·
During a security assessment of a popular Android application, I discovered a serious vulnerability resulting from a misconfigured third-party SDK. This vulnerability allowed an arbitrary third-party application to launch an exported activity in the target app and use the app’s granted camera permission for stealthy photo capture—without any user interaction. Vulnerability Overview The vulnerable SDK…
·
The Digital Threat Landscape Has Changed In today’s interconnected world, digital threats move in shadows. Sophisticated spyware masquerades as legitimate applications. Phishing campaigns target activists and journalists with surgical precision. Disinformation spreads faster than wildfire, distorting truth and sowing division. These aren’t random attacks… they’re coordinated campaigns that disproportionately target Muslim individuals, communities, and organizations…
·
As-salamu alaykum everyone, I will discuss a comprehensive SSRF (Server-Side Request Forgery) exploit that 5h3rl0ck and I discovered and successfully exploited within one of Microsoft’s AI products, namely Microsoft Designer. Microsoft Designer is an AI-powered graphic design app that helps you create stunning social media posts, invitations, digital postcards, graphics, and more, all in a flash. While…