Research

Notes on bugs, techniques, and tooling. Published when there's something worth saying.

Research.

16.03.2026 Post
Heap out-of-bounds in decompression loops

The bug class behind a chunk of recent zero-clicks. Integer overflows, missing bounds checks, and why hardened codebases still fall over the same edge.
Arni Hardarson · 12 min read →
2026 Advisory
CVE-2026-28922

Vulnerability disclosure. Coordinated with the vendor.
Arni Hardarson ↗
2026 Advisory
CVE-2026-28990

Vulnerability disclosure. Coordinated with the vendor.
Arni Hardarson ↗
2026 Advisory
CVE-2026-28859

Vulnerability disclosure. Coordinated with the vendor.
Arni Hardarson ↗
2025 Talk
From patch panic to proactive defence

Managing edge device vulnerabilities in 2025. Melbourne Cyber Conference, invited speaker.
Arni Hardarson ↗

// Get in touch

hello@neonixsecurity.com

A short note about what you're working on is enough to start. We read every message and reply within a business day.