply-chain-chrysalis/ Tue, 03 Feb 2026 00:00:00 GMT Chinese APT compromised Notepad++ update infrastructure to deliver a sophisticated backdoor to targeted victims. Full technical breakdown with IOCs. Endolum Academy threat-intel supply-chain malware APT https://endolum.io/blog/threats-swiss-financial-sector/ https://endolum.io/blog/threats-swiss-financial-sector/ Tue, 03 Feb 2026 00:00:00 GMT Switzerland's banks and fintech companies face a specific set of threats. From APT groups to regulatory pressure, here is what security teams should watch. Endolum Academy threat-intel finance switzerland https://endolum.io/blog/moltbook-hack-vibe-coding-security/ https://endolum.io/blog/moltbook-hack-vibe-coding-security/ Mon, 02 Feb 2026 00:00:00 GMT The AI social network exposed 1.5 million API keys because of two missing SQL statements. A breakdown of what went wrong and how to avoid it. Endolum Academy security incident-analysis supabase web-security https://endolum.io/blog/ransomware-landscape-2026/ https://endolum.io/blog/ransomware-landscape-2026/ Mon, 02 Feb 2026 00:00:00 GMT The ransomware ecosystem evolved again. Double extortion is old news. Here is what groups are doing now and why your backups alone will not save you. Endolum Academy threat-intel ransomware malware https://endolum.io/blog/welcome/ https://endolum.io/blog/welcome/ Mon, 02 Feb 2026 00:00:00 GMT We are opening a public space for the research, walkthroughs, and field notes that come out of running Sentinel and Hacked. This is what to expect. Endolum announcement