In Part 1 of this series, we explored how authentication flaws and logic errors can compromise Web3 platforms – from brute-force attacks bypassing two-factor authentication to IDOR vulnerabilities that lock users out of their own funds. Those vulnerabilities were dangerous, but they required some level of exploitation skill and understanding of API manipulation. What we’re...
After a year of pen-testing Web3 applications at Securze, we’ve seen patterns that most security discussions miss. While everyone focuses on smart contract vulnerabilities and consensus attacks, some of the most critical issues we’ve uncovered exist in places developers don’t expect. Throughout 2025, our team has assessed security across the Web3 ecosystem: crypto wallets managing...
Cybersecurity is no longer a nice-to-have. It’s survival. Every day, organisations are under siege — ransomware, insider threats, zero-days, phishing campaigns, and state-sponsored attacks are not just headlines, they’re business realities. At Securze, we’ve always believed in one thing: defense should be relentless, intelligent, and uncompromising. That’s why we are proud to join forces with...
In a recent security incident, DeepSeek, the new Chinese AI startup, suffered a significant data breach due to an unsecured ClickHouse database. This breach exposed over a million log entries, including sensitive information such as chat logs, API keys, backend service details, and operational metadata. Technical Walkthrough: Cause of the Breach The root cause of...
OAuth (Open Authorization) is a widely adopted authorization framework that allows applications to grant limited access to their resources without exposing user credentials. OAuth allows users to authenticate third-party applications without sharing passwords, instead using tokens to authorize access to protected resources. While OAuth is a powerful and flexible authorization protocol, improper implementation can lead...
Security Assertion Markup Language (SAML) is an XML-based framework for transmitting authentication and authorization data between an identity provider (IdP) and a service provider (SP). It’s widely used in Single Sign-On (SSO) implementations, allowing users to authenticate once and access multiple applications without repeatedly entering credentials. In this blog, we’ll explore the fundamentals of SAML,...
Windows privilege escalation is a critical area of concern for system administrators and cybersecurity professionals. If an attacker gains access to a low-privileged account, the ultimate goal is to escalate privileges to higher levels, often aiming for SYSTEM or Administrator privileges. In this blog, we will cover the fundamentals of Windows privilege escalation, the different...
In the face of increasing cyber threats and the criticality of robust IT systems for the financial ecosystem, the Securities and Exchange Board of India (SEBI) has introduced the Cybersecurity and Cyber Resilience Framework (CSCRF). This initiative is a leap forward in ensuring that SEBI-regulated entities (REs) are fortified against cybersecurity risks, aligning them with...
Linux is a powerful and flexible operating system, widely used in servers, desktops, and embedded devices. Due to its open-source nature, it has become a prime target for attackers looking to gain unauthorized access to privileged system functions. One of the critical objectives for any attacker who has compromised a system is to escalate privileges,...
In the digital age, personal data has become a valuable asset, leading to increased concerns about privacy and data security. Recognizing the need to protect individuals’ digital personal data, the Government of India enacted the Digital Personal Data Protection Act, 2023 (DPDP Act) on August 11, 2023. This legislation aims to balance the rights of...