Yohann Sillam

Blog

As of today, almost a billion sites have been built using WordPress, powering businesses and organizations of all sizes. That makes any newly discovered vulnerability especially concerning—like the one recently found and reported by Imperva researchers, which could affect any WordPress site. In this blog post, we’ll explain the attack ... Read More

Executive Summary Last summer, we investigated a massive, global phishing campaign impersonating almost 350 legitimate companies. Our continued investigation into this expansive phishing campaign revealed leaked backend source code, shedding light on the infrastructure behind the operation. This leak led us to a scammer team management platform as a service ... Read More

In the ever-evolving landscape of cybersecurity threats, the battle against malicious bots is a critical concern for web applications. These bots, in addition to their ability to circumvent application security measures, are usually protected with advanced source code protection to prevent the security community from understanding their mechanisms and developing ... Read More

TL;DR Imperva Threat Research discovered and reported a security flaw in the CoCalc Cloud environment. The flaw enabled potential attackers to completely take over a target’s account with only a single click from the victim. This flaw was due primarily to the lack of separation between the user environment and ... Read More

In the first blog post, we introduced you to the Nike Shoe Bot (NSB), one of the most dangerous scalping bots around. We outlined its purpose, its behavior, and described how we recovered its source code. In this blog post, we will take a closer look at the bot’s source ... Read More

While Christmas is often seen by most as a joyous time to be spent with family and friends, exchanging good wishes and gifts, there are those who seek to exploit it. For fraudsters, this time of the year is above all, an opportunity for profits to be made, all while ... Read More