Blog posts

VoIP is transforming business communication with flexibility and cost savings. However, its reliance on the internet brings cybersecurity risks. Discover how VoIP works, common threats, and the role of penetration testers in protecting organizations.

How broken access and Null Pointer Dereference was found in macOS IOMobileFramebuffer (AppleCLCD2) service.

TCC on macOS isn’t just an annoying prompt—it’s the last line of defense between malware and your private data. This article breaks down how TCC works, why third-party developers must take bypass vulnerabilities seriously, and how seemingly minor flaws can open the door to real-world attacks. Written from the perspective of both attacker and defender, it’s a must-read for app developers and security researchers alike.

In our latest research, we discovered four critical vulnerabilities in Symfonia eDokumenty (formerly Ready_TM), including Remote Code Execution, SQL Injection, and more. This case illustrates why consistent and thorough security testing is essential for applications handling sensitive data.

Desktop applications handle critical business operations across enterprises. Banking software processes transactions. Healthcare apps store patient records. Manufacturing tools control production systems. They all share common security challenges that standard desktop application testing approaches miss. The problem is straightforward: most security testing methodologies were built for web and mobile applications. They don’t account for direct […]

This blog post uncovers critical vulnerabilities like Insecure Design, remote script loading, and NTLM hash theft.

This article explores the root causes of NullPointerExceptions in Java and how Kotlin’s built-in null safety mechanisms offer a cleaner, safer alternative. Through practical code examples and real-world patterns, we compare both languages and highlight Kotlin’s advantages in writing more robust and maintainable code.

This article explores a security flaw in desktop applications across Windows, Linux, and macOS: the persistent storage of sensitive data in memory.

DeepMind released CaMeL, a new prompt injection security mechanism. It is based on Dual LLM design pattern. Is it an end to prompt injection?

Discover key security vulnerabilities in GraphQL APIs, practical testing methods, and effective mitigations. Essential reading for security professionals and developers.