Blog

Research articles and blog posts from SecDim

04/06/2025

Progress Telerik UI Unsafe Deserialization

In November 2024, a critical remote code execution (RCE) vulnerability was disclosed in Progress Telerik UI for WinForms, registered as...

15/05/2025

NIST - Guidelines for API Protection for Cloud-Native Systems

Guidelines for API Protection for Cloud-Native Systems In March 2025 the National Institute of Standards and Technology (NIST) released a...

29/03/2025

LLM to RCE using "broken pickles"

In February 2025, researchers from Reverse Engineering Labs uncovered malicious ML models hosted on Hugging Face. These models exploited ‘broken’...

18/03/2025

LLM security is broken, here is the data

It became apparent to me that there are fundamental security problems with LLMs, which make them very difficult to secure....

03/03/2025

What is wrong with Escaping or Input Sanitization

The earliest documented instance of Path Traversal vulnerability is Windows 95 “Dot Dot” bug that goes back to October 1995....

12/12/2024

OWASP Mobile Top 10 Secure Coding Challenges

Please find below a list of secure coding challenges for OWASP Mobile Top 10. The goal in each challenge is...

26/09/2024

The Need For Tailored Secure Code Training - Aligning with NIST Cybersecurity and Privacy Learning Program

The National Institute of Standards and Technology (NIST) has recently published a Special Publication: 800-50r1, "Building a Cybersecurity and Privacy...

20/09/2024

How to Get a Free Ticket to Black Hat Conference

Black Hat is the top global security conference, held annually in the USA, Canada, Europe, Asia, and the Middle East....

23/08/2024

OWASP TOP 10 Secure Coding Challenges

Please find below the curated list of secure coding challenges covering OWASP Top 10 security classes. The goal in each...