Technical Blog

Category //

Technical Blog

Analysis of OpenSSL CVE-2022-3786 and CVE-2022-3602

On the 1st of November, OpenSSL released information about two buffer overflow vulnerabilities: CVE-2022-3786 and CVE-2022-3602. In the pre-disclosure announcement on the 25th of October, the issue severity was declared as Critical, but then it was changed to High. The

Read More »

CVE-2022-42889: Text4shell Vulnerability Breakdown

The newly discovered CVE-2022-42889 made some headlines recently. In this short blog we will discuss what the vulnerability is, its impact, and mitigation. The package affected by the CVE is Apache Commons Text, an open-source Apache library that is “focused

Read More »

How We Created an API Security CTF

c{api}tal (Checkmarx API Training and Learning) is a purpose-built vulnerable API application based on the OWASP API Top 10 risks. It is built with Python (FastAPI – a quick and easy to use web framework for developing RESTful APIs in

Read More »

First Known Phishing Attack Against PyPi Users

A few hours ago, PyPi disclose information on the first seen phishing attack aimed at a Python contributor. Right now, we are aware of hundreds of malicious packages that were related to this attack based on the known indicator. During

Read More »

Most Dangerous CWEs of 2021

2021 was a year where cyberattacks exploded, and if you did not know about the dangers of the cyber world, you probably do now. The pandemic got everyone into their homes and focused on their IT devices, so there was

Read More »
Skip to content