01Work02Research03About04Blog05Contact
Offensive research

Research

Defense is built by those who know how to attack. CVEs, advisories, and bug bounty across enterprise programs and open source projects, with a growing focus on AI security.

3
Assigned Critical CVEs
10
Published advisories
40+
Targets & programs
6
Libraries, one leak
2026
Vulnerability Research - 3 Critical CVEs, 40+ Targets

Coordinated disclosure campaign across open source projects and enterprise programs: 3 assigned Critical CVEs (CVE-2026-38595 im3x, CVE-2026-38600/38601 gohttpserver), 4 pending at MITRE, and 10 published advisories - including a recurring cross-origin header leak across 6 HTTP client libraries (undici, node-fetch, follow-redirects, go-resty, req, gorequest). Bug bounty across 40+ targets via Bugcrowd, Intigriti, HackerOne and Huntr: Grafana, Aiven, MLflow, AWS SageMaker, GitLab, Nextcloud, labstack/echo, aiohttp and more. Responsible disclosure to Anthropic (Claude Code), with a growing focus on AI security.

Disclosure
2026
Cipher - Cyber Risk Matrix for SMEs

9 sectors × 13 risks, interactive assessment, economic impact calculator, and NIS2 checker. Bilingual.

Platform
2025
Secure Digitalization Blueprint

Ebook on secure digitalization methodology for SMEs.

Publication
2025
CTI Seminar - University of Bari Aldo Moro

Cyber Threat Intelligence seminar for 3rd year Computer Science students (~40 attendees).

Talk
2025
Gazzetta del Mezzogiorno - Cybersecurity & Innovation

Article in Gazzetta del Mezzogiorno on cybersecurity activities and innovation.

Press