Defending Against GraphQL Attacks: A Deep Dive into Common Vulnerabilities
This article is an in-depth look at the most common GraphQL vulnerabilities, why they occur, and how they can be mitigated.
Mon 21 October 2024
Assessing the Large-Scale Exposure of CUPS Vulnerabilities: Chained CVEs Leading to Remote Code Execution
This article assesses the large-scale exposure of systems to multiple CVEs affecting the CUPS printing service, which can be chained together to achieve unauthenticated remote code execution (RCE). We provide an overview of how these vulnerabilities, including CVE-2024-47176, work in tandem, walking through the exploit flow. Additionally, we analyze how many systems are potentially vulnerable and highlight a unique behavior observed during testing.
Wed 16 October 2024
Threat Center v2: 🚨 Staying Ahead of Vulnerabilities 🛡️
The Threat Center provides essential updates for organizations to stay informed about security threats, offering actionable intelligence and detailed asset information to help users proactively protect their systems.
Thu 10 October 2024
Deep Dive: Stored XSS Vulnerability in LiteSpeed Cache Plugin for WordPress (CVE-2024-47374)
An in-depth look at the CVE-2024-47374 vulnerability affecting LiteSpeed Cache plugin for WordPress, its impact, and a technical breakdown of our detection method.
Thu 10 October 2024
HTTP2, Private Custom Checks, actively exploited CVE and much more.
The latest releases introduce HTTP/2 support, improve UI and detection, enhance privacy and security measures, and update custom checks and analysis environments for better performance.
Actively Exploited CVE-2022-21445, Deep Dive
The article delves into the technical details of this CVE, its potential impact, and the methods used to detect and exploit it.
Latest posts
Unraveling the VigorConnect Vulnerability: A Journey of Discovery and Correction
The article uncovers an Arbitrary File Read vulnerability in VigorConnect that lets attackers access sensitive files. The issue originates from improper input validation in file handling methods.
Thu 12 September 2024
Enhanced Vulnerability Detection, Expanded Features, and Critical Fixes
This update introduces enhanced vulnerability detection with AI improvements, new UI features, expanded support for asset types, upgraded network interception, and broader CVE coverage, alongside several bug fixes and optimizations across scanning, fingerprinting, and GitHub Actions.
Mon 09 September 2024
OXO Titan, Support for CVSS4, and Attack Surface search with certificates
Our latest release features a new OnPrem UI, better PDF Reports with insightful graphs, support for CVSS4, plus much more.
Wed 28 August 2024
OXO Titan UI: Simplifying Security Scanning for Everyone
OXO Titan UI encapsulates OXO's capabilities within an accessible interface, democratizing advanced security scanning techniques. This article explores OXO Titan's journey from concept to reality, highlighting its key features and presenting a practical user workflow example.
Mon 26 August 2024
Privacy Compliance Testing, Fingerprint detection, and User Experience Enhancements
Dive into our latest release featuring the introduction of Privacy Compliance Testing, new detection of several fingerprints, and User Experience Enhancements.
Mon 12 August 2024
Threat Center, Account Security Enhancements, and added detection
Dive into our latest release featuring the introduction of a Threat Center, enhanced account security, and new detection.
Mon 05 August 2024
Advanced Techniques for Bypassing 4xx Errors
Discover the comprehensive techniques that are commonly used to bypass 4xx errors. Learn about the various methods used, including HTTP method fuzzing, request header manipulation, parameter tampering, and more.
Mon 05 August 2024
Advanced XSS Protection, CircleCI Enhancements, and UI Upgrades in Our Latest Release
Dive into our latest release featuring cutting-edge XSS detection, streamlined CircleCI workflows, sleek UI enhancements, and robust security integrations with Codecov and UV—designed to empower and secure your digital experience.
Wed 31 July 2024