Security
Automating Security Research: AI Engine Exploits Zulip Stored XSS (CVE-2025-52559)
This article presents a thorough, hands-on analysis and proof of concept for exploiting the stored XSS vulnerability CVE-2025-52559 in Zulip. It details how Ostorlab's AI-powered pentesting engine was used to automate the full cycle.
Mon 28 July 2025
Bypassing Obfuscation in Android Apps: A Dual Approach with DalvikFLIRT and LLM-Powered Rewrites
This research introduces a pioneering dual approach that combines signature-based matching (DalvikFLIRT) with LLM-powered code transformation to bypass sophisticated Android app obfuscation, enabling automated security analysis of previously impenetrable code.
Wed 16 April 2025
Pre-Auth Root RCE Vulnerability in CyberPanel: Deep Dive Exploit Analysis
A technical analysis of a vulnerability in CyberPanel, a Pre-Auth Root RCE, including confirmed exploitation paths, investigated components, and research methodology findings.
Wed 30 October 2024
Defending Against GraphQL Attacks: A Deep Dive into Common Vulnerabilities
This article is an in-depth look at the most common GraphQL vulnerabilities, why they occur, and how they can be mitigated.
Mon 21 October 2024
Assessing the Large-Scale Exposure of CUPS Vulnerabilities: Chained CVEs Leading to Remote Code Execution
This article assesses the large-scale exposure of systems to multiple CVEs affecting the CUPS printing service, which can be chained together to achieve unauthenticated remote code execution (RCE). We provide an overview of how these vulnerabilities, including CVE-2024-47176, work in tandem, walking through the exploit flow. Additionally, we analyze how many systems are potentially vulnerable and highlight a unique behavior observed during testing.
Deep Dive: Stored XSS Vulnerability in LiteSpeed Cache Plugin for WordPress (CVE-2024-47374)
An in-depth look at the CVE-2024-47374 vulnerability affecting LiteSpeed Cache plugin for WordPress, its impact, and a technical breakdown of our detection method.
Latest posts
Actively Exploited CVE-2022-21445, Deep Dive
The article delves into the technical details of this CVE, its potential impact, and the methods used to detect and exploit it.
Wed 25 September 2024
Unraveling the VigorConnect Vulnerability: A Journey of Discovery and Correction
The article uncovers an Arbitrary File Read vulnerability in VigorConnect that lets attackers access sensitive files. The issue originates from improper input validation in file handling methods.
Thu 12 September 2024
Advanced Techniques for Bypassing 4xx Errors
Discover the comprehensive techniques that are commonly used to bypass 4xx errors. Learn about the various methods used, including HTTP method fuzzing, request header manipulation, parameter tampering, and more.
Mon 05 August 2024
CVE-2024-5315 Dolibarr SQL Injection Investigation
CVE-2024-5315, an actively exploited Dolibarr SQL Injection with in incorrect patched-in version.
Sun 14 July 2024
CocoaPods Supply Chain Fire: What Should You Know
E.V.A Information Security uncovered critical vulnerabilities in CocoaPods, leading to immediate patches, and developers must now remove unclaimed packages, verify dependencies, and scan their applications to ensure security.
Wed 03 July 2024
Ostorlab KEV update for 02 April 2024
New vulnerabilities added to Ostorlab known exploited vulnerabilities catalog
Tue 02 April 2024
Security Landscape of Mobile Banking Applications in North America
This article examines the security of mobile banking applications in North America, uncovering widespread vulnerabilities and the urgent need for enhanced cybersecurity measures. It highlights the fast-paced technological advancements in the sector, alongside challenges such as supply chain vulnerabilities and the adoption of potentially insecure programming practices.
Tue 19 March 2024
Ostorlab KEV update for 11th March 2024
New vulnerabilities added to Ostorlab known exploited vulnerabilities catalog
Mon 11 March 2024