Blog posts

In our latest research, we discovered four critical vulnerabilities in Symfonia eDokumenty (formerly Ready_TM), including Remote Code Execution, SQL Injection, and more. This case illustrates why consistent and thorough security testing is essential for applications handling sensitive data.

Desktop applications handle critical business operations across enterprises. Banking software processes transactions. Healthcare apps store patient records. Manufacturing tools control production systems. They all share common security challenges that standard desktop application testing approaches miss. The problem is straightforward: most security testing methodologies were built for web and mobile applications. They don’t account for direct […]

This blog post uncovers critical vulnerabilities like Insecure Design, remote script loading, and NTLM hash theft.

This article explores the root causes of NullPointerExceptions in Java and how Kotlin’s built-in null safety mechanisms offer a cleaner, safer alternative. Through practical code examples and real-world patterns, we compare both languages and highlight Kotlin’s advantages in writing more robust and maintainable code.

This article explores a security flaw in desktop applications across Windows, Linux, and macOS: the persistent storage of sensitive data in memory.

DeepMind released CaMeL, a new prompt injection security mechanism. It is based on Dual LLM design pattern. Is it an end to prompt injection?

Discover key security vulnerabilities in GraphQL APIs, practical testing methods, and effective mitigations. Essential reading for security professionals and developers.

The article provides a detailed breakdown of a DLL hijacking vulnerability in Check Point SmartConsole, explaining how malicious DLLs could be loaded to achieve remote code execution before the issue was patched.

macOS kernel vulnerability where a race condition between the display reset process and frame buffer updates, causing Stack Based Buffer Overflow which leads to kernel panic (potential privilege escalation) on Apple M1 systems.

Microsoft Visual Studio Code on macOS has a misconfiguration in its Electron setup that enables the “RunAsNode” fuse, letting attackers bypass Apple’s TCC privacy protections and inherit sensitive permissions. It’s a proven flaw that works post-compromise, but Microsoft has refused to patch it, claiming it requires local access and doesn’t meet their servicing bar. The result is that any malware on the system could silently leverage VS Code to access private data without additional prompts.