Skip to main content

Blog

Technical Deep Dive
How XBOW Turned a JavaScript Hint Into a Working File Inclusion

How XBOW Turned a JavaScript Hint Into a Working File Inclusion

Nico Waisman
AI Research
Agents Built From Alloys

Agents Built From Alloys

Albert Ziegler
Technical Deep Dive
When the Heat Gets to Your Database: A Refreshing SQL Injection Discovery in Z-Push

When the Heat Gets to Your Database: A Refreshing SQL Injection Discovery in Z-Push

Javier Gil
Security Research
Finding XSS in Salesforce Aura Components: How XBOW Got Creative

Finding XSS in Salesforce Aura Components: How XBOW Got Creative

Diego Jurado
Security Research
CVE-2025-49493: XML External Entity (XXE) Injection in Akamai CloudTest

CVE-2025-49493: XML External Entity (XXE) Injection in Akamai CloudTest

Diego Jurado
Security Research
Breaking the Shield: How XBOW Discovered Multiple XSS Vulnerabilities in Palo Alto’s GlobalProtect VPN

Breaking the Shield: How XBOW Discovered Multiple XSS Vulnerabilities in Palo Alto’s GlobalProtect VPN

Alvaro Muñoz
Company News
The Road to Top 1: How XBOW Did It

The Road to Top 1: How XBOW Did It

Nico Waisman
Security Research
The Nightmare Before Christmas: An Arbitrary File Download on Zoo-Project

The Nightmare Before Christmas: An Arbitrary File Download on Zoo-Project

Nico Waisman
Security Research
Stored Cross-Site Scripting (XSS) in 2FAuth

Stored Cross-Site Scripting (XSS) in 2FAuth

Diego Jurado