Better patch your Veeam Backup & Replication servers! Full system takeover via CVE-2024-40711, discovered by our very own frycos - no technical details from us this time because this might instantly be abused by ransomware gangs code-white.com/public-vulnera…

Think your #kubernetes or #kubelet API is secured with auth? Think again if you expose #tekton for which our crewmember flomb - @fl0mb.bsky.social has some nice writeup regarding RCE & proxy risks.

If you liked our previous challenges, you'll love this one. Or dispair of it. Maybe both 😜

Using Telerik Reporting or Report Server? Patch now to fix 3 RCEs Markus Wulftange found (CVE-2024-8015, CVE-2024-8014, CVE-2024-8048). Telerik vulns have a history of being exploited by threat actors according to CISA Cyber Details at code-white.com/public-vulnera…

Congrats, well deserved 💪

Ever wondered how Kurts Maultaschenfabrikle got hacked in 2023? The full story, all technical details, out now ;-) apply-if-you-can.com/walkthrough/20…

Our crew members Markus Wulftange & frycos discovered & responsibly disclosed several new RCE gadgets that bypass #Veeam's blacklist for CVE-2024-40711 & CVE-2025-23120 as well as further entry points following SinSinology & Piotr Bazydło's blog. Don’t blacklist, replace BinaryFormatter.

blog.flomb.net/posts/ingressn…

Highly relevant writeup if you're still using #Ivanti #DSM in your corporate environment!

We have reproduced "ToolShell", the unauthenticated exploit chain for CVE-2025-49706 + CVE-2025-49704 used by Khoa Dinh to pop SharePoint at #Pwn2Own Berlin 2025, it's really just one request! Kudos to Markus Wulftange

A completely NewRemotingTrick by Markus Wulftange

We always love a good challenge. That’s why we’re sponsoring the 10th FAUST CTF. Game on at 2025.faustctf.net

Ten days left. The warm-up fades. Maultaschen were soft. Bean Beats were dark and burnt. But the beats of #ULMageddon will be brutal! #applyIfYouCan

CODE WHITE proudly presents #ULMageddon which is our newest applicants challenge at apply-if-you-can.com packaged as a metal festival. Have fun 🤘 and #applyIfYouCan

Tired of dull, standard interviews? Talk to Kurt. Also, a few of my colleagues and I will be attending BruCON next week. Feel free to come and talk to us.

Latest ≠ Greatest? A Retrospective Analysis of CVE-2025-59287 in Microsoft WSUS from our very own Markus Wulftange who loves converting n-days to 0-days code-white.com/blog/wsus-cve-…

Just sayin‘ 🤷

Our 2024 applicants challenge is officially #roasted: the full BeanBeat × Maultaschenfabrikle walkthrough is now online. Unwrap the write-up at apply-if-you-can.com/walkthrough/20… and revisit the hacks that escalated from cold brew to full breach.

You like technical deep dives into binary exploitation and crazy heap wizardry? Then you'll like our blog post by 0xor_solo about unauth'ed RCE in NetSupport Manager aka CVE-2025-34164 & CVE-2025-34165 code-white.com/blog/2026-01-n…

Highly recommend the writeup from our flomb - @fl0mb.bsky.social and congrats on this well-deserved achievement!