Now let’s move to the interesting part! Inspired by the Ni8mare Chain, we will see a four-stage exploit path inside a deliberately flawed Python platform CRAC. The chain combines: ·       Content-type confusion ·       Direct database disclosure ·       Weak cryptographic identity ·       Command injection   Homepage   Authentication Bypass (CVE-2026-21858) - Understanding the Vulnerability The Concept: - Server checks authentication in one way (cookies/headers) - Server pars

The CRAC Learning team is back with another CVE as part of the Smart Home Security Research Program. An unauthenticated configuration issue in the connectAP API of the TP-Link Tapo C100 v5 IP camera. The bug allows a local attacker on the same network segment to submit unauthorized Wi-Fi reconfiguration requests to the device, forcing the camera to connect to an attacker-controlled network and causing service denial, stream loss, and a broader confidentiality impact. TP-Link

CVSS: 10.0 (Critical) Software Affected:  Microsoft Azure Cloud Shell Vulnerable Versions:  Azure Cloud Shell service (specific versions not publicly listed; cloud service vulnerability) Fixed Versions:  Vendor-side mitigation applied by Microsoft (service-level patching expected) Environments Impacted: Cloud environments using Azure Cloud Shell DevOps and cloud administration environments Enterprise Azure infrastructure management workflows Systems relying on browser-based c

CVE-2026-28292 : simple-git Remote Code Execution Vulnerability CVSS: 9.8 Critical Affected Versions Software Affected:  simple-git (Node.js Git wrapper library) Vulnerable Versions:  simple-git 3.15.0 – 3.32.2 Fixed Versions:  simple-git 3.32.3 or later Environments Impacted: Node.js applications using the simple-git  library Backend services performing Git operations programmatically CI/CD automation tools using simple-git Cloud applications handling repository operations w

This blog explores vulnerability chaining using an n8n Ni8mare -inspired attack path to demonstrate how seemingly harmless weaknesses can compound into something catastrophic. Let’s start with a hard truth. Most security programs are optimized for counting bugs not understanding compromise. We rank vulnerabilities by CVSS. We prioritize the red ones & close tickets. We feel productive but attackers don’t think in scores. They think in sequences. They don’t ask Is this bug cr

Stay ahead of the curve with the latest from the CRAC Insights Newsletter! From critical zero-days to major infrastructure breaches, here is your quick briefing on the cybersecurity landscape: TOP 3 CVES CVE-2026–21531: Microsoft Azure SDK Remote Code Execution CVSS: 9.8 (Critical) Affected Versions Microsoft Azure SDK components (vulnerable builds prior to the February 2026 security updates; organizations using unpatched SDK integrations are at risk). Description A critical

From having online meetings to getting real CVEs, the CRAC Learning team did it all! We discovered a Denial-of-Service vulnerability in the HTTP service of the TP-Link Tapo C100 v5 IP camera. Sending a POST request with an excessively large Content-Length header causes the main HTTP process to crash, freezing video and audio streams and forcing a restart. TP-Link acknowledged and published a fix; the issue was assigned CVE-2026–0918 and a High score (CVSS v4.0 7.1). Tapo came

Before reading this part, go over our previous blog - https://www.crac-learning.com/post/smart-security-research-diaries-defending-the-internet-of-things Then I started the Phase-1 of Smart Home Security Research Program by CRAC Learning with great enthusiasm & aspirations to find real vulnerabilities, not just solving TryHackMe labs. When I found that I'll be attacking the TP-Link Tapo C100 IP Camera, the first thing I did was Threat Modelling. I dived deep into gathering pa

When people hear the word cybersecurity , most assume it’s about big companies, hackers in dark rooms, or banks losing crores. The common reaction is simple: “This doesn’t concern me. I’m just a normal person.” That belief is exactly why data leaks are one of the most dangerous cyber risks today . Not because they are complex.Not because they are rare.But because most people don’t even realize they are victims .   The Biggest Misunderstanding: “Data Leaks Affect Companies, No

18th of January, 2026 - The day started with some network troubleshooting and system administration as we forgot to bring our wi-fi router that was earlier acting as a gateway. But yeah, after scratching our heads we were finally able to use one of our laptops as the gateway which really helped us capture all the data frames via Wireshark. Today, our main goal was to get Remote Code Execution on our target. Last time we found a Buffer-Overlfow based Denial-of-Service vulnera

AI Cyberattacks in India: The New-Age Hackers We’re Not Ready For

In the past, few Hackers gained access to insider information that netted him millions of dollars. UK national Robert B. Westbrook successfully compromised a CFO's outlook account and added an auto-forward rule in mailbox to redirect all the emails to a disposable temporary email address. Hiding traces under multiple layers of VPN channel, transacting through untraceable accounts, bitcoin transactions but still couldn't escape the investigating agencies. Westbrook's scheme ne

Cyber-Resilient Ship In an era where ships are as connected as cities, the sea is no longer a sanctuary from cyber threats. Vard which is...

Everest Group , is an old name in cyber extortion and now it is rewriting the rulebook for modern cybercrime. It has come into spotlight...

In an age where cyberattacks are becoming more complex and widespread, governments and organizations are constantly faced with the choice...

Technology has become an integral part of our lives and the importance of cybersecurity in today's day and age cannot be overemphasized....

In today's digital world, cybersecurity is crucial. As cyber threats become increasingly sophisticated, traditional defenses are no...

Recently there have been multiple scenarios leading Instagram account compromise of users especially, targeting the influencers. With a...

In today's digital age, cyber security is more critical than ever. One of the most prevalent threats is phishing , where attackers...

Let’s hear from our Cybersecurity with AI Research intern — Dinki Gupta about their Summer internship 2024 experience. I’m Dinki Gupta, a...