Thomas Rinsma's Avatar

Thomas Rinsma

@thomas.rins.ma

Th0mas.nl | lead security analyst @ codean.io

26 Followers  |  62 Following  |  2 Posts  |  Joined: 20.06.2023  |  1.2964

Latest posts by thomas.rins.ma on Bluesky

Preview
CVE-2025-47934 - Spoofing OpenPGP.js signature verification β€” Codean Labs CVE-2025-47934 allows attackers to spoof arbitrary signatures and encrypted emails that appear as valid in OpenPGP.js. The only requirement is access to a single valid signed message from the target a...

Here's the write-up for CVE-2025-47934, a logic bug we found in OpenPGP.js which allowed for signature spoofing. The PoC is included at the end, where we demonstrate by spoofing a message by the Dutch government's Cyber Security Center ;)

codeanlabs.com/blog/researc...

10.06.2025 10:16 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Exploiting LibreOffice (CVE-2024-12425 and CVE-2024-12426) β€” Codean Labs Attackers can write semi-arbitrary files in the filesystem, and remotely extract values from environment variables and from INI-like files in the filesystem via two vulnerabilities in LibreOffice. Bot...

Just published the write-up of two bugs I found in LibreOffice, allowing remote exfiltration of file/env data and a semi-arbitrary file write. Also relevant for document conversion/preview usecases :)

codeanlabs.com/blog/general...

13.02.2025 07:56 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Top 10 web hacking techniques of 2024 Welcome to the Top 10 Web Hacking Techniques of 2024, the 18th edition of our annual community-powered effort to identify the most innovative must-read web security research published in the last year

The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2024! portswigger.net/research/top...

04.02.2025 15:02 β€” πŸ‘ 66    πŸ” 36    πŸ’¬ 2    πŸ“Œ 5

I will always play a Tetris game if I see it. Even if it's in a PDF (?!?!?! 🀯) th0mas.nl/downloads/pd...

by @thomas.rins.ma

10.01.2025 19:18 β€” πŸ‘ 2    πŸ” 2    πŸ’¬ 0    πŸ“Œ 2

@thomas.rins.ma is following 20 prominent accounts