🐱
Richie Havoc
👋

Richie Havoc

Security Researcher | Student | Pentester | CTF Player 🎉

Latest Posts

View all →
litellm Supply Chain Attack (March 2026): How TeamPCP Backdoored a PyPI Package Used by Millions
SupplyChain

litellm Supply Chain Attack (March 2026): How TeamPCP Backdoored a PyPI Package Used by Millions

On March 24, 2026, threat actor TeamPCP published two backdoored versions of litellm to PyPI, affecting developers who installed v1.82.7 or v1.82.8 during a 3-hour window. This is a verified, technical breakdown of exactly how the attack happened, what the malware did, how to check if you're affected, and what it means for supply chain security going forward.

Mar 26, 2026 14 min read
Vibe Hacking Explained: How AI Is Letting Complete Beginners Launch Real Attacks
VibeHacking

Vibe Hacking Explained: How AI Is Letting Complete Beginners Launch Real Attacks

Vibe hacking is the dark twin of vibe coding - using AI tools to launch cyberattacks without needing to understand how they work. With verified real-world incidents including a Moltbook breach exposing 1.5 million tokens and Claude AI being used to run full extortion campaigns, this deep-dive covers exactly what vibe hacking is, how it works, and how defenders need to adapt in 2026.

Mar 26, 2026 11 min read
SQL Injection Is Not Dead: Modern SQLi Techniques That Still Work in 2026
Websecurity

SQL Injection Is Not Dead: Modern SQLi Techniques That Still Work in 2026

SQL injection has been 'dead' for over a decade - and it keeps not dying. This practical 2026 guide covers why SQLi persists, the modern techniques that bypass modern defenses, real CVEs that prove it still works against production applications, tool-based and manual methodology, and WAF evasion approaches used in current bug bounty and penetration testing work.

Mar 26, 2026 14 min read
One Username, Entire Identity: How OSINT Investigators Build Full Profiles From Almost Nothing
OSINT

One Username, Entire Identity: How OSINT Investigators Build Full Profiles From Almost Nothing

Most people use the same username everywhere. That single habit is an OSINT investigator's greatest gift. This step-by-step guide walks through the complete methodology for building a full identity profile from a single username — using free tools, real scenarios, and techniques used by law enforcement, journalists, and security researchers in 2026.

Mar 25, 2026 13 min read
AI-Powered OSINT in 2026: How Machine Learning Is Changing the Way We Investigate
OSINT

AI-Powered OSINT in 2026: How Machine Learning Is Changing the Way We Investigate

AI and machine learning have transformed open-source intelligence from a slow, manual discipline into a real-time, automated powerhouse. This deep-dive covers the tools, real scenarios, techniques, and ethical lines every OSINT investigator must understand in 2026.

Mar 25, 2026 16 min read
From Zero to Root: A Beginner's Complete Guide to Solving HTB Easy Machines in 2026
HackTheBox

From Zero to Root: A Beginner's Complete Guide to Solving HTB Easy Machines in 2026

New to Hack The Box? This complete 2026 beginner's guide walks you through every step — from setting up your VPN to rooting your first Easy machine. Tools, methodology, tips, and real examples inside.

Mar 24, 2026 9 min read
HackTheBox CTF OSINT Chitchat Browse Tags