From iframes and file reads to full RCE. 🔥 We found an HTML-to-PDF API allowing file reads and SSRF - then chained it into remote code execution via a Chromium 62 WebView exploit. 👉 Read the full write-up here: neodyme.io/en/blog/html_r…

Day 2 at offensivecon has just started and our colleagues Kolja Grassmann and Alain Rödel are right in the middle of it! 🔥 Can't wait to hear the insights they bring back from some of the sharpest minds in offensive security. If you're there too, make sure to say hi!

At #Pwn2Own Ireland 2024, we successfully targeted the SOHO Smashup category. 🖨️ Starting with a QNAP QHora-322 NAS, we pivoted to the Canon imageCLASS MF656Cdw - and ended up with shellcode execution. Read the full vulnerability deep dive here 👉 neodyme.io/en/blog/pwn2ow…

Once again this year, a few colleagues couldn’t resist jumping into the HTB CTF to take on experts from around the world. 💻 A great challenge with a wide range of categories. The result: 1st place in 🇩🇪 and top 3 in 🇪🇺.

Part 3 of our Riverguard series is out! We're looking under the hood at the "fuzzcases" Riverguard uses to catch real-world bugs in Solana smart contracts. Still shocked how often some of these pop up. Check it out 👉 neodyme.io/en/blog/riverg…

🏆 Throwback to Pwn2Own Toronto 2022: "Routers are just Linux boxes with antennas." So we treated one like it. At #Pwn2Own 2022, we turned a Netgear RAX30 into a stepping stone for a full LAN pivot. Story: neodyme.io/en/blog/pwn2ow…

We're thrilled that Nachwuchsförderung IT-Sicherheit is organizing the Deutsche Hacking Meisterschaft 2025! 🇩🇪🧠 It's a fantastic event for the next generation of cybersecurity minds, we can't wait to see what they bring to the challenge! 💙

Cybersecurity needs more than tech, it needs people who care. ❤️ That's why Neodyme is committed to supporting Nachwuchsförderung IT-Sicherheit e.V. not just financially, but with time, energy, and heart from our team.

Meet our colleagues at the "Festival der Zukunft" at Deutsches Museum in Munich. Don't miss our talk on July 3 at 4pm! Check it out here: 1e9.community/festival-der-z…

Think your speech model is secure? It might be quietly leaking what it was trained on. In a new blog post, we explain membership inference attacks and why they matter for cyber security experts. 🔗 neodyme.io/en/blog/member…

🎤At 4pm today at the "Festival der Zukunft", our colleagues dive into: "Black Hat, White Hat, Cyberwar - Modern Attacks and Defense" From hacking-as-a-service to cyberwarfare, discover how attacks are evolving and what it means for digital defense. 🕵️‍♀️ Don't miss it!

🔧✨ On our company retreat this week, we're diving into hardware and protocol hacking: fingerprint sensors, smart locks, drones and Bluetooth speakers. A great mix of hands-on research, creative exploration, and team bonding over board games!🎲

We reported a vulnerability in Parallels Client via Trend Zero Day Initiative last year. 🔥 The issue (CVE-2025-6812) - now fixed: A privileged service searched for an OpenSSL config file in an unsecured location, enabling LPE. ➡️ Advisory here: neodyme.io/en/advisories/… ☂️ Patch your systems!

Back from Black Hat & DEF CON! 🎉 Our colleagues delivered insightful trainings on crypto hacking and binary exploitation and got amazing feedback from the crowd 🙌 Missed it? We offer tailored security trainings for companies too. Just reach out.