Skip to main content

Blog

Security Research
CVE-2025-27888: Server-Side Request Forgery via URL Parsing Confusion in Apache Druid Proxy Endpoint

CVE-2025-27888: Server-Side Request Forgery via URL Parsing Confusion in Apache Druid Proxy Endpoint

Nico Waisman
Company News
Empowering Defenders in the Age of AI: My Journey to XBOW

Empowering Defenders in the Age of AI: My Journey to XBOW

Niroshan Rajadurai
Company News
XBOW on HackerOne: What’s Next

XBOW on HackerOne: What’s Next

Nico Waisman
AI Research
XBOW Unleashes GPT-5’s Hidden Hacking Power, Doubling Performance

XBOW Unleashes GPT-5’s Hidden Hacking Power, Doubling Performance

Oege de Moor, Albert Ziegler
Company News
Black Hat & DEF CON: Running XBOW Live, Presentation Slides, and The Talk You Didn’t Miss

Black Hat & DEF CON: Running XBOW Live, Presentation Slides, and The Talk You Didn’t Miss

Nico Waisman
Company News
XBOW Partners with Vanta to Bring Autonomous Penetration Testing to Startups

XBOW Partners with Vanta to Bring Autonomous Penetration Testing to Startups

Joanna Clifton
Security Research
The Campaign Is Not Available in Your Country: XBOW Discovered an SQLi While Attempting to Bypass Geolocation Restrictions.

The Campaign Is Not Available in Your Country: XBOW Discovered an SQLi While Attempting to Bypass Geolocation Restrictions.

Nico Waisman
Security Research
Another Byte Bites the Dust - How XBOW Turned a Blind SSRF into a File Reading Oracle

Another Byte Bites the Dust - How XBOW Turned a Blind SSRF into a File Reading Oracle

Alvaro Muñoz
Security Research
Beyond the Bands: Exploiting TiTiler’s Expression Parser for Remote Code Execution

Beyond the Bands: Exploiting TiTiler’s Expression Parser for Remote Code Execution

Alvaro Muñoz