api
AI Engine Triggers Account Takeover via API Version Confusion
Methodical analysis beats blind fuzzing as Ostorlab's AI engine discovers cross-version password reset weakness and achieves account takeover without email access.
Mon 15 December 2025
Going Beyond: Ostorlab AI Engine Discovers Unknown Vulnerability Classes
Ostorlab’s reasoning-driven AI engine breaks past rule-based limits to surface previously unknown...
Mon 13 October 2025
Defending Against GraphQL Attacks: A Deep Dive into Common Vulnerabilities
This article is an in-depth look at the most common GraphQL vulnerabilities, why they occur, and ...
Mon 21 October 2024
HTTP2, Private Custom Checks, actively exploited CVE and much more.
The latest releases introduce HTTP/2 support, improve UI and detection, enhance privacy and secur...
Mon 07 October 2024
Enhanced Vulnerability Detection, Expanded Features, and Critical Fixes
This update introduces enhanced vulnerability detection with AI improvements, new UI features, expanded support for asset types, upgraded network interception, and broader CVE coverage, alongside several bug fixes and optimizations across scanning, fingerprinting, and GitHub Actions.
Finding and Validating Hardcoded Keys and Secrets
Hardcoded secrets are easy to find and might open a gate to sensitive data or privileged access. This makes them a great target for Bug Bounty hunters and Attackers.