Codean

https://t.co/W7392Pd2fH

We took a good look into GNOME and general Linux desktop security. Our first findings are now public, including a full Flatpak sandbox escape. More coming soon :) https://t.co/nCjXMBNGa8

Two of our Codean Labs colleagues evaluated OpenPGP.js and identified a signature spoofing vulnerability. Writeup includes a PoC where we demonstrate the vulnerability by spoofing a message by the Dutch government's Cyber Security Center! https://t.co/lkHRUU1sZc

It's been four years already! Here’s to four more years of making the world more secure! https://t.co/ugcIZ66vPn

At Codean Labs, our mission is to make the world more secure — and what better way than to secure fundamental open source projects? We identified CVE-2025-47934, a critical vulnerability in OpenPGP.js to spoof signatures, see https://t.co/qnxUn5nklf https://t.co/qnxUn5nklf

We discovered CVE-2024-12425 & CVE-2024-12426 which allow attackers to write files & extract sensitive data. Check our blog post for the impact & how to protect yourself. https://t.co/kkdoVhqixf

We spent a lot of effort on improving the security of Ghostscript and this is our third and final blog post about everything we found. Enjoy the read! https://t.co/QzWDSdcII0

We found a vulnerability in Mozilla’s PDF.js (CVE-2024-4367 and CVE-2024-34342 via react-pdf) resulting in arbitrary JavaScript execution when opening a malicious PDF. This results in XSS on many web- and even desktop apps. Blog post coming soon! https://t.co/RPIwHRZWT6

Our Capture The Flag events are designed around the accessibility to the source code of all vulnerable targets. What's even more fun is that the whole CTF is played from within Codean! I guess we should host another public CTF sometime soon™! https://t.co/x5zmqhDucZ

We are looking for design partners! "Yeah, yeah, yeah... just another sales tactic." Well yes, you are not wrong, we obviously do need to make money. That said, we believe we can create a win, win, win! Sounds interesting? Let us know! https://t.co/WuSXrgOLBY