Blog Post
Vibecoding and the illusion of security
Vibecoding is fast, but it is secure? We tested current state of the art LLM models against a common security task, namely the MFA implemented in your applications.
We dedicate extensive time to research through activities such as zero-day vulnerability research and tool development. Our research collection is built upon the accomplishments of our dedicated Baldur team members careers. This is done to stay ahead of the industry and keep our customers secure.
Baldur is devoted to responsible disclosure, to ensure the vulnerabilities are patched and customers are protected. Read our responsible disclosure policy here
Vibecoding is fast, but it is secure? We tested current state of the art LLM models against a common security task, namely the MFA implemented in your applications.
How to achieve a working remote code execution exploit in an embedded phone without any previous access.
Showcasing why automated scanners might miss some very obvious bugs and how to deal with that.
Danish National Cybercrime Center held their annual hacking competition. We participated and solved some challenges
Comprehensive guide on how to convert your RCE vulnerability into a fully functional metasploit module, that will spawn any payload. We use CVE-2023-32781 as our example.
How we could exploit a vulnerability in WithSecure Elements EDR to shut down a company network through malicious isolation.
This post details the process of exploiting CVE-2023-32782 in PRTG to gain remote code execution.
Spoofing vulnerability in Google Chrome Media Component affecting all Chromium-based browsers
Security vulnerability in Mitel product line
Security vulnerability in Mitel product line
Security vulnerability in Mitel product line
Security vulnerability in Mitel product line
Security vulnerability in Mitel product line
CSRF allowing the leakage of cleartext windows credentials over the network.
Utilize regex feature for leaking sensitive configuration files
Path traversal vulnerability was discovered in the HL7 sensor of PRTG
Unauthed memory corruption in the fsicapd component leads to DoS
Unauthenticated arbitrary filewrite as SYSTEM
Multiple Cross-Site (XSS) Scripting vulnerabilities
Unauthed memory corruption in the fsicapd component leads to DoS
XSS which leads to a leaked private key, allowing wallet control
Global CSRF bypass due to RFC incompliance in HTTP header
Heap Based buffer overflow leads to Remote Code Execution
Remote Code Execution in F-secure Server Security
Fortinet IPC permission leads to local privilege escalation as SYSTEM