CVE-2025-25599: A Cautionary Tale of Insecure Temporary Files
During a security assessment of Bolt, an open-source content management system, it was discovered that temporary files are used insecurely when uploading an avatar ...
Read MoreSearch
Exploring Anti-Phishing Measures in Microsoft 365 – Pt. 2
In a previous blog post, we described an issue with the "First Contact Safety Tip" which allowed it to be bypassed by malicious actors. Recently, we discovered that ...
Read MoreExploring Anti-Phishing Measures in Microsoft 365
In this post we will explore some of the anti-phishing measures employed by Microsoft 365 (formally Office 365) as well as their weaknesses. Certitude was able to ...
Read MoreCredential Disclosure in LastPass
LastPass was susceptible to a clickjacking attack. By intercepting traffic, an attacker would have been able to harvest login credentials of LastPass users. LastPass ...
Read More