Season Recap — 2026 (December → February)

Hey everyone ,

This last season has been packed. Across SecDim, we shipped new challenges, published deep-dive write-ups, expanded into cloud security challenges, achieved a major compliance milestone, and showed up at security events around the world.

Here’s everything we rolled out over the past three months.

Holiday 7x7 Wargame

Firstly, our annual Holiday 7x7 Wargame was once again in full swing.

It came down to an intense competition in the final weeks, but ultimately the crown for the 2025 edition of the Wargame was claimed by @Kabir Kabir Acharya

Trending Incidents & Technical Write-ups

At SecDim, our focus remains grounded in real-world security incidents. This season we translated recent vulnerabilities into both playable challenges and in-depth technical analysis.

Trending Incidents:

• Shai Hulud
• React2Shell
• MongoBleed

Write-ups Published:

• CVE-2025-46417: Bypassing AI Model Scanners and Exfiltrate Sensitive Data
• Three Secure Coding Lessons from A Log Injection Bug in Django
• LangChain load() is basically eval()

Each write-up breaks down root cause, exploitation mechanics, and defensive takeaways that bridge the gap between vulnerability disclosure and secure coding practice.

New Challenges

We expanded the challenge catalogue significantly across multiple stacks and cloud providers.

PHP Challenges

• Steam.php

• Capital0.php

• Command Injection.php

Java Challenges

• OAuth.java

Incident Response Challenges

• React2Shell.ir

• Shai Hulud.ir

C++ Challenges

• Mongobleed.cpp

C# Challenges

• OAuth.cs

Azure Challenges

• Disallow CORS.azure

• Data Explorer Disk Encryption.azure

• CosmosDB Access Key.azure

• Blob Container Private.azure

• Cluster Protection Level.azure

• Key Expiration.azure

• Cosmosdb CMK.azure

• Instance Extensions.azure

• Congnitive Public Network.azure

• Automation Encrypted.azure

GCP Challenges

• VPC.gcp

• Cloud SQL.gcp

• Big Table.gcp

• Cloud Logging.gcp

• Cloud Monitoring.gcp

SOC2 Compliance

We’re proud to announce that SecDim is now SOC 2 compliant.

Security has always been core to how we build. This milestone formally validates what has always been true about SecDim: security is not an add-on or a marketing layer. It is foundational to how we design, build, and operate our platform.

This is not a new direction for us, it’s a formal recognition of how we’ve always operated.

Events - Where We’ve Been (and Where We’re Going)

We have been over and around. If you are attending any of our upcoming events, come say Hi

Upcoming:
NDC Oslo :
RSA SanFran
INCYBER Forum
Black hat Asia
NDC Sydney
DevWorld 2026
GISEC 2026

Past:
BSides London
NDC Manchester: Security & AI
BlackHat EU London

Up Next? Here’s a Sneak Peak!

• Expanded GCP challenges
• A brand-new Firmware security scenario of challenges
• Dedicated AWS challenges
• More and deeper AI security challenges
• XXE Injection scenarios

TL;DR

• Holiday 7x7 Wargame concluded

• New real-world incident challenges released

• Major cloud security challenges expansion (Azure & GCP)

• SOC 2 compliance achieved

• Global conference presence continues

• Firmware, AWS, and more AI challenges coming next

Thanks to everyone building, patching, competing, and contributing.

Happy Patching