https://defion.security/feeds/en/research.xmlDEFION Research Labs2025-07-21T12:00:00ZDEFION Security websiteDEFION Research Labs blends cutting-edge security research with real-time threat intelligence to stay ahead of modern adversaries. Our mission goes beyond technology: we actively contribute to societal security through public–private collaboration, ensuring our insights deliver real-world impact.DEFION Research Labshttps://defion.security/en/research-labs/https://defion.security/en/research-labs/ruckus-unleashed-multiple-vulnerabilities-exploited/Ruckus Unleashed: Multiple vulnerabilities exploited2025-07-21T12:00:00Z2025-07-21T12:00:00ZRuckus Unleashed: Multiple vulnerabilities exploitedDEFION Research Labshttps://defion.security/en/research-labs/pwn2own-automotive-2024-hacking-the-autel-maxicharger/Pwn2Own Automotive 2024: Hacking the Autel MaxiCharger2024-09-05T12:00:00Z2024-09-05T12:00:00ZPwn2Own Automotive 2024: Hacking the Autel MaxiChargerDEFION Research Labshttps://defion.security/en/research-labs/pwn2own-automotive-2024-hacking-the-juicebox-40/Pwn2Own Automotive 2024: Hacking the JuiceBox 402024-08-29T12:00:00Z2024-08-29T12:00:00ZPwn2Own Automotive 2024: Hacking the JuiceBox 40DEFION Research Labshttps://defion.security/en/research-labs/pwn2own-automotive-2024-hacking-the-chargepoint-home-flex-and-their-cloud/Pwn2Own Automotive 2024: Hacking the ChargePoint Home Flex (and their cloud...)2024-08-08T12:00:00Z2024-08-08T12:00:00ZPwn2Own Automotive 2024: Hacking the ChargePoint Home Flex (and their cloud...)DEFION Research Labshttps://defion.security/en/research-labs/donex-darkrace-ransomware-decryptor/DoNex/DarkRace Ransomware Decryptor2024-07-25T12:00:00Z2024-07-25T12:00:00ZDoNex/DarkRace Ransomware DecryptorDEFION Research Labshttps://defion.security/en/research-labs/cve-2024-20693-windows-cached-code-signature-manipulation/CVE-2024-20693: Windows cached code signature manipulation2024-06-14T12:00:00Z2024-06-14T12:00:00ZCVE-2024-20693: Windows cached code signature manipulationDEFION Research Labshttps://defion.security/en/research-labs/bringing-process-injection-into-view-s-exploiting-all-macos-apps-using-nib-files/Bringing process injection into view(s): exploiting all macOS apps using nib files2024-04-05T12:00:00Z2024-04-05T12:00:00ZBringing process injection into view(s): exploiting all macOS apps using nib filesDEFION Research Labshttps://defion.security/en/research-labs/don-t-talk-all-at-once-elevating-privileges-on-macos-by-audit-token-spoofing/Don't Talk All at Once! Elevating Privileges on macOS by Audit Token Spoofing2023-10-13T12:00:00Z2023-10-13T12:00:00ZDon't Talk All at Once! Elevating Privileges on macOS by Audit Token SpoofingDEFION Research Labshttps://defion.security/en/research-labs/getting-system-on-windows-in-style/Getting SYSTEM on Windows in style2023-09-28T12:00:00Z2023-09-28T12:00:00ZGetting SYSTEM on Windows in styleDEFION Research Labshttps://defion.security/en/research-labs/technical-analysis-of-the-genesis-market/Technical analysis of the Genesis Market2023-04-05T12:00:00Z2023-04-05T12:00:00ZTechnical analysis of the Genesis MarketDEFION Research Labshttps://defion.security/en/research-labs/bad-things-come-in-large-packages-pkg-signature-verification-bypass-on-macos/Bad things come in large packages: .pkg signature verification bypass on macOS2023-01-13T12:00:00Z2023-01-13T12:00:00ZBad things come in large packages: .pkg signature verification bypass on macOSDEFION Research Labshttps://defion.security/en/research-labs/pwn2own-miami-2022-iconics-genesis64-arbitrary-code-execution/Pwn2Own Miami 2022: ICONICS GENESIS64 Arbitrary Code Execution2022-10-17T12:00:00Z2022-10-17T12:00:00ZPwn2Own Miami 2022: ICONICS GENESIS64 Arbitrary Code ExecutionDEFION Research Labshttps://defion.security/en/research-labs/pwn2own-miami-2022-unified-automation-c-demo-server-dos/Pwn2Own Miami 2022: Unified Automation C++ Demo Server DoS2022-09-14T12:00:00Z2022-09-14T12:00:00ZPwn2Own Miami 2022: Unified Automation C++ Demo Server DoSDEFION Research Labshttps://defion.security/en/research-labs/pwn2own-miami-2022-aveva-edge-arbitrary-code-execution/Pwn2Own Miami 2022: AVEVA Edge Arbitrary Code Execution2022-09-08T12:00:00Z2022-09-08T12:00:00ZPwn2Own Miami 2022: AVEVA Edge Arbitrary Code ExecutionDEFION Research Labshttps://defion.security/en/research-labs/process-injection-breaking-all-macos-security-layers-with-a-single-vulnerability/Process injection: breaking all macOS security layers with a single vulnerability2022-08-12T12:00:00Z2022-08-12T12:00:00ZProcess injection: breaking all macOS security layers with a single vulnerabilityDEFION Research Labshttps://defion.security/en/research-labs/pwn2own-miami-2022-inductive-automation-ignition-remote-code-execution/Pwn2Own Miami 2022: Inductive Automation Ignition