Research
Ollama Updates Itself Into Persistent RCE on Windows
A path traversal and a missing signature check in Ollama's Windows updater, surfaced by Striga, chain into persistent code execution that runs on every login.
Bartłomiej Dmitruk
Fail Open, Game Over: Turning a One-Line Tomcat Fix into Unauthenticated RCE
Striga uncovered a fail-open regression in Apache Tomcat's cluster encryption that turns a one-line code change into unauthenticated Remote Code Execution.
Bartłomiej Dmitruk
The Help Button That Steals Your NTLM Hash
A Striga scan of Mattermost Desktop revealed that server-controlled URLs bypass Electron's protocol validation entirely, enabling silent NTLM credential theft on Windows.
Bartłomiej Dmitruk
1994 Called. It wants its shell back
Striga reproduced and weaponized a 32-year-old telnet buffer overflow.
gyaraDOS