Blog
Updates, blog posts, analysis, and technical deep-dives
Blog
Updates, blog posts, analysis, and technical deep-dives

NoScope's pentesting agent discovered a vulnerability in Monica CRM that allowed account takeover without any credentials. This post covers the finding, the exposure, and the steps to protect a Monica deployment.

How NoScope uncovered an authenticated remote code execution flaw in Alf.io's extension system. A single exposed Java binding turned that into full remote code execution on the underlying server.

Gitea private container images were accessible to anyone on the internet, no credentials required, across healthcare, aerospace, and critical infrastructure worldwide.

AI tools ship faster than your security process can keep up. Here's what's falling through the cracks.