
Blog

PHP Type Juggling Vulnerability
Written by Harel Levy on
to PHP Juggling Vulnerability Understanding the PHP type juggling vulnerability is crucial for developers: PHP is one of the most popular backend programming languages suited explicitly for web development. Its… read more

Blind XSS to Complete Account Takeover
Written by Yuval Batan on
Applications’ security remains a constant challenge. Particular vulnerabilities pose significant risks when left unaddressed. One such threat is Cross-Site Scripting (XSS), a flaw that allows attackers to inject and execute… read more

Firebase Authentication Misconfiguration
Written by Sagiv Michael on
Firebase Authentication, a Google-provided solution, simplifies user authentication for web and mobile apps with support for email and password, social logins, phone verification, and anonymous sign-ins. It integrates seamlessly with… read more
Single Packet Attack: Race Condition
Written by Bar Hajby on
Race condition vulnerabilities pose significant and often underestimated threats that can lead to severe consequences. These issues arise when multiple threads or processes compete to access shared resources, resulting in… read more
Subdomain Takeover Attack
Written by Bar Hajby on
While not as widely recognized as other cybersecurity threats, subdomain takeover attacks have gained significant attention in recent years due to their potential to cause severe security breaches. These attacks… read more
Account Takeover via JWT Misconfiguration
Written by Sagiv Michael on
In the fast-evolving mobile app security world, vulnerabilities often slip under the radar, posing significant risks to users and organizations. During a recent assessment of a client’s mobile application, our… read more
Account Takeover via OTP Mechanism
Written by Sagiv Michael on
During a penetration test of a client’s authentication mechanisms, we uncovered a critical vulnerability that can lead to a complete account takeover of any user within the system. This finding… read more
LLM Prompt Injection
Written by Yuval Batan on
Large Language Models (LLMs) are a type of Artificial Intelligence (AI) that have taken the tech world by storm. These powerful models are trained on massive amounts of data, allowing… read more
Breaking Application Logic with Negative User Input
Written by Yuval Batan on
While delivering impressive features, the complex logic that powers modern web applications can create unforeseen security weaknesses. Even seemingly minor flaws in these systems’ underlying business logic can be exploited… read more
Exploiting Android Architecture
Written by Yuval Batan on
The Android operating system powers millions of smartphones worldwide, offering users an excessive number of applications responsible for every aspect of our lives, from personal organization to online banking applications.… read more