SonarResearch's Avatar

SonarResearch

@sonarresearch

Cutting-edge security research by Sonar to educate the world about code security across all software. We're also at @SonarResearch@infosec.exchange 🦣 and @Sonar_Research 🐦

100
Followers 2
Following 18
Posts 09.12.2024
Joined
Posts Following

Latest posts by SonarResearch @sonarresearch

Sonar - Vulnerability Researcher (f/m/d) Who is Sonar? Sonar helps prevent code quality and code security issues from reaching production, amplifies developers' productivity in concert with AI assistants, and improves the developer experienc...

Our team is hiring! If you are passionate about finding bugs in code, exploiting them in creative ways, and sharing your findings on our blog, apply here: jobs.lever.co/sonarsource/...

25.02.2026 12:20 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

🧟 A fixed vulnerability that comes back to life?

This could have happened in GitHub Actions until yesterday! Learn how attackers could have exploited seemingly fixed workflow vulnerabilities:

www.sonarsource.com/blog/zombie-...

#appsec #security #vulnerability

09.12.2025 18:59 πŸ‘ 1 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0

From bit flip to RCE in Ollama! πŸ¦™

Our latest blog post explains how a file parsing bug led to an interesting out-of-bounds write primitive. Learn how it could have been exploited in Ollama, a tool to run LLMs locally:

www.sonarsource.com/blog/ollama-...

#security #vulnerability #llm #ai

04.11.2025 17:20 πŸ‘ 2 πŸ” 0 πŸ’¬ 0 πŸ“Œ 1
Securing GitHub Actions With SonarQube: Real-World Examples This blog introduces SonarQube's enhanced analysis capabilities for GitHub Actions, designed to proactively identify and remediate security vulnerabilities like Command Injection and Code Execution th...

πŸ”„πŸ“¦ GitHub Actions offer powerful automation capabilities for CI/CD, but they're not immune to attacks.
Take a look at how we tackle this risk with SonarQube Cloud by diving into real-world vulnerabilities.

www.sonarsource.com/blog/securin...

#appsec #security #vulnerability

15.10.2025 15:55 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

Using SonarQube to solve a CTF challenge? Done! βœ…

Learn how we detected a 0-day vulnerability during #KalmarCTF, making us first to solve the challenge! From Zip Slip to RCE, using lazy class loading:

www.sonarsource.com/blog/code-se...

#appsec #CTF #vulnerability

16.09.2025 15:38 πŸ‘ 3 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Securing Go Applications With SonarQube: Real-World Examples Take a deep dive into some vulnerabilities in Go applications and understand how SonarQube Cloud helps developers detect and mitigate them during the development cycle.

πŸ—’οΈβœοΈTaking a note on security: our latest blog post focuses on Go vulnerabilities, including Arbitrary File Write, XSS, and Misconfiguration. Showcasing our new support for the language in SonarQube Cloud!

www.sonarsource.com/blog/securin...

#appsec #security #vulnerability

07.08.2025 14:44 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Securing Kotlin Apps With SonarQube: Real-World Examples Explore how real-world vulnerabilities look in the Kotlin code of Android apps and see how SonarQube helps detect them.

πŸ“± Ever wondered what vulnerabilities look like in Android apps?

We have 2 real-world examples for you! From simple misconfig to cross-app data flow, learn how vulnerabilities manifest in the Kotlin code of Android apps:

www.sonarsource.com/blog/securin...

#appsec #security #vulnerability

16.07.2025 13:19 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Caught in the FortiNet: How Attackers Can Exploit FortiClient to Compromise Organizations (3/3) In the last blog of this series, we will focus back on FortiClient and learn how the inner workings of this application work, and what crucial mistake happened that led to us uncovering a local privil...

πŸ”“β« After compromising every endpoint within an organization, our β€œCaught in the FortiNet” blog series comes to an end with one more thing.
Read more about FortiClient's XPC mistake that allows local privilege escalation to root on macOS:

www.sonarsource.com/blog/caught-...

#appsec #security

08.07.2025 15:32 πŸ‘ 3 πŸ” 2 πŸ’¬ 0 πŸ“Œ 0
Caught in the FortiNet: How Attackers Can Exploit FortiClient to Compromise Organizations (2/3) We recently discovered critical vulnerabilities in Fortinet’s endpoint protection solution that enable attackers to fully compromise organizations with minimal user interaction. In this second article...

πŸ“πŸ«·πŸš§Can't control the extension of a file upload, but you want an XSS?
Read more on how we overcame this obstacle to further exploit entire organizations using Fortinet endpoint protection:

www.sonarsource.com/blog/caught-...

#appsec #vulnerability #bugbountytips

01.07.2025 14:21 πŸ‘ 1 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Caught in the FortiNet: How Attackers Can Exploit FortiClient to Compromise Organizations (1/3) We recently discovered critical vulnerabilities in Fortinet’s endpoint protection solution that enable attackers to fully compromise organizations with minimal user interaction. In the first post of t...

