Information Security Managed
During our security research in 2024, we discovered several vulnerabilities in Apache Foundation projects that seem to have gotten ’lost in translation’ between our bug reports and the CVE assignment process. While we’ve been patiently waiting for these findings to officially ‘count,’ they’ve apparently been stuck longer than a software […]
# You Already Have Our Personal Data, Take Our Phone Calls Too (FreePBX CVE-2025-57819) We’re back – it’s a day, in a month, in a year – and once again, something has _happened._ In this week’s episode of “the Internet is made of string and there is literally no evidence […]
**security-research** Public # FFmpeg – Heap-buffer-overflow write in jpeg2000dec ## Package ## Affected versions ## Patched versions ## Description ### Summary The vulnerability lies in the Channel Definition cdef atom of JPEG2000 which is used to define the mapping of associated components to channels. If a chroma-subsampled pixel format is […]
/ **security-research** Public # ChatGPT Agent – XSS on file://home/oai/redirect.html ## Package ChatGPT Agent (OpenAI) ## Affected versions SaaS ## Patched versions None ## Description ### Summary ChatGPT’s Agent mode can use a browser inside a remote VM (just like Operator). `file:///home/oai/redirect.html` is a file available in the remote VM […]
# Windows Internals: Secure Calls – The Bridge Between NT and SK ## Introduction As many are aware, without the presence of Hyper-V on modern Windows systems – kernel-mode is the “highest privilege boundary” in terms of the OS. Because the kernel is responsible for privileged operations (like memory-management) a […]
Researcher **Published:** 03 September 2025 at 14:46 UTC **Updated:** 03 September 2025 at 14:46 UTC Browsers added cookie prefixes to protect your sessions and stop attackers from setting harmful cookies. In this post, you’ll see how to bypass cookie defenses using discrepancies in browser and server logic. For a visual […]
# ksmbd – Fuzzing Improvements and Vulnerability Discovery (2/3) 02 Sep 2025 – Posted by Norbert Szetei ## Introduction This is a follow-up to the article originally published here. Our initial research uncovered several unauthenticated bugs, but we had only touched the attack surface lightly. Even after patching the code […]
# ATLANTIS: AI-driven Threat Localization, Analysis, and Triage Intelligence System Taesoo Kim, HyungSeok Han, Soyeon Park, Dae R. Jeong, Dohyeok Kim, Dongkwan Kim, Eunsoo Kim, Jiho Kim, Joshua Wang, Kangsu Kim, Sangwoo Ji, Woosun Song, Hanqing Zhao, Andrew Chin, Gyejin Lee, Kevin Stevens, Mansour Alharthi, Yizhuo Zhai, Cen Zhang, Joonun […]
IT and Security Audits expects good control Do you know how your rules are handled in practice? The uncertainty often leads to wrong investments based on subjective judgments. In our audits, we assume your rules and guidelines, but we also check the relevance against the standards and frameworks such as […]
Your documents may contain hidden information There is more information than you can believe in many of the files that a company’s employees attach to their email… They contain not only the text you see directly, but also hidden data called metadata, which is simpler data describing data! Metadata in […]