Welcome to Cenobe's Tech Intelligence Hub. Here, we share our expertise in offensive cybersecurity through in-depth technical analyses, research & development findings, and compliance insights.
An OAuth redirection-based access token leak affecting users of ONA who authenticated using Bitbucket was discovered. The attack relies on several technical details across ONA, Bitbucket, and browser behavior.
In 2020, SAP disclosed CVE-2020-6219, a deserialization-based Remote Code Execution (RCE) vulnerability in the Crystal Report Viewer. Fast forward to 2025, and we revisited this flaw developing a practical exploitation path that highlights just how dangerous it remains in real-world scenarios.
Learn how a collaborative security assessment approach helped Gitpod transform their vulnerability management and build greater confidence in their products.
Our Research Story: Unauthenticated RCE in Ametys CMS 4.7.x
CVE-2025-24813 has been making headlines with a critical 9.8 CVSS score, raising concerns across the industry. But after diving deep into its internals, our R&D team came to a different conclusion: this vulnerability is far harder to exploit than it seems.
How a popular Ruby gem exposed thousands of applications to remote code execution. A technical analysis of the vulnerability that affected major platforms worldwide.