Security
Expanded Privacy Analysis, Attack Surface Profiling, and GitHub Source Mapping Improvements
Ostorlab's May 2025 update delivers comprehensive privacy analysis capabilities with 21 new data collection categories and enhanced verification tools. This release introduces specialized Attack Surface scan profiles for optimized security assessments, adds GitHub source code integration for precise vulnerability mapping, and implements QPS rate limiting for controlled scanning. Additional improvements include mobile scan URL regex controls, streamlined Jira integration, and expanded fingerprinting capabilities for improved detection accuracy.
Mon 12 May 2025
Pre-Auth Root RCE Vulnerability in CyberPanel: Deep Dive Exploit Analysis
A technical analysis of a vulnerability in CyberPanel, a Pre-Auth Root RCE, including confirmed e...
Wed 30 October 2024
Defending Against GraphQL Attacks: A Deep Dive into Common Vulnerabilities
This article is an in-depth look at the most common GraphQL vulnerabilities, why they occur, and ...
Mon 21 October 2024
Assessing the Large-Scale Exposure of CUPS Vulnerabilities: Chained CVEs Leading to Remote Code Execution
This article assesses the large-scale exposure of systems to multiple CVEs affecting the CUPS pri...
Wed 16 October 2024
Threat Center v2: Staying Ahead of Vulnerabilities
The Threat Center provides essential updates for organizations to stay informed about security threats, offering actionable intelligence and detailed asset information to help users proactively protect their systems.
Deep Dive: Stored XSS Vulnerability in LiteSpeed Cache Plugin for WordPress (CVE-2024-47374)
An in-depth look at the CVE-2024-47374 vulnerability affecting LiteSpeed Cache plugin for WordPress, its impact, and a technical breakdown of our detection method.
Latest posts
Actively Exploited CVE-2022-21445, Deep Dive
The article delves into the technical details of this CVE, its potential impact, and the methods used to detect and exploit it.
Wed 25 September 2024
Unraveling the VigorConnect Vulnerability: A Journey of Discovery and Correction
The article uncovers an Arbitrary File Read vulnerability in VigorConnect that lets attackers access sensitive files. The issue originates from improper input validation in file handling methods.
Thu 12 September 2024
OXO Titan UI: Simplifying Security Scanning for Everyone
OXO Titan UI encapsulates OXO's capabilities within an accessible interface, democratizing advanced security scanning techniques. This article explores OXO Titan's journey from concept to reality, highlighting its key features and presenting a practical user workflow example.
Mon 26 August 2024
Advanced Techniques for Bypassing 403 Errors
Discover the comprehensive techniques that are commonly used to bypass 403 errors. Learn about the various methods used, including HTTP method fuzzing, request header manipulation, parameter tampering, and more.
Mon 05 August 2024
CVE-2024-5315 Dolibarr SQL Injection Investigation
CVE-2024-5315, an actively exploited Dolibarr SQL Injection with in incorrect patched-in version.
Sun 14 July 2024
iOS TestFlight scan, Slack Integrations and other improvements
This update introduces support for scanning apps using iOS TestFlight, Slack Integrations, support for scanning web apps with an SBOM, and other improvements.
Mon 10 June 2024
Integrations, Dynamic analysis improvements, and a new standard support
This update introduces multiple new integrations with CI/CD pipelines, improvements to dynamic traces interception & analysis, support for the MASVS v2.0.0 standard, and many bug fixes.
Mon 27 May 2024
🚀 OXO v1.0!
OXO version 1.0, is 10x times faster, supports ARM64 architectures, and is packed with improved capabilities like scanning multiple assets, simpler and powerful CLI.
Mon 29 April 2024
Changelog
View all changesiOS TestFlight scan, Slack Integrations and other improvements
Mon 10 June 2024
Security Enhancements, Compliance Mapping, and User Experience Upgrades
Fri 13 October 2023