Summary A cryptographic weakness was discovered in the AIMath Web App, a math learning platform for children operated by Ednovation. User passwords are stored using the obsolete and insecure MD5 h...

Summary A publicly accessible directory listing was found on Ednovation’s development subdomain, exposing the internal file structure of a web application, including PHP request handlers, code lib...

Summary A critical security flaw was identified in the AIMath Web App, a math learning platform operated by Ednovation, which exposes student and parent personal data via unauthenticated GET APIs....

Summary A SQL injection vulnerability was identified in a backend API supporting Ednovation’s ParentCommApp — a communication platform used by preschools and parents. The vulnerability allows atta...

Summary A critical Insecure Direct Object Reference (IDOR) vulnerability was discovered in Ednovation’s ParentCommApp for iOS, allowing authenticated users to retrieve private data of other childr...

Summary A critical design flaw was discovered in the JWT authentication implementation used by ParentCommApp, an iOS app developed by Ednovation. The app includes a hardcoded shared secret key use...

Summary A critical security vulnerability was discovered in ParentCommApp — an iOS mobile application used by preschools and parents for communication within the Ednovation ecosystem. The vulnera...

Given a deceptively “simple” mememaker3000.html file weighing in at 2.5MB and packed with obfuscated JavaScript—don’t panic! At first glance, the file might feel like a cosmic joke on developers, b...

Given a .yara file with hundreds of conditions, we need to dive deep to recover each character and reconstruct the hidden Yara rules. This is indeed a pleasant challenge—or am I wrong? Challenge d...

We recently came across a silly executable that appears benign. It just asks us to do some math… From the strings found in the sample, we suspect there are more to the sample than what we are seein...