Research

When Metadata Goes Rogue: Lessons from the Tea App Breach

When Metadata Goes Rogue: Lessons from the Tea App Breach

The Tea app breach exposed thousands of user selfies with sensitive location metadata, revealing key lessons on protecting privacy by stripping metadata from uploads.

by Laurent Dupont
Posted on
Posted in ResearchToreon all
How a Toreon ski-trip led to a CVE in MikroTik’s Wi-Fi Hotspot

How a Toreon ski-trip led to a CVE in MikroTik’s Wi-Fi Hotspot

During Toreon’s annual ski trip, Robbe opted out of skiing and hiking to explore the hotel’s Wi-Fi login page for security flaws. While others hit…

by Laurent Dupont
Posted on
Posted in ResearchToreon all
Toreon authorized by the CVE as a CVE Numbering Authority

Toreon authorized by the CVE as a CVE Numbering Authority

Toreon is now an official CVE Numbering Authority (CNA), enabling formal disclosure of security vulnerabilities. This strengthens Toreon’s leadership in product and AI security, helping…

by Laurent Dupont
Posted on
Posted in Toreon allResearch
CVE-2024-28088: How URI Traversal in LangChain Led to API Token Theft and potentially Remote Code Execution

CVE-2024-28088: How URI Traversal in LangChain Led to API Token Theft and potentially Remote Code Execution

This is the story of how Robbe discovered CVE-2024-28088, a URI traversal vulnerability in LangChain’s configuration loading mechanism that led to full API token leakage,…

by Laurent Dupont
Posted on
Posted in ResearchToreon all

Start typing and press Enter to search

Shopping Cart