Research & news
Dream researchers push technology to its furthest edge, building and testing breakthrough capabilities, from artificial intelligence and advanced threat hunting to malware reverse engineering, and vulnerability research in existing and emerging attack surfaces.
Operating at the frontier of cyber and artificial intelligence research, we turn bold ideas into working innovation that strengthens how nations anticipate, understand, and neutralize the most complex threats.
The DREAM Security Research Team has identified four security vulnerabilities in ScadaBR 1.2.0, an open-source SCADA platform. These findings were reported to CISA and published on May 19, 2026.Successful exploitation of these vulnerabilities could allow an attacker to perform unauthenticated remote code execution.No patch is available. The ScadaBR project has been dormant since 2021 and has not published a patch.
Arad Inbar, a security researcher from our research group at DREAM, recently presented at Black Hat Singapore. The talk focused on using protocol specifications, specifically RFCs, as a primary surface for vulnerability discovery.
One of the most powerful ways to understand what a security patch actually fixes is to reverse engineer the binaries before and after the update. Vendors rarely disclose full vulnerability details immediately, but the code always tells the truth. By performing a binary diff, researchers can quickly identify which parts of the code changed and infer the class of vulnerabilities that the patch mitigates.
We built an AI agent for security teams. It analyzes configs, hunts for vulnerabilities, investigates threats. Here’s what we underestimated: security people are paid to be paranoid. They don’t trust systems they can’t audit.And honestly? They shouldn’t.So we built an explainability layer. Not just “here’s what we found” but “here’s why we think that, and here’s how you can check.”Here’s what worked, what didn’t, and what surprised us.