Collaborate Disseminate
Oxeye has uncovered two critical security vulnerabilities and recommends immediate action to mitigate risk. The vulnerabilities were discovered in Owncast (CVE-2023-3188) and EaseProbe (CVE-2023-33967), two open-source platforms written in Go. Owncast … Continue reading Owncast, EaseProbe security vulnerabilities revealed
Oxeye discovered a new vulnerability (CVE-2023-0620) in the HashiCorp Vault Project, an identity-based secrets and encryption management system that controls access to API encryption keys, passwords, and certificates. The vulnerability was an SQL injec… Continue reading HashiCorp Vault vulnerability could lead to RCE, patch today! (CVE-2023-0620)
Oxeye revealed five predictions expected to shape enterprise security spending in 2023. The predictions follow industry-wide research, which shows the industry is shifting away from legacy software infrastructure and standardizing on cloud-native appli… Continue reading Cloud-native application adoption puts pressure on appsec teams
A critical unauthenticated remote code execution vulnerability in Spotify’s Backstage project has been found and fixed, and developers are advised to take immediate action in their environments. What is Backstage? Having more than 19,000 stars on Githu… Continue reading Critical vulnerability in Spotify’s Backstage discovered, patched
Oxeye will demonstrate its Cloud Native Application Security solution at KubeCon 2022 in Detroit, Michigan, October 24-28. Located at booth SU74, Oxeye will show how the company’s platform combines static analysis with agentless runtime flow tracing an… Continue reading Oxeye announces Cloud Native Application Security solution at KubeCon
Oxeye researchers discovered a severe vm2 vulnerability (CVE-2022-36067) that has received the maximum CVSS score of 10.0. Called SandBreak, this new vulnerability requires R&D leaders, AppSec engineers, and security professionals to ensure they i… Continue reading Critical vm2 sandbox escape flaw uncovered, patch ASAP! (CVE-2022-36067)
Oxeye security researchers have uncovered several new high severity variants of the IDOR (Insecure Director Object Reference) vulnerabilities (CVE-2022-31671, CVE-2022-31666, CVE-2022-31670, CVE-2022-31669, CVE-2022-31667) in CNCF-graduated project Har… Continue reading High severity vulnerabilities found in Harbor open-source artifact registry
A new vulnerability found in GoLang-based applications allows a threat actor to bypass validations under certain conditions and gain unauthorized access to cloud-native applications, Oxeye researchers have found. The source of “ParseThru” &… Continue reading “ParseThru” vulnerability allows unauthorized access to cloud-native applications
The era of the cloud-native application is well and truly upon us: IDC researchers have predicted that by 2023, more that 500 million apps will be developed using cloud-native approaches! While some applications are still being built on a monolithic (a… Continue reading Take a dev-centric approach to cloud-native AppSec testing
Delivering secure applications requires tooling built for automation in the modern tech stack. Oxeye provides a cloud-native application security testing solution that is designed to overcome the challenges imposed by the complex nature of modern archi… Continue reading Product showcase: Oxeye.io – Cloud native application security testing