Category

Security

This technical analysis reveals how sophisticated attack chains—combining path traversal, symbolic link manipulation, and Android SDK quirks—can breach Signal Android's defenses to extract sensitive internal files, despite its legendary encryption remaining intact. While Signal patched these vulnerabilities within days, the discoveries offer crucial lessons about how seemingly minor bugs can be chained into powerful exploits, and why even the best security architecture needs multiple layers of defense

Security

Automating Security Research: AI Engine Exploits Report Portal XXE (CVE-2021-29620)

This article presents a thorough, hands-on analysis and proof of concept for exploiting an OOB XX...

Thu 07 August 2025

Security

Automating Security Research: AI Engine Exploits Zulip Stored XSS (CVE-2025-52559)

This article presents a thorough, hands-on analysis and proof of concept for exploiting the store...

Mon 28 July 2025

Security

Bypassing Obfuscation in Android Apps: A Dual Approach with DalvikFLIRT and LLM-Powered Rewrites

This research introduces a pioneering dual approach that combines signature-based matching (Dalvi...

Wed 16 April 2025

A technical analysis of a vulnerability in CyberPanel, a Pre-Auth Root RCE, including confirmed exploitation paths, investigated components, and research methodology findings.

This article is an in-depth look at the most common GraphQL vulnerabilities, why they occur, and how they can be mitigated.

Latest posts

Assessing the Large-Scale Exposure of CUPS Vulnerabilities: Chained CVEs Leading to Remote Code Execution

This article assesses the large-scale exposure of systems to multiple CVEs affecting the CUPS printing service, which can be chained together to achieve unauthenticated remote code execution (RCE). We provide an overview of how these vulnerabilities, including CVE-2024-47176, work in tandem, walking through the exploit flow. Additionally, we analyze how many systems are potentially vulnerable and highlight a unique behavior observed during testing.

Wed 16 October 2024

Deep Dive: Stored XSS Vulnerability in LiteSpeed Cache Plugin for WordPress (CVE-2024-47374)

An in-depth look at the CVE-2024-47374 vulnerability affecting LiteSpeed Cache plugin for WordPress, its impact, and a technical breakdown of our detection method.

Thu 10 October 2024

Actively Exploited CVE-2022-21445, Deep Dive

The article delves into the technical details of this CVE, its potential impact, and the methods used to detect and exploit it.

Wed 25 September 2024

Unraveling the VigorConnect Vulnerability: A Journey of Discovery and Correction

The article uncovers an Arbitrary File Read vulnerability in VigorConnect that lets attackers access sensitive files. The issue originates from improper input validation in file handling methods.

Thu 12 September 2024

Advanced Techniques for Bypassing 4xx Errors

Discover the comprehensive techniques that are commonly used to bypass 4xx errors. Learn about the various methods used, including HTTP method fuzzing, request header manipulation, parameter tampering, and more.

Mon 05 August 2024

CVE-2024-5315 Dolibarr SQL Injection Investigation

CVE-2024-5315, an actively exploited Dolibarr SQL Injection with in incorrect patched-in version.

Sun 14 July 2024

CocoaPods Supply Chain Fire: What Should You Know

E.V.A Information Security uncovered critical vulnerabilities in CocoaPods, leading to immediate patches, and developers must now remove unclaimed packages, verify dependencies, and scan their applications to ensure security.

Wed 03 July 2024

Ostorlab KEV update for 02 April 2024

New vulnerabilities added to Ostorlab known exploited vulnerabilities catalog

Tue 02 April 2024


Previous
1 of 5