Endorsed an Exceptional Talent (‘a recognized leader’) in technology by the British Government, Ax is a Security Researcher at Sonatype and Engineer who holds a passion for perpetual learning. His works and expert analyses have frequently been featured by leading media outlets like Fortune, The Register, TechRepublic, CSO Online, BleepingComputer, etc. Ax's expertise lies in security vulnerability research, reverse engineering, and software development. In his spare time, he loves exploiting vulnerabilities ethically and educating a wide range of audiences.
The ReDoS vulnerability impacting the popular npm component SheetJS, also known as “xlsx,” was thought to be remedied through a fix, but no, not so fast.
Crafty attackers take advantage of the open source software supply chain through typographical errors. Not even the most sophisticated devs are immune.
CVE-2020-2100 takes advantage of the fact that, by default, both UDP multicast/broadcast and DNS multicast traffic is enabled on Jenkins. Here's what to do.
In this month's Nexus Intelligence Insights we discuss an older component, but one that is widely used across a variety of ecosystems, and has a vulnerability that could be catastrophic. Say hello to
Last week news broke about a 3-year old jQuery vulnerability that was just discovered, and had just been patched - sending many into a frenzy. The reality, however, is this is an old vulnerability
