A CSRF vulnerability in Elgato Key Lights let websites flash your lights remotely. Here’s how CVE-2025-7202 was discovered and fixed.
Learn how ChatGPT’s ‘Share’ feature can accidentally expose sensitive data to Google. Discover hidden risks and how to protect your AI conversations.
The Tea app breach exposed thousands of user selfies with sensitive location metadata, revealing key lessons on protecting privacy by stripping metadata from uploads.
During Toreon’s annual ski trip, Robbe opted out of skiing and hiking to explore the hotel’s Wi-Fi login page for security flaws. While others hit…
Toreon is now an official CVE Numbering Authority (CNA), enabling formal disclosure of security vulnerabilities. This strengthens Toreon’s leadership in product and AI security, helping…
This is the story of how Robbe discovered CVE-2024-28088, a URI traversal vulnerability in LangChain’s configuration loading mechanism that led to full API token leakage,…
This is the story of how I found a remote code execution vulnerability CVE-2024-2912, in BentoML and what it can teach you about securing your…
In this article we tackle two Attack Tree tools and comepare them. Are they worth using or not?
Toreon is once again attending BruCON as a diamond sponsor!
Review our online demo or download the slides