ALL POSTS

Key Findings A critical security vulnerability, CVE-2025-13780, has been discovered in pgAdmin, the popular open-source management tool for PostgreSQL. The flaw allows attackers to achieve Remote Code Execution (RCE) by exploiting a subtle oversight in how the software processes file encoding. The vulnerability affects pgAdmin versions up to 9.10 when running in server mode. It creates a scenario where a routine database restore operation can be weaponized to execute arbitrar

Key Findings Nine NuGet packages published under the alias "shanhai666" are designed to execute destructive, time-delayed payloads against database applications and industrial control systems. The packages provide nearly all of their advertised functionality, blending genuine code with hidden sabotage to build trust and pass code reviews. The malware exploits C# extension methods to transparently inject malicious logic into database and PLC operations, including methods to te