Attacks

Read the latest news on cybersecurity incidents and software vulnerabilities, as well as entries explaining specific attacks or instructing how to perform them.

Photo by Fotis Fotopoulos on Unsplash

Carlos Bello


Beware of insecure-by-default libraries!

Here we present in detail a vulnerability we discovered in BookStack v23.10.2, along with the steps to follow to replicate the exploit.

Photo by Aaron Burden on Unsplash

Jason Chavarría


Among exposed were secrets, code and AI training data

We describe the leak and mention its causes and threats, talk about the possible security risks when using Azure SAS tokens and give advice to prevent leaks.

Photo by Yeshi Kangrang on Unsplash

Carlos Bello


What is invisible to some hackers is visible to others

Here we present in detail a vulnerability we discovered in PaperCut MF/NG v22.0.10, along with the steps to follow to replicate the exploit.

Photo by Snowscat on Unsplash

Jason Chavarría


Toyota's ancient and recently disclosed data leaks

We describe the data leaks recently disclosed by Toyota Motor Corporation lasting five, eight and ten years.

Photo by Pierre Bamin on Unsplash

Felipe Ruiz


Watch out for keylogging/keyloggers

Here we spell out what keylogging is and what keyloggers are, as well as how you can prevent, identify and remove them.

Photo by Jelleke Vanooteghem on Unsplash

Felipe Ruiz


Benefits and risks of these increasingly used programs

We describe the password managers, their advantages and disadvantages, some recent security incidents, and give you some recommendations on their use.

Photo by sebastiaan stam on Unsplash

Carlos Bello


Injecting JS into one site is harmful, into all, lethal

In this blog post, we present in detail a vulnerability we discovered in Rushbet v2022.23.1-b490616d, along with the steps to follow to replicate the exploit.

Photo by Nahel Abdul Hadi on Unsplash

Carlos Bello


So it's the app itself that delivers the cookie to me?

In this blog post, I present in detail a zero-day vulnerability I discovered in KAYAK v161.1, along with the steps to follow to replicate the exploit.

Photo by Axel Ruffini on Unsplash

Andres Roldan


A Black Hat talk follow up

We will take a brief understanding at DirectX, a new attack surface on Hyper-V

Start your 21-day free trial

Discover the benefits of our Continuous Hacking solution, which hundreds of organizations are already enjoying.

Start your 21-day free trial
Fluid Logo Footer

Hacking software for over 20 years

Fluid Attacks tests applications and other systems, covering all software development stages. Our team assists clients in quickly identifying and managing vulnerabilities to reduce the risk of incidents and deploy secure technology.

Copyright © 0 Fluid Attacks. We hack your software. All rights reserved.