Security

This article presents a thorough, hands-on analysis and proof of concept for exploiting the stored XSS vulnerability CVE-2025-52559 in Zulip. It details how Ostorlab's AI-powered pentesting engine was used to automate the full cycle.

Security

This research introduces a pioneering dual approach that combines signature-based matching (DalvikFLIRT) with LLM-powered code transformation to bypass sophisticated Android app obfuscation, enabling automated security analysis of previously impenetrable code.

Security

A technical analysis of a vulnerability in CyberPanel, a Pre-Auth Root RCE, including confirmed exploitation paths, investigated components, and research methodology findings.

Security

This article is an in-depth look at the most common GraphQL vulnerabilities, why they occur, and how they can be mitigated.

Security

This article assesses the large-scale exposure of systems to multiple CVEs affecting the CUPS printing service, which can be chained together to achieve unauthenticated remote code execution (RCE). We provide an overview of how these vulnerabilities, including CVE-2024-47176, work in tandem, walking through the exploit flow. Additionally, we analyze how many systems are potentially vulnerable and highlight a unique behavior observed during testing.

Security

An in-depth look at the CVE-2024-47374 vulnerability affecting LiteSpeed Cache plugin for WordPress, its impact, and a technical breakdown of our detection method.

Security

The article delves into the technical details of this CVE, its potential impact, and the methods used to detect and exploit it.

Security

The article uncovers an Arbitrary File Read vulnerability in VigorConnect that lets attackers access sensitive files. The issue originates from improper input validation in file handling methods.