Carlos Bello
Beware of insecure-by-default libraries!
Here we present in detail a vulnerability we discovered in BookStack v23.10.2, along with the steps to follow to replicate the exploit.
Jason Chavarría
Among exposed were secrets, code and AI training data
We describe the leak and mention its causes and threats, talk about the possible security risks when using Azure SAS tokens and give advice to prevent leaks.
Carlos Bello
What is invisible to some hackers is visible to others
Here we present in detail a vulnerability we discovered in PaperCut MF/NG v22.0.10, along with the steps to follow to replicate the exploit.
Jason Chavarría
Toyota's ancient and recently disclosed data leaks
We describe the data leaks recently disclosed by Toyota Motor Corporation lasting five, eight and ten years.
Felipe Ruiz
Watch out for keylogging/keyloggers
Here we spell out what keylogging is and what keyloggers are, as well as how you can prevent, identify and remove them.
Felipe Ruiz
Benefits and risks of these increasingly used programs
We describe the password managers, their advantages and disadvantages, some recent security incidents, and give you some recommendations on their use.
Carlos Bello
Injecting JS into one site is harmful, into all, lethal
In this blog post, we present in detail a vulnerability we discovered in Rushbet v2022.23.1-b490616d, along with the steps to follow to replicate the exploit.
Carlos Bello
So it's the app itself that delivers the cookie to me?
In this blog post, I present in detail a zero-day vulnerability I discovered in KAYAK v161.1, along with the steps to follow to replicate the exploit.
Andres Roldan
A Black Hat talk follow up
We will take a brief understanding at DirectX, a new attack surface on Hyper-V
