nefariousplan.com

nefariousplan.com https://nefariousplan.com Security research by Kevlar en-us <![CDATA[RedSun: How Windows Defender's Remediation Became a SYSTEM File Write]]> https://nefariousplan.com/posts/redsun-windows-defender-system-write https://nefariousplan.com/posts/redsun-windows-defender-system-write Thu, 16 Apr 2026 00:00:00 GMT <![CDATA[The Trust Inversion]]> https://nefariousplan.com/posts/the-trust-inversion https://nefariousplan.com/posts/the-trust-inversion Thu, 16 Apr 2026 00:00:00 GMT <![CDATA[SAP NetWeaver CVE-2025-31324: When CVSS 10.0 Means What It Says]]> https://nefariousplan.com/posts/sap-netweaver-cvss-10-upload-to-webroot https://nefariousplan.com/posts/sap-netweaver-cvss-10-upload-to-webroot Sat, 11 Apr 2026 00:00:00 GMT <![CDATA[Axios, Sapphire Sleet, and 70 Million Weekly Installs]]> https://nefariousplan.com/posts/axios-sapphire-sleet-70-million-installs https://nefariousplan.com/posts/axios-sapphire-sleet-70-million-installs Wed, 01 Apr 2026 00:00:00 GMT <![CDATA[TeamPCP Came for the Scanners]]> https://nefariousplan.com/posts/teampcp-they-came-for-the-scanners https://nefariousplan.com/posts/teampcp-they-came-for-the-scanners Mon, 30 Mar 2026 00:00:00 GMT <![CDATA[Oracle Cloud: The Breach They Technically Didn't Deny]]> https://nefariousplan.com/posts/oracle-cloud-the-breach-they-technically-didnt-deny https://nefariousplan.com/posts/oracle-cloud-the-breach-they-technically-didnt-deny Thu, 26 Mar 2026 00:00:00 GMT <![CDATA[Prompt Injection Is a Supply Chain Attack]]> https://nefariousplan.com/posts/prompt-injection-is-a-supply-chain-attack https://nefariousplan.com/posts/prompt-injection-is-a-supply-chain-attack Wed, 18 Feb 2026 00:00:00 GMT <![CDATA[MCP Servers: The New npm Left-Pad]]> https://nefariousplan.com/posts/mcp-servers-the-new-npm-left-pad https://nefariousplan.com/posts/mcp-servers-the-new-npm-left-pad Wed, 28 Jan 2026 00:00:00 GMT <![CDATA[Shai-Hulud: The First npm Worm]]> https://nefariousplan.com/posts/shai-hulud-the-npm-worm https://nefariousplan.com/posts/shai-hulud-the-npm-worm Mon, 15 Sep 2025 00:00:00 GMT <![CDATA[xrpl.js: The Official Package Was the Threat]]> https://nefariousplan.com/posts/xrpl-npm-the-official-package-was-the-threat https://nefariousplan.com/posts/xrpl-npm-the-official-package-was-the-threat Fri, 25 Apr 2025 00:00:00 GMT <![CDATA[CLFS: Ransomware's Favorite Kernel Driver]]> https://nefariousplan.com/posts/clfs-ransomwares-favorite-kernel-driver https://nefariousplan.com/posts/clfs-ransomwares-favorite-kernel-driver Thu, 24 Apr 2025 00:00:00 GMT <![CDATA[CrushFTP CVE-2025-31161: MFT Is the Target Now]]> https://nefariousplan.com/posts/crushftp-pre-auth-mft-is-the-target https://nefariousplan.com/posts/crushftp-pre-auth-mft-is-the-target Sat, 29 Mar 2025 00:00:00 GMT <![CDATA[tj-actions: Mutable Tags Were Always a Lie]]> https://nefariousplan.com/posts/tj-actions-mutable-tags-were-always-a-lie https://nefariousplan.com/posts/tj-actions-mutable-tags-were-always-a-lie Sat, 15 Mar 2025 00:00:00 GMT <![CDATA[Bybit: $1.5B via a JavaScript Injection Nobody Was Looking For]]> https://nefariousplan.com/posts/bybit-safe-ui-poisoning-fifteen-hundred-million https://nefariousplan.com/posts/bybit-safe-ui-poisoning-fifteen-hundred-million Sun, 23 Feb 2025 00:00:00 GMT <![CDATA[Ivanti: The Vulnerability Subscription]]> https://nefariousplan.com/posts/ivanti-the-vulnerability-subscription https://nefariousplan.com/posts/ivanti-the-vulnerability-subscription Fri, 17 Jan 2025 00:00:00 GMT