Blog
Prompt Injection to RCE
Written by Harel Levy on
With the rapid adoption of large language models (LLMs), AI agents are becoming central to modern web applications. Companies across various industries are integrating AI agents into their platforms to… read more
Server-Side Prototype Pollution
Written by Bar Hajby on
While not as widely recognized as other web vulnerabilities, prototype pollution has gained significant attention in recent years due to its potential impact on both client-side and server-side applications. This… read more
PHP Type Juggling Vulnerability
Written by Harel Levy on
to PHP Juggling Vulnerability Understanding the PHP type juggling vulnerability is crucial for developers: PHP is one of the most popular backend programming languages suited explicitly for web development. Its… read more
Blind XSS to Complete Account Takeover
Written by Yuval Batan on
Applications’ security remains a constant challenge. Particular vulnerabilities pose significant risks when left unaddressed. One such threat is Cross-Site Scripting (XSS), a flaw that allows attackers to inject and execute… read more
Firebase Authentication Misconfiguration
Written by Sagiv Michael on
Firebase Authentication, a Google-provided solution, simplifies user authentication for web and mobile apps with support for email and password, social logins, phone verification, and anonymous sign-ins. It integrates seamlessly with… read more
Single Packet Attack: Race Condition
Written by Bar Hajby on
Race condition vulnerabilities pose significant and often underestimated threats that can lead to severe consequences. These issues arise when multiple threads or processes compete to access shared resources, resulting in… read more
Subdomain Takeover Attack
Written by Bar Hajby on
While not as widely recognized as other cybersecurity threats, subdomain takeover attacks have gained significant attention in recent years due to their potential to cause severe security breaches. These attacks… read more
Account Takeover via JWT Misconfiguration
Written by Sagiv Michael on
In the fast-evolving mobile app security world, vulnerabilities often slip under the radar, posing significant risks to users and organizations. During a recent mobile app assessment, our team discovered a… read more
Account Takeover via OTP Mechanism
Written by Sagiv Michael on
During a penetration test, we found a critical vulnerability that allows full account takeovers. The attack stems from severe flaws in the OTP (One-Time Password) mechanism. Specifically, the system returns… read more
LLM Prompt Injection
Written by Yuval Batan on
Large Language Models (LLMs) are advanced AI systems trained on massive datasets, enabling them to translate languages, create images, answer questions, and more. They power SaaS platforms, chatbots, virtual assistants,… read more