Technical

CovertSwarm's web testing agent identified a critical broken access control vulnerability in a retail subscription platform's GraphQL middleware. The platform enforced authentication on its auto-generated queries, but every custom action handler bypassed the permission layer entirely, returning customer PII, subscription data, and health assessments to unauthenticated requests. This is a step-by-step breakdown of how RAID found it in under two minutes.

fallback image

How RAID found unauthenticated customer data in a retail GraphQL API

CovertSwarm's web testing agent identified a critical broken access control vulnerability in a retail subscription platform's GraphQL middleware. The platform…
hidden vulnerabilities xrdp

When “Just Logging In” Isn’t Just Logging In: A Lookat xrdp and CVE-2026-33145

A quiet finding with real-world impact. CVE-2026-33145 shows how xrdp's AlternateShell feature, enabled by default, passes client-supplied input directly into…
fallback image

CVE-2026-33727 – When “Low Privilege” Isn’t Low Enough: A Pi-hole LPE Story

Pi-hole's pihole user is low-privileged. It's configured with nologin. It looks contained. It isn't. Here's how a writable file and…
Dimly lit computer in a dark room, evoking hidden threats and reduced visibility.

Why So Syscalls? BOF Edition

Ibai Castells explains how moving from high level Windows APIs to lower level syscall usage alters what EDRs observe. It…
Classic vs Passthrough path to choose

Cobalt Strike External C2 Passthrough Guide

Cobalt Strike’s passthrough mode reshapes how red teams use External C2. By taking control of shellcode staging and custom channels,…