Vulnerability research
Ollama Remote Code Execution: Securing the Code That Runs LLMs
Our Vulnerability Researchers uncovered vulnerabilities in the code of Ollama, a popular tool to run LLMs locally. Dive into the details of how LLMs are implemented and what can go wrong.
Read article >
Code Security for Conversational AI: Uncovering a Zip Slip in EDDI
Learn how SonarQube identified a Zip Slip vulnerability (CVE-2025-32779) in EDDI, an open-source conversational AI middleware.
Read article >
The biggest security risks unveiled in The State of Code: Security report
The State of Code report analyzes 7.9B lines of code, revealing top security risks like log injection and XSS and how to fix them.
Read article >
Caught in the FortiNet: How Attackers Can Exploit FortiClient to Compromise Organizations (3/3)
In the last blog of this series, we will focus back on FortiClient and learn how the inner workings of this application work, and what crucial mistake happened that led to us uncovering a local privilege escalation vulnerability.
Read article >
Caught in the FortiNet: How Attackers Can Exploit FortiClient to Compromise Organizations (2/3)
We recently discovered critical vulnerabilities in Fortinet’s endpoint protection solution that enable attackers to fully compromise organizations with minimal user interaction. In this second article, we will cover how attackers can use the compromised endpoint to achieve lateral movement within an organization.
Read article >
Caught in the FortiNet: How Attackers Can Exploit FortiClient to Compromise Organizations (1/3)
We recently discovered critical vulnerabilities in Fortinet’s endpoint protection solution that enable attackers to fully compromise organizations with minimal user interaction. In the first post of the series, we will see how attackers can get the first foothold within an organization.
Read article >