A researcher found 7,500 internet-exposed Honeywell IQ4 building controllers. 20% are accessible without authentication. Honeywell says it is not their problem.

I used to chain five tools for vulnerability scanning. Nuclei replaced all of them. 9,000+ community templates, YAML-based, and faster than anything I have benchmarked.

Tire pressure sensors transmit a unique 32-bit ID in cleartext on every car built since 2007. Researchers tracked 20,000 vehicles with $100 radios.

I use Censys, FOFA, and ZoomEye more than Shodan now. Each has a different crawl strategy, different data, and different blind spots. Here is when I use which.

CVE-2026-21385: a signed integer where an unsigned was needed in Qualcomm's GPU driver. 234 chipsets affected. Google TAG found it while tracking spyware.