Blog | PT Cipta Dua Saudara

Application Security 3 Jun 2026

Google Android June 2026 Update: 124 Vulnerabilities Patched, One Actively Exploited

Google patches 124 Android vulnerabilities in June 2026, including one actively exploited flaw allowing privilege escalation without user interaction.

Read more →

Application Security 2 Jun 2026

How AiTM Phishing Bypassed 2FA to Hit 35,000 Users: An Analysis

A sophisticated AiTM phishing campaign targeted 35,000 users in April 2026, bypassing 2FA by capturing session tokens after login. Here's how it worked and how to protect your organization.

Read more →

Application Security 1 Jun 2026

Update Chrome Now: Critical Vulnerabilities Allow Remote Code Execution

Google released urgent Chrome security update patching 16 vulnerabilities including two critical flaws (CVE-2026-9111, CVE-2026-9110) that could allow remote code execution and UI spoofing attacks.

Read more →

Application Security 1 Jun 2026

GitHub Internal Repositories Breached via Malicious VS Code Extension

GitHub confirmed a breach where attackers accessed 3,800 internal repositories through a poisoned Visual Studio Code extension, highlighting the growing threat of supply chain attacks on developer tools.

Read more →

Application Security 31 May 2026

AI Security in 2026: Treat Agents Like Digital Coworkers

AI tools need identity, permissions, logs, and limits. Security strategy must evolve as agents start acting inside business systems.

Read more →

Application Security 30 May 2026

Next.js Authorization Bypass: CVE-2024-46991 Deep Dive

Critical Next.js vulnerability allows bypassing middleware-based authorization through pathname normalization inconsistencies.

Read more →

Application Security 30 May 2026

Symfony PATH_INFO Authorization Bypass: GHSA-3rg7-wf37-54rm

Symfony HTTP Foundation vulnerability allows authorization bypass through incorrect PATH_INFO parsing.

Read more →

Application Security 30 May 2026

GoFiber Flash Cookie DoS: Unbounded Memory Allocation Attack

Critical GoFiber vulnerability allows denial of service through crafted flash cookies that trigger massive memory allocation.

Read more →

Application Security 30 May 2026

OWASP Top 10 2025: What Changed and Why It Matters

Comprehensive analysis of OWASP Top 10:2025 changes, including new entries and modern security risks for web applications.

Read more →

Application Security 30 May 2026

GoFiber Session Fixation Vulnerability: CVE-2024-38513

GoFiber session fixation vulnerability allows attackers to hijack user sessions through predetermined session identifiers.

Read more →

Application Security 30 May 2026

PHP Core Security Audit 2025: Lessons and Findings

The PHP Foundation's comprehensive 2025 security audit reveals critical findings and lessons for the PHP ecosystem.

Read more →

Application Security 30 May 2026

Django SQL Injection via FilteredRelation: CVE-2025-13372

Critical Django SQL injection vulnerability through FilteredRelation dictionary expansion on PostgreSQL databases.

Read more →

Application Security 30 May 2026

Django User Enumeration via Timing Attack: CVE-2024-39329

Django authentication vulnerability allows user enumeration through timing differences in password validation.

Read more →

Application Security 30 May 2026

Laravel CVE-2024-52301: Environment Manipulation Vulnerability

Critical Laravel vulnerability allows environment manipulation through crafted query strings when register_argc_argv is enabled.

Read more →

Application Security 30 May 2026

Express.js Body Parser Denial of Service: CVE-2024-45590

High-severity Express.js body-parser vulnerability allows denial of service attacks through crafted URL-encoded payloads.

Read more →