Loading
We’ve always believed that penetration testing isn’t just about running scanners and checking boxes. It’s about thinking like an attacker — anticipating logic flaws, chaining vulnerabilities, and uncovering what automated tools miss. The Challenge: A “Secure” API Endpoint A Toronto-based fintech client came to us with an API they believed was hardened. They had: Our
Read MoreFile upload vulnerabilities are among our most frequently discovered attack surfaces — and also some of the most frustrating to exploit. Clients often believe they’ve “secured” their upload functionality with basic checks: file extension filtering, MIME-type validation, size limits, and antivirus scanning. But in 2026, we’ve found that AI is rewriting the rules of how these restrictions
Read More
The ubiquitous nature of Log4j is part of what makes CVE-2021-44228 so dangerous. Millions of applications, such as iCloud, Steam, and Minecraft, use Log4j for logging. An attacker simply needs to get the app to log a special string to successfully exploit this vulnerability.
Read More
Key cloud security takeaways from RSA 2022 include the need to shore up cloud application security, consolidate tools and mitigate cybersecurity skills shortages, according to ESG
Read More