Remote Code Execution2022-07-22T12:00:00Z2022-07-22T12:00:00ZPwn2Own Miami 2022: Inductive Automation Ignition Remote Code ExecutionDEFION Research Labshttps://defion.security/en/research-labs/pwn2own-miami-2022-opc-ua-net-standard-trusted-application-check-bypass/Pwn2Own Miami 2022: OPC UA .NET Standard Trusted Application Check Bypass2022-07-19T12:00:00Z2022-07-19T12:00:00ZPwn2Own Miami 2022: OPC UA .NET Standard Trusted Application Check BypassDEFION Research Labshttps://defion.security/en/research-labs/coronacheck-app-tls-certificate-vulnerabilities/CoronaCheck App TLS certificate vulnerabilities2022-02-03T12:00:00Z2022-02-03T12:00:00ZCoronaCheck App TLS certificate vulnerabilitiesDEFION Research Labshttps://defion.security/en/research-labs/xenserver-path-traversal-leading-to-authentication-bypass/Xenserver Path Traversal Leading To Authentication Bypass2022-01-01T12:00:00Z2022-01-01T12:00:00ZXenserver Path Traversal Leading To Authentication BypassDEFION Research Labshttps://defion.security/en/research-labs/sandbox-escape-privilege-escalation-in-storeprivilegedtaskservice/Sandbox escape + privilege escalation in StorePrivilegedTaskService2021-12-21T12:00:00Z2021-12-21T12:00:00ZSandbox escape + privilege escalation in StorePrivilegedTaskServiceDEFION Research Labshttps://defion.security/en/research-labs/proctorio-chrome-extension-universal-cross-site-scripting/Proctorio Chrome extension Universal Cross-Site Scripting2021-12-14T12:00:00Z2021-12-14T12:00:00ZProctorio Chrome extension Universal Cross-Site ScriptingDEFION Research Labshttps://defion.security/en/research-labs/zoom-rce-from-pwn2own-2021/Zoom RCE from Pwn2Own 20212021-08-23T12:00:00Z2021-08-23T12:00:00ZZoom RCE from Pwn2Own 2021DEFION Research Labshttps://defion.security/en/research-labs/ios-vpn-support-3-different-bugs/iOS VPN support: 3 different bugs2020-10-07T12:00:00Z2020-10-07T12:00:00ZiOS VPN support: 3 different bugsDEFION Research Labshttps://defion.security/en/research-labs/sign-in-with-apple-authentication-bypass/Sign in with Apple - authentication bypass2020-07-01T12:00:00Z2020-07-01T12:00:00ZSign in with Apple - authentication bypassDEFION Research Labshttps://defion.security/en/research-labs/jenkins-authentication-bypass/Jenkins - authentication bypass2020-01-30T12:00:00Z2020-01-30T12:00:00ZJenkins - authentication bypassDEFION Research Labshttps://defion.security/en/research-labs/dns-rebinding-for-https/DNS rebinding for HTTPS2019-11-25T12:00:00Z2019-11-25T12:00:00ZDNS rebinding for HTTPSDEFION Research Labshttps://defion.security/en/research-labs/spring-security-insufficient-cryptographic-randomness/Spring Security - insufficient cryptographic randomness2019-07-04T12:00:00Z2019-07-04T12:00:00ZSpring Security - insufficient cryptographic randomnessDEFION Research Labshttps://defion.security/en/research-labs/volkswagen-auto-group-mib-infotainment-system-unauthenticated-remote-code-execution-as-root/Volkswagen Auto Group MIB infotainment system - unauthenticated remote code execution as root2018-07-19T12:00:00Z2018-07-19T12:00:00ZVolkswagen Auto Group MIB infotainment system - unauthenticated remote code execution as rootDEFION Research Labshttps://defion.security/en/research-labs/napalm-command-execution-on-naplm-controller-from-host/NAPALM - command execution on NAPLM controller from host2017-07-12T12:00:00Z2017-07-12T12:00:00ZNAPALM - command execution on NAPLM controller from hostDEFION Research Labshttps://defion.security/en/research-labs/mysql-connector-j-unexpected-deserialisation-of-java-objects/MySQL Connector/J - Unexpected deserialisation of Java objects2017-04-25T12:00:00Z2017-04-25T12:00:00ZMySQL Connector/J - Unexpected deserialisation of Java objectsDEFION Research Labshttps://defion.security/en/research-labs/ansible-command-execution-on-ansible-controller-from-host/Ansible - command execution on Ansible controller from host2017-01-09T12:00:00Z2017-01-09T12:00:00ZAnsible - command execution on Ansible controller from hostDEFION Research Labshttps://defion.security/en/research-labs/observium-unauthenticated-remote-code-execution/Observium - unauthenticated remote code execution2016-11-10T12:00:00Z2016-11-10T12:00:00ZObservium - unauthenticated remote code executionDEFION Research Labshttps://defion.security/en/research-labs/csrp-srpforjava-obtaining-of-hashed-passwords/cSRP/srpforjava - obtaining of hashed passwords2016-08-18T12:00:00Z2016-08-18T12:00:00ZcSRP/srpforjava - obtaining of hashed passwordsDEFION Research Labshttps://defion.security/en/research-labs/startencrypt-obtaining-valid-ssl-certificates-for-unauthorized-domains/StartEncrypt - obtaining valid SSL certificates for unauthorized domains2016-06-30T12:00:00Z2016-06-30T12:00:00ZStartEncrypt - obtaining valid SSL certificates for unauthorized domainsDEFION Research Labs