Blog

Research articles and blog posts from SecDim

15/01/2026

Three Secure Coding Lessons from A Log Injection Bug in Django

In June 2025, a vulnerability (CVE-2025-48432) was discovered in Django that allowed remote adversaries to tamper with log output by...

24/10/2025

CVE-2025-46417: Bypassing AI Model Scanners and Exfiltrate Sensitive Data

In April 2025, we disclosed a high risk vulnerability in picklescan. The vulnerability, tracked as CVE-2025-46417. It allows attackers to...

04/09/2025

AI and Secure Code Learning: An Empirical Analysis of 420 AI-Generated Security Fixes

A research study comparing click-on (instant lookup) vs key-in (manual typing) digital dictionaries found that easier look up methods reduced...

23/07/2025

CVE-2025-29927 - Next.js Vulnerability

Overview In March 2025, security researchers Rachid Allam and Yasser Allam publicly disclosed a critical vulnerability identified as CVE-2025-29927, affecting...

12/07/2025

Summary of Hacking LLM Workshop at Code Europe 2025

I hosted a workshop on Hacking LLMs at Code Europe 2025, where participants were tasked with two labs: Supply chain...

09/07/2025

2022 Optus Data Breach Incident

Incident Analysis: 2022 Optus Data Breach Overview In September 2022, Optus, Australia’s third-largest telecommunications provider, suffered a significant data breach,...

04/06/2025

Progress Telerik UI Unsafe Deserialization

In November 2024, a critical remote code execution (RCE) vulnerability was disclosed in Progress Telerik UI for WinForms, registered as...

15/05/2025

NIST - Guidelines for API Protection for Cloud-Native Systems

Guidelines for API Protection for Cloud-Native Systems In March 2025 the National Institute of Standards and Technology (NIST) released a...

29/03/2025

LLM to RCE using "broken pickles"

In February 2025, researchers from Reverse Engineering Labs uncovered malicious ML models hosted on Hugging Face. These models exploited ‘broken’...