Blog — Fortisec

Discover the latest in offensive security research and development and stay ahead of cyber threats.

Jun 2, 2026 · Jimmy Ly · Vulnerabilities
Unauthenticated Arbitrary File Read in Gazebo Sim WebsocketServer
We found an unauthenticated arbitrary file read in Gazebo Sim's WebsocketServer plugin where a single WebSocket frame reads any file on the server, including /etc/shadow and SSH keys.
May 19, 2026 · Jimmy Ly · Vulnerabilities
Integer Overflow in Bullet3 STL Mesh Parser
We found an integer overflow in Bullet3's STL mesh loader where a crafted triangle count bypasses the sanity check, causing the parser to read 4 GB from an 88-byte heap buffer.
May 16, 2026 · Jimmy Ly · AI
Training a LoRA to Generate Custom Figurine Designs
We fine-tuned a Flux Dev LoRA on 12 images to generate custom figurine designs in a specific art style, from data preparation to a working Gradio app.
Apr 18, 2026 · Jimmy Ly · Tools
Introducing the HackerOne Reports Dashboard
We built a dashboard that aggregates over 14,000 publicly disclosed HackerOne bug bounty reports with POC detection, searchable filters, and weekly auto-updates.
Sep 12, 2025 · Jimmy Ly · Tools
Extracting Cookies from Chromium Browser via Remote Debugging using TTPForge
A new module in TTPForge leveraging WhiteChocolateMacademiaNut tool to extract cookies from Chromium-based browsers without requiring root access.
Aug 8, 2024 · Jimmy Ly · CTF
Prompt Airlines - AI Security Challenge - Walkthrough
A walkthrough of the latest AI security challenge released by Wiz called Prompt Airlines.

Newer posts