Security
Deep Dive: Stored XSS Vulnerability in LiteSpeed Cache Plugin for WordPress (CVE-2024-47374)
An in-depth look at the CVE-2024-47374 vulnerability affecting LiteSpeed Cache plugin for WordPress, its impact, and a technical breakdown of our detection method.
Thu 10 October 2024
Actively Exploited CVE-2022-21445, Deep Dive
The article delves into the technical details of this CVE, its potential impact, and the methods ...
Wed 25 September 2024
Unraveling the VigorConnect Vulnerability: A Journey of Discovery and Correction
The article uncovers an Arbitrary File Read vulnerability in VigorConnect that lets attackers acc...
Thu 12 September 2024
Advanced Techniques for Bypassing 4xx Errors
Discover the comprehensive techniques that are commonly used to bypass 4xx errors. Learn about th...
Mon 05 August 2024
CVE-2024-5315 Dolibarr SQL Injection Investigation
CVE-2024-5315, an actively exploited Dolibarr SQL Injection with in incorrect patched-in version.
CocoaPods Supply Chain Fire: What Should You Know
E.V.A Information Security uncovered critical vulnerabilities in CocoaPods, leading to immediate patches, and developers must now remove unclaimed packages, verify dependencies, and scan their applications to ensure security.
Latest posts
Ostorlab KEV update for 02 April 2024
New vulnerabilities added to Ostorlab known exploited vulnerabilities catalog
Tue 02 April 2024
Security Landscape of Mobile Banking Applications in North America
This article examines the security of mobile banking applications in North America, uncovering widespread vulnerabilities and the urgent need for enhanced cybersecurity measures. It highlights the fast-paced technological advancements in the sector, alongside challenges such as supply chain vulnerabilities and the adoption of potentially insecure programming practices.
Tue 19 March 2024
Ostorlab KEV update for 11th March 2024
New vulnerabilities added to Ostorlab known exploited vulnerabilities catalog
Mon 11 March 2024
Ostorlab KEV update for 26th February 2024
New vulnerabilities added to Ostorlab known exploited vulnerabilities catalog
Mon 26 February 2024
Mapping Dependency Confusion: A Novel Detection Approach using Source Map Files
The article delves into dependency confusion vulnerabilities and introduces a novel detection and exploitation technique then provides actionable steps to mitigate the risks associated with this vulnerability.
Tue 13 February 2024
Known Exploitable Vulnerabilities: Catching them all
In this article we will Discover essential tools and empirical insights for identifying critical, high-severity, and actively exploitable vulnerabilities sourced from reputable platforms like CISA KEV, Google’s Tsunami, and the innovative Ostorlab’s Asteroid Project.
Wed 10 January 2024
New OWASP Mobile Top 10
Release of new OWASP Mobile Top 10 with improvements, updates and a behind the scenes.
Mon 27 November 2023
One Scheme to Rule Them All: OAuth Account Takeover
This article delves into the exploitation of OAuth account takeover using app impersonation through custom scheme hijacking, an overlooked vulnerability pattern affecting most OAuth providers and consequently many popular applications including apps with over 1B downloads.
Tue 17 October 2023