Research from the OtterSec team
Vulnerability breakdowns, protocol deep dives, and the security research behind the audits.
Announcing the Save CTFs Fund
Auto reverse-engineering the Hyperliquid risk engine, with some agentic help
The goldmine of insecure WebView integrations
Pwning Minecraft: 4-byte heap overflow to RCE
Unverified evaluations in Dusk’s PLONK
Patch gap to mobile renderer RCE: pwning Samsung Internet’s V8 on the Galaxy S25
From virtio-snd 0-day to hypervisor escape: exploiting QEMU with an uncontrolled heap overflow
Unfaithful claims: breaking 6 zkVMs
ERC-4337 paymasters: better UX, hidden risks
How we broke exchanges: a deep dive into authentication and client-side bugs
Subscribe to the blog
New posts from the OtterSec team, straight to your inbox. One email per post, unsubscribe any time.