cy//ective

Lenovo released all patches for the #Lenovo #Vantage #vulnerabilities, which we've reported earlier this year. Our blog now includes the full write‑ups for CVE-2025-13154, CVE-2026-1715, CVE-2026-1716, and CVE-2026-1717. 🔗 cyllective.com/blog/posts/len…

No budget for an internal security team, but too complex for “we’ll just do it on the side”? 🔴Have you met cyAssist? ✅ Dedicated cybersecurity experts ✅ Fair‑play & flexible time management ✅ Scalable starting from 2h/month 👉cyllective.com/blog/posts/int…

Two great follow‑ups expanding on our CVE‑2025‑13154 write‑up: 🔹 Manuel Kiesel (@rtfmkiesel) - "Roll with Advantage" 👉 mkiesel.ch/posts/lenovo-v… 🔹 Compass Security (@compasssecurity) - "From Folder Deletion to Admin" 👉 blog.compass-security.com/2026/02/from-f…

First research in a while! Here's my brain dump on reverse-engineering and auditing Lenovo Vantage. In total, I found four (4) vulns. Check out the post and my custom tooling if you're interested. mkiesel.ch/posts/lenovo-v…

🚀 New blog post: How to Audit Plugin Ecosystems 🔧🔥 Our reusable 4‑step method helped us navigate 600+ Nextcloud/ownCloud plugins & find some vulns. cyllective.com/blog/posts/how… #CyberSecurity #AppSec #Nextcloud #ownCloud #infosec #pentest #SAST

The final stage would not have been possible without John Ostrowski from @compasssecurity thanks for the Swiss infosec collaboration! 🫕🤝

🚨 New blog post! Read about CVE-2025-13154, a privilege-escalation vulnerability in a Lenovo Vantage add-in called SmartPerformance. cyllective.com/blog/posts/len… #windows #cve #infosec #pentest

Our 2025 yearly recap is live 🚀 cyllective.com/blog/posts/yea… This year we promoted a former intern to a full time engineer and extended our physical presence with new offices. In parallel, we worked on many interesting internal projects and research. 🏢🔬💣 #infosec #pentesting

The first CVEs of 2025 are live! 🚨 We discovered ~10 vulnerabilities in Cordaware bestinformed, leading to 4 CVEs. They can be chained for an unauthenticated compromise of the server and all connected clients. 👾 CVE-2025-042{2..5} cyllective.com/blog/posts/cor… #blogpost #CVE #infosec

🚀 New from cyllective: 𝐎𝐀𝐮𝐭𝐡 𝐋𝐚𝐛𝐬 🔒 🔑 Master OAuth 2.0 with hands-on Docker-based labs: -JWT signature flaws -Open redirect risks -Claim validation issues 💻Devs & pentesters: sharpen your skills! 👉cyllective.com/blog/posts/oau… #OAuth #Cybersecurity #Training

👾🔥🎉 Vulnerabilities in Swiss tax apps uncovered by Manuel Kiesel (@rtfmkiesel) made it to mainstream media! Huge congrats and thanks, Manuel. 🤝🥷🏻🤓 📄 Read the 20min article: 20min.ch/story/cybersic… #Cybersecurity #ITSecurity #Switzerland #TaxSoftware #cyllective

👾 During his personal research @rtfmkiesel has discovered an XXE vulnerability in a Java library affecting tax applications used across 11 cantons in Switzerland. 💥🚀 mkiesel.ch/posts/swiss-ta… #CyberSecurity #PenTesting

Huge thanks to @riskydotbiz for mentioning the #ghmlwr project! 🎉 📰 news.risky.biz/risky-biz-news… 🔗 ghmlwr.0dave.ch - @_cydave #Infosec #GitHub #ThreatIntelligence

Creating a Malicious Atlassian Plugin 📦 In our latest post, we dive into the dark side of Atlassian plugins. Discover how we created a malicious plugin capable of hiding from admins, exfil. data, and even running a reverse shell. 🔍 cyllective.com/blog/posts/atl… #Atlassian #infosec

🚨 New Blog Alert! 🚨 We've found 53 zero-day vulnerabilities in Atlassian plugins! Discover how to safeguard your environment. Read more: cyllective.com/blog/posts/atl… #CyberSecurity #Atlassian #ZeroDay #Infosec #Cyberraum

🚀 Verstärkung gesucht! 🚀 Wir suchen eine Person, die uns im Backoffice unterstützt und eine Schlüsselrolle im Unternehmen übernimmt. 🤝 Bist du interessiert dich in einem KMU im Bereich Cybersicherheit zu verwirklichen? 🤖 👾 cyllective.com/de/jobs 👈 #Cyber #Hiring #Job

We are excited to have Cyllective as a Silver sponsor supporting the AREA41 conference - Thank you🥳 See you 6-7.June in Zürich @defconch @cyllective

🚨 New Blog Post! 🚨 🕸️ Discover our journey of identifying a critical stored XSS vulnerability in Collabora Online, CVE-2024-29182🐞💻 Our latest blog post provides an in-depth analysis of how @_cydave found the flaw. #web #cve #collabora ➡️ cyllective.com/blog/posts/cve…

#CyberSecurity #SwissTech #ForwardTogether

same procedure as every year 🙇 the hackbar.ch event in Bern, Bahnstrasse 44 - 27.-30.12.2023: streaming the CCC talks, lockpicking, hacking on CTFs and having fun 💖 for more details visit hackbar.ch 💻📡🛰️♾️🧑‍🔬🍹🎵🤖🌃🎩🌭💖🚀📟🔐✅