We cross sited the leak and managed to thanks to the romhack vibesss See you there!

Does a router sing "don't loopback in anger"?

Checklist before going to No Hat Con 2024: - Leave the luggage empty, need space to bring back swag and Polenta Taragna from the conf - "Flaggare il flaggabile" at NoHatCTF ctftime.org/event/2518 Thnx PWNX for hosting the event, see you next week!

Credits to b0n0b0 and Giorgio Dell'Immagine for helping find and PoC these buffer overflows :)

I attended DefCamp and it was a blast! Hope to come back in Romania soon

Here's a working game of Tetris inside a PDF. Even has keyboard controls (by typing WASD in an input box). Plus, upon game-over you can "save" your score by printing the page ;) th0mas.nl/downloads/pdft… Should work in most browsers (built for pdfium/PDF.js).

Just published the write-up of two bugs I found in LibreOffice, allowing remote exfiltration of file/env data and a semi-arbitrary file write. Also relevant for document conversion/preview usecases :) codeanlabs.com/blog/general/e…

me, Savio, beers and bugs

Romhack is coming up and the CfP is still open! Got novel research you’d love to present in front of an eager audience, with the stunning Roman landscape as your backdrop, and on the same stage where James Kettle will deliver the keynote? Submit now! cfp.romhack.io/romhack-2025/

My team is hiring a talented Application Security Engineer, position is open to remote candidates worldwide🌎 Proven experience in identifying real-world vulnerabilities is required, and coding skills will be assessed during the interview process. job-boards.greenhouse.io/aptoslabs/jobs…

Shotout to my teammates Aleandro and b0n0b0 for pwning proxies.

We'd also like to recognize b0n0b0 's cooperation on this advisory! 🙏

Always great to work with you mate. We also published a small write-up about this vulnerability, check it out! codeanlabs.com/blog/research/…

Codean Labs' b0n0b0 and Doyensec's Aleandro discovered CVE-2025-32464, a heap-buffer overflow in HAProxy. Read our write-up here: codeanlabs.com/blog/research/…

At Codean Labs, our mission is to make the world more secure — and what better way than to secure fundamental open source projects? We identified CVE-2025-47934, a critical vulnerability in OpenPGP.js to spoof signatures, see github.com/openpgpjs/open… github.com/openpgpjs/open…

b0n0b0 and I found a bug in OpenPGP.js that allowed an attacker to modify a valid signature's text, without access to the original signer's private key. In other words, proper impersonation/spoofing. PoC/write-up coming soon. github.com/openpgpjs/open…

🚨 Security Alert: A critical vulnerability (CVE-2025-47934) in OpenPGP.js (the crypto library Mailvelope is using) allows signature spoofing in signed & encrypted messages. Update to Mailvelope v6.1.0 now to stay protected. Details: github.com/mailvelope/mai… #infosec #OpenPGP

InfoSec media has jumped on the story of a vulnerability found via the OpenPGP.js Bug Bounty program on YesWeHack ⠵ that allows attackers to spoof signature verification 🧵1/6

Here's the write-up for the OpenPGP.js signature spoofing bug which b0n0b0 and I found. The PoC is included at the end, where we demonstrate by spoofing a message by the Dutch government's Cyber Security Center ;) codeanlabs.com/blog/research/…

Two of our Codean Labs colleagues evaluated OpenPGP.js and identified a signature spoofing vulnerability. Writeup includes a PoC where we demonstrate the vulnerability by spoofing a message by the Dutch government's Cyber Security Center! codeanlabs.com/blog/research/…