Imagine the consequences of 390,000 user accounts compromised in a matter of seconds — data exposure, financial loss, and reputational damage that could take years to recover from. This was the reality we faced when we discovered a critical vulnerability in one of our client’s applications. Thanks to our proactive approach, we were able to prevent what
Read More
While performing a pentesting engagement with CyberAR on a cloud solutions web application, I chained a vulnerability and a weird function to reach a critical impact. The website has some roles for managing project content, let’s say Admin, Team member, and Viewer. The really weird function is that an Admin can edit other admins’ email
Read More
While conducting web application testing, I focused on the email and password update sections, particularly the email update functionality. This feature is crucial as it contains a critical vulnerability that can lead to the overwriting of any user account. Description: A critical logic flaw in the account update functionality allows an attacker to overwrite any
Read More
Understanding 0-click account takeover (ATO) via Google Authentication is crucial for maintaining your online security. This type of attack allows hackers to gain access to your accounts without any action needed from you. They exploit vulnerabilities in the authentication process. Google Authentication is widely used for securing accounts. It adds an extra layer of security
Read More