The last time the ZSL website got a proper redesign was somewhere around 2010. That's roughly 16 years of the same look. It worked, it served its purpose, but let's be honest -- it was showing its age. Version 3.0 is the result of finally sitting down and building something that feels right for what the lab actually is in 2026.
No grand relaunch announcement, no countdown timer. Just quietly replacing the old thing with something better.
The new design is dark-themed, minimal, and built entirely with vanilla HTML, CSS, and JavaScript. No React, no Vue, no Tailwind, no build step. Just plain files served as-is. Typography is handled by IBM Plex Mono and IBM Plex Sans -- clean, readable, and they give the whole thing that terminal-adjacent feel without being obnoxious about it.
The entire site runs as a single-page application with hash-based routing. Everything loads from one index.html -- navigation between pages like #/advisories, #/lablog, #/tools, and so on happens client-side. It keeps things fast and the page never fully reloads. Deep-linking works too, so you can share a direct URL to any advisory or blog post and it'll land exactly where it should.
Navigation lives in a sidebar with pages for Home, Advisories, Papers, Presentations, Projects, Tools, Services, Lablog, History, and Contact. The home page has stat blocks showing lab metrics, a capabilities grid, a "From The Lab" section pulling in the latest entries, and an About section. Nothing fancy, just well-organized information that loads instantly.
The contact page has a world map background which turned out nicer than expected. Error pages exist for 400, 401, 403, 404, 500, 502, and 503 -- because if something breaks, it should at least break with style.
This was the big one. Over 1,100 security advisories needed to be migrated from the old site's legacy PHP files into clean, standalone HTML pages. A Python scraper (zsl_adv_scraper.py, powered by BeautifulSoup) handled the heavy lifting -- parsing the old format and generating new pages with proper severity badges, CVE references, vendor details, proof-of-concept code blocks, and disclosure timelines.
Each advisory now has color-coded severity badges and a consistent layout that's actually pleasant to read. There's also an advisory_editor.html tool for generating new advisory pages going forward -- fill in the fields, get a live preview, export the HTML. No more hand-editing templates.
To preserve backward compatibility with older deep links from the previous site, a 301 redirect rule was added to .htaccess so that legacy PHP advisory URLs automatically resolve to the new SPA hash routes:
RewriteEngine On
RewriteRule ^en/vulnerabilities/(ZSL-[^/.]+)\.php$ /#/advisories/$1 [R=301,NE,L]
Claude (Anthropic's AI) was a huge help throughout this project. From CSS tweaks to debugging SPA routing logic to writing the advisory scraper -- having an AI collaborator made the whole process significantly faster. When you're juggling life and work and side projects, being able to offload the tedious parts and focus on the decisions that matter is invaluable.
It was genuinely fun working with it. Not in a gimmicky way, but in a "this actually saves me hours" way. The back-and-forth of iterating on code, asking it to refactor something, or having it spot an issue I missed -- that workflow just clicks.
Yes, there's a centipede. A canvas-drawn, multi-segmented centipede that follows your cursor around the page. It has articulated legs, antennae, and a body rendered in subtle translucent strokes so it doesn't overwhelm the content. It's there to keep you company while you browse. Nobody asked for it. It exists anyway. It's turned off by default -- you can enable it from the toggle in the sidebar if you want the little guy crawling around.
The site ships in dark mode by default, but there's also a light mode available via the sidebar toggle. Both themes are fully styled across every page and component -- advisory lists, lablog cards, services, contact, the works. Dark for late-night reading, light for when the sun is out and you actually have the blinds open.
The About section on the Home page features a set of porcelain samurai figurines -- four of them, one next to each paragraph. But here's the thing: every time you refresh the page, the images randomize. There are 35 photographs in total, split across the four sections, so each reload tells a slightly different visual story. Hit refresh a few times and you'll see different stances, different compositions, different moods. It's a small animation of sorts -- a rotating cast of silent warriors standing guard over the text. Keep refreshing and watch the samurai hax0rz cycle through their stances -- it's almost like a stop-motion story unfolding one reload at a time.
The original samurai figurines still stand in the original ZSL HQ in Kumanovo, where they've been since the early days. The photographs were developed by Mr. Popovsky (Popovski Produkcija) -- beautifully shot on dark wood with that moody lighting that just works perfectly with the site's aesthetic. Thank you for capturing them so well.
The 404 page randomly picks from a collection of ASCII art pulled from actual exploit code -- pieces from nero_bof.txt, anyconnect_bof.txt, brainfog, and others. Every time you hit a dead link, you get a different one. It's a small touch but it makes the error pages feel like they belong to the site rather than being an afterthought.
Advisory URLs are fully shareable deep links. The severity badge system uses color coding so you can scan a list and immediately spot the critical ones. These details add up.
The History page is worth a visit if you're curious about where the lab has been. It documents the old website designs -- what version 1.0 and 2.0 looked like, how the visual identity evolved over the years. There's also a Media References & Mentions section that catalogs articles, interviews, and press coverage the lab has received over time. It's a timeline of the lab's presence in the security community, from early mentions to more recent coverage.
A few people deserve recognition here.
The ZSL logo was designed by Aleksandar Pesevski of MightyCreation. Clean, distinctive, and it's held up remarkably well over the years. Good design doesn't need to be replaced every cycle -- it just works.
A big thank you to IWM Network, who helped shape the lab throughout the years in many ways -- support, motivation, and the kind of backing that keeps a small independent lab going when things get complicated. That kind of partnership matters more than most people realize.
And of course, Claude by Anthropic, who helped build this very site and made the whole process genuinely enjoyable.
This is ZSL Website v3.0, build 151. The site is still being refined. There are rough edges to smooth out and ideas that haven't been implemented yet. Blog posts here will be rare -- only when there's something genuinely worth writing about or an urge to put thoughts somewhere. No schedule, no content calendar, no SEO optimization strategy.
If you're reading this, you probably found it because you were looking at an advisory or poking around the lab. Either way -- welcome to v3.0. Refresh the home page a few times, watch the samurai hax0rz cycle through their stances, and enjoy the vibe.