πŸ•ΈοΈπŸ’Caught in the FortiNet: Exploiting Fortinet’s endpoint protection solution to compromise an entire organization using minimal user interaction.
Dive into our technical analysis of this interesting attack scenario:

www.sonarsource.com/blog/caught-...

#appsec #security #vulnerability

26.06.2025 14:14 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 1
Post image

Catch our second talk at #TROOPERS25:

πŸ•ΈοΈ Caught in the FortiNet: Compromising Organizations Using Endpoint Protection

Yaniv Nizry will tell you the story of multiple vulnerabilities in Fortinet products that can compromise an entire organization, starting with a single click

24.06.2025 08:31 πŸ‘ 4 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Title: Scriptless Attacks: Why CSS is My Favorite Programming Language Speaker: Paul Gerste, Vulnerability Researcher, Sonar Date: Wednesday, June 25, 2025 Time: 2:15 pm Location: Track 3

Title: Scriptless Attacks: Why CSS is My Favorite Programming Language Speaker: Paul Gerste, Vulnerability Researcher, Sonar Date: Wednesday, June 25, 2025 Time: 2:15 pm Location: Track 3

Coming to #TROOPERS25 this week? We'll be there too, presenting our research!

🎨 Scriptless Attacks: Why CSS is My Favorite Programming Language

@pspaul95.bsky.social will convince you why CSS should not be overlooked in client-side web attacks and what is possible without JavaScript today

23.06.2025 10:57 πŸ‘ 4 πŸ” 2 πŸ’¬ 0 πŸ“Œ 0
Double Dash, Double Trouble: A Subtle SQL Injection Flaw Can a simple dash character introduce a security risk? Discover how SQL line comments can open the door to unexpected injection vulnerabilities in several PostgreSQL client libraries!

SQL Injection despite using prepared statements? 🧐

Turns out that SQL syntax can be ambiguous! Learn how this has led to vulnerabilities in several popular PostgreSQL client libraries:

www.sonarsource.com/blog/double-...

#appsec #security #vulnerability

10.06.2025 15:20 πŸ‘ 7 πŸ” 2 πŸ’¬ 0 πŸ“Œ 1
Scripting Outside the Box: API Client Security Risks (2/2) Continuing on API client security, we cover more sandbox bypasses, this time in Bruno and Hoppscotch, as well as JavaScript sandboxing best practices.

Scripting Outside the Box! πŸ“¦

Last week, we saw JS sandboxing pitfalls in API clients. Today, we continue with more complex sandbox escapes in Bruno and Hoppscotch.

Learn how they work and how to sandbox JS securely in part 2:

www.sonarsource.com/blog/scripti...

#appsec #security #vulnerability

20.05.2025 14:48 πŸ‘ 2 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Scripting Outside the Box: API Client Security Risks (1/2) Discover hidden risks in API testing tools like Postman and Insomnia. We dive into scripting vulnerabilities and explore JavaScript sandbox security pitfalls.

Ever wondered what's going on behind the scenes of your API client? πŸ•΅οΈβ€β™€οΈ

We dug in and found a variety of JS sandboxing pitfalls! Find out how Postman and Insomnia tried to isolate untrusted code and what challenges they faced:

www.sonarsource.com/blog/scripti...

#appsec #security #vulnerability

13.05.2025 15:09 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Data in Danger: Detecting Cross-Site Scripting in Grafana Learn how SonarQube detected a Cross-Site Scripting (XSS) vulnerability in Grafana, a popular open-source data observability platform.

πŸ“Šβš οΈ Data in danger!

We found an XSS vulnerability in Grafana with the help of SonarQube. Learn about the details in our latest blog post:

www.sonarsource.com/blog/data-in...

#appsec #security #vulnerability

24.04.2025 15:02 πŸ‘ 3 πŸ” 2 πŸ’¬ 0 πŸ“Œ 0

πŸ¦˜πŸ›œ Our second part of the β€œDiving Into JumpServer” series is live:
Read more on how an attacker who bypassed authentication can execute code and fully compromise the JumpServer instance and internal hosts:

www.sonarsource.com/blog/diving-...

#appsec #security #vulnerability

25.03.2025 15:28 πŸ‘ 2 πŸ” 0 πŸ’¬ 0 πŸ“Œ 1
Diving Into JumpServer: Attacker’s Gateway to Internal Networks (1/2) Bastion host offers a centralized point of access and control to an internal network, but what happens when this gateway itself is compromised? In this blog series, we will dive into vulnerabilities w...

πŸ¦˜πŸ›œCompromising bastion host to gain full control over the internal infrastructure.
Read more about the vulnerabilities we uncovered in JumpServer in our recent blog post:

www.sonarsource.com/blog/diving-...

#appsec #security #vulnerability

20.03.2025 15:13 πŸ‘ 3 πŸ” 0 πŸ’¬ 0 πŸ“Œ 1