From having online meetings to getting real CVEs, the CRAC Learning team did it all! We discovered a Denial-of-Service vulnerability in the HTTP service of the TP-Link Tapo C100 v5 IP camera. Sending a POST request with an excessively large Content-Length header causes the main HTTP process to crash, freezing video and audio streams and forcing a restart. TP-Link acknowledged and published a fix; the issue was assigned CVE-2026–0918 and a High score (CVSS v4.0 7.1). Tapo came

Before reading this part, go over our previous blog - https://www.crac-learning.com/post/smart-security-research-diaries-defending-the-internet-of-things Then I started the Phase-1 of Smart Home Security Research Program by CRAC Learning with great enthusiasm & aspirations to find real vulnerabilities, not just solving TryHackMe labs. When I found that I'll be attacking the TP-Link Tapo C100 IP Camera, the first thing I did was Threat Modelling. I dived deep into gathering pa

When people hear the word cybersecurity , most assume it’s about big companies, hackers in dark rooms, or banks losing crores. The common reaction is simple: “This doesn’t concern me. I’m just a normal person.” That belief is exactly why data leaks are one of the most dangerous cyber risks today . Not because they are complex.Not because they are rare.But because most people don’t even realize they are victims .   The Biggest Misunderstanding: “Data Leaks Affect Companies, No

18th of January, 2026 - The day started with some network troubleshooting and system administration as we forgot to bring our wi-fi router that was earlier acting as a gateway. But yeah, after scratching our heads we were finally able to use one of our laptops as the gateway which really helped us capture all the data frames via Wireshark. Today, our main goal was to get Remote Code Execution on our target. Last time we found a Buffer-Overlfow based Denial-of-Service vulnera

AI Cyberattacks in India: The New-Age Hackers We’re Not Ready For

In the past, few Hackers gained access to insider information that netted him millions of dollars. UK national Robert B. Westbrook successfully compromised a CFO's outlook account and added an auto-forward rule in mailbox to redirect all the emails to a disposable temporary email address. Hiding traces under multiple layers of VPN channel, transacting through untraceable accounts, bitcoin transactions but still couldn't escape the investigating agencies. Westbrook's scheme ne

Cyber-Resilient Ship In an era where ships are as connected as cities, the sea is no longer a sanctuary from cyber threats. Vard which is...

Everest Group , is an old name in cyber extortion and now it is rewriting the rulebook for modern cybercrime. It has come into spotlight...

In an age where cyberattacks are becoming more complex and widespread, governments and organizations are constantly faced with the choice...

Technology has become an integral part of our lives and the importance of cybersecurity in today's day and age cannot be overemphasized....

In today's digital world, cybersecurity is crucial. As cyber threats become increasingly sophisticated, traditional defenses are no...

Recently there have been multiple scenarios leading Instagram account compromise of users especially, targeting the influencers. With a...

In today's digital age, cyber security is more critical than ever. One of the most prevalent threats is phishing , where attackers...

Let’s hear from our Cybersecurity with AI Research intern — Dinki Gupta about their Summer internship 2024 experience. I’m Dinki Gupta, a...

What is Content Security Policy (CSP) Content Security Policy (CSP) is a browser security standard developed by the W3C to help web...

Popular parental control apps for Android, iOS could be exploited risking user data and safety. Parental apps are by nature intrusive to...

In the ever-evolving landscape of cybersecurity threats, a new player has emerged: Remcos. This previously undocumented malware has been...

A group of hackers, known as UNC1549, has been busy targeting aerospace, aviation, and defense industries in the Middle East. Their focus...

A previously unknown threat actor (we’ll call them SPIKEDWINE) has been targeting European officials who are connected to Indian...

The Sysdig Threat Research Team (TRT) has uncovered the malicious utilization of a newly developed network mapping tool named SSH-Snake,...