Vulnerability research
From intent extra to RCE: Argument injection in YTDLnis
Discover a vulnerability our researchers found in the Android app YTDLnis, allowing attackers to execute code on victim devices.
Read article >
Zombie Workflows: A GitHub Actions horror story
Our research team recently discovered an exploitable pattern in GitHub Actions that lets attackers exploit seemingly fixed vulnerabilities.
Read article >
Ollama Remote Code Execution: Securing the Code That Runs LLMs
Our Vulnerability Researchers uncovered vulnerabilities in the code of Ollama, a popular tool to run LLMs locally. Dive into the details of how LLMs are implemented and what can go wrong.
Read article >
Code Security for Conversational AI: Uncovering a Zip Slip in EDDI
Learn how SonarQube identified a Zip Slip vulnerability (CVE-2025-32779) in EDDI, an open-source conversational AI middleware.
Read article >
The biggest security risks unveiled in The State of Code: Security report
The State of Code report analyzes 7.9B lines of code, revealing top security risks like log injection and XSS and how to fix them.
Read article >
Caught in the FortiNet: How Attackers Can Exploit FortiClient to Compromise Organizations (3/3)
In the last blog of this series, we will focus back on FortiClient and learn how the inner workings of this application work, and what crucial mistake happened that led to us uncovering a local privilege escalation vulnerability.
Read article >