This critical vulnerability allowed attackers to bypass authentication implemented in the middleware layer. With the popularity of this framework on the internet and within our customers' attack surfaces, our Security Research team took a deeper look at the…

Defensive tools like AVs and EDRs rely on command-line arguments for detecting malicious activity. This post demonstrates how command-line obfuscation, a shell-independent technique that exploits executables’ parsing “flaws”, can bypass such detections. It…

Tuned by world-class offensive security experts, our AI agent, Takumi, uncovers critical vulnerabilities within your codebase that other tools miss, such as business logic bugs and broken authorizations. This allows you to receive actionable alerts with minimal…

We are honored to have first U.S. Secretary of Homeland Security Tom Ridge on our team as Board Advisor. He inspired our CEO, Sai Huda, to found CyberCatch.

Observe and reprogram running programs on Windows, macOS, GNU/Linux, iOS, watchOS, tvOS, Android, FreeBSD, and QNX

Wiz Research uncovered RCE vulnerabilities (CVE-2025-1097, 1098, 24514, 1974) in Ingress NGINX for Kubernetes allowing cluster-wide secret access.

The Rhino research team decided to take a look at the Appsmith Enterprise Edition product. This led to the discovery of three new CVEs.

CVE-2025-29927

An exposed GitHub token could have been used to launch a supply chain attack on GitHub CodeQL, resulting in source code exposure and repository tampering of CodeQL users.

We estimate that approximately 150,000 websites have been impacted by this campaign. The noscript defines an array of keywords related to betting, gambling, and casino brands both in English and Chinese.

Retr0's Threat Research

smugglo - an easy to use noscript for wrapping files into self-dropping HTML payloads to bypass content filters - b3rito/smugglo

An analysis of the NSO BLASTPASS iMessage exploit Posted by Ian Beer, Google Project Zero On September 7, 2023 Apple issued  an out-...

Free and fast file sharing. Send large files easily. No registration required. We transfer files up to 5GB. File upload with great functions. Mail big file now!

Betailing the GX text vulnerability, with an in-depth analysis and comprehensive research to make the study more thorough and exhaustive.

In a previous blog post, I introduced Feberis, a versatile expansion board that enhanced the capabilities of the Flipper Zero by offering additional communication protocols. Now, I am excited to dive into the newly released Feberis Pro, a next-generation…

Being a provider of cloud SaaS (Software-as-a-service) solutions requires certain cybersecurity responsibilities — including being…

As large language models (LLMs) become more advanced and are granted additional capabilities by developers, security risks increase dramatically. Manipulated LLMs are no longer just a risk of...