Shockwave Attack Surface Management - CVE-2023-35078 Authentication Bypass affecting Ivanti MobileIron

CVE-2023-35078 is a Critical CVE on Ivanti's MobileIron product that allows malicious actors to dump the entire PII, devices and users on the MobileIron system in a matter of a single request.

Shockwave Identifies Web Cache Deception and Account Takeover Vulnerability affecting OpenAI's ChatGPT

Discover the story of our founder who uncovered the world's inaugural documented Web Vulnerability that impacted OpenAI's ChatGPT, and collaborated with the team to swiftly remediate it within hours.

Email Security Gone Wrong - How does email security strategy of organizations leaks sensitive information to the public?

Learn from our research presentation how active email security detection tools exposes sensitive information about your company without any interaction - and what you can do about it!

Subdomain Takeover: How a Misconfigured DNS Record Could Lead to a Huge Supply Chain Attack

This blog post discusses the discovery of a vulnerability which allowed malicious actors to claim assets.npmjs.com subdomain, and would likely have constructed a supply chain attack with.

Privilege Escalation via Mass Assignment: Practical Example hacking One of the World's Largest Consulting Firm

During a Web Based assessment for one the world's largest consulting firm, we identified and exploited a Mass Assignment vulnerability that allowed us to escalate privileges from a normal membership level to that of an administrator account, giving us full access to the organization's systems.

Wordpress Plugin Update Confusion

How we've helped in scaling up a ground-breaking research involving a novel supply chain attack on Wordpress Website