Skip to main content

Blog

Security Research
Another Byte Bites the Dust - How XBOW Turned a Blind SSRF into a File Reading Oracle

Another Byte Bites the Dust - How XBOW Turned a Blind SSRF into a File Reading Oracle

Alvaro Muñoz
Security Research
Beyond the Bands: Exploiting TiTiler’s Expression Parser for Remote Code Execution

Beyond the Bands: Exploiting TiTiler’s Expression Parser for Remote Code Execution

Alvaro Muñoz
Technical Deep Dive
How XBOW Turned a JavaScript Hint Into a Working File Inclusion

How XBOW Turned a JavaScript Hint Into a Working File Inclusion

Nico Waisman
AI Research
Agents Built From Alloys

Agents Built From Alloys

Albert Ziegler
Technical Deep Dive
When the Heat Gets to Your Database: A Refreshing SQL Injection Discovery in Z-Push

When the Heat Gets to Your Database: A Refreshing SQL Injection Discovery in Z-Push

Javier Gil
Security Research
Finding XSS in Salesforce Aura Components: How XBOW Got Creative

Finding XSS in Salesforce Aura Components: How XBOW Got Creative

Diego Jurado
Security Research
CVE-2025-49493: XML External Entity (XXE) Injection in Akamai CloudTest

CVE-2025-49493: XML External Entity (XXE) Injection in Akamai CloudTest

Diego Jurado
Security Research
Breaking the Shield: How XBOW Discovered Multiple XSS Vulnerabilities in Palo Alto’s GlobalProtect VPN

Breaking the Shield: How XBOW Discovered Multiple XSS Vulnerabilities in Palo Alto’s GlobalProtect VPN

Alvaro Muñoz
Company News
The Road to Top 1: How XBOW Did It

The Road to Top 1: How XBOW Did It

Nico Waisman