Reporting and Disclosure Obligations in the Cyber Resilience Act When do vendors need to report what to whom?

In our latest blog post, we examine the reporting and disclosure obligations for software vendors under the European Cyber Resilience Act (CRA). Parts of these obligations take effect this September. mogwailabs.de/en/blog/2026...

We know we are late, but happy New Year everyone 🥳 . We have already been busy and are now a GCVE Numbering Authority (GNA).

The Global CVE (GCVE) allocation system is a new, decentralized approach to vulnerability identification and numbering. More info about GCVE: gcve.eu

We're pleased to announce that we donated a total of € 7,100 from Bug Bounty rewards to charities this year. Hacky Christmas everybody!

Generex RCCMDTray Remote OS Command Execution

New security advisory: Generex RCCMDTray Remote OS Command Execution. mogwailabs.de/en/advisorie...

4D Unauthenticated File Disclosure

We just added a new vulnerability to our "bug parade" page. If you are using 4D based applications, please ensure that you are on the latest patch level to avoid potential security risks.

mogwailabs.de/en/advisorie...

c3p0, you little rascal The c3p0 library provides many useful exploitation primitives, deserving more attention

In our latest blog post, we dive into the hidden gems of the Java library c3p0 and explore how it can be leveraged in different exploitation scenarios. Happy reading! 😀

mogwailabs.de/en/blog/2025...

Hello Bluesky 😀