Explore all published articles.
8 posts
Published May 9, 2026
A logic error in Android's ADB daemon lets an adjacent-network attacker bypass mutual TLS authentication and open a remote shell on any unpatched Android 14–16 device, no user interaction required.
Published May 9, 2026
A double-free vulnerability in Apache HTTP Server 2.4.66's mod_http2 module (CVSS 8.8) allows unauthenticated attackers to crash worker processes with just two HTTP/2 frames, and escalate to full RCE.
Published May 8, 2026
A critical unauthenticated buffer overflow in the PAN-OS User-ID Authentication Portal is being actively exploited in the wild. CVSS 4.0 score of 9.3. Here's what you need to know.
Published May 2, 2026
A look at the critical cPanel & WHM authentication bypass. What happened, who was affected, and what you need to do right now.
Published May 1, 2026
A logic flaw in the Linux kernel's cryptographic subsystem has been hiding since 2017, and it hands root access to any unprivileged user in 732 bytes of Python.
Published March 11, 2026
An introduction to the Xentrika blog where we share insights on cybersecurity, penetration testing, and digital security.
Published March 10, 2026
A clear breakdown of what penetration testing is, the phases involved, and why every organization should treat it as a core part of their security strategy.
Published March 8, 2026
A practical guide to the most frequently exploited web application vulnerabilities, including how attackers discover them and the steps developers can take to prevent them.