Positive Security
Holistic IT security research & consulting
Positive Security
Holistic IT security research & consulting
Quick -  Proper - Thorough
Our work is thorough - we are driven by curiosity to explore the whole picture.

Who we are

We're a team of highly skilled IT security professionals dedicated to tackling the most diverse and complex problems in the industry.

Learn More

What we do

With a holistic mindset, we provide a wide range of offensive and defensive IT security services. From hacking your website, company or IoT device, to implementing security features in your app, we help you drive positive change in your organization.

Learn More
Linux marketplaces vulnerable to RCE and supply chain attacks
June 22, 2021

We're disclosing patched vulnerabilities in KDE Discover and the Gnome Shell Extensions website, as well as unpatched vulnerabilities in the PlingStore app and Pling-based Linux marketplace websites (e.g. appimagehub.com, store.kde.org, gnome-look.org).

Send My: Arbitrary data transmission via Apple's Find My network
May 12, 2021

Apple AirTags: Arbitrary data can be uploaded from non-internet-connected devices by sending Find My BLE broadcasts to nearby Apple devices. We're releasing an ESP32 firmware that turns the microcontroller into an (upload only) modem, and a macOS application to retrieve, decode and display the uploaded data.

Allow arbitrary URLs, expect arbitrary code execution
April 15, 2021

Insecure URL handling leading to 1-click code execution vulnerabilities in Telegram, Nextcloud (CVE-2021-22879), VLC, LibreOffice (CVE-2021-25631), OpenOffice (CVE-2021-30245), Bitcoin/Dogecoin Wallets, Wireshark (CVE-2021-22191) and Mumble (CVE-2021-27229).

More posts

Contact Us

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Or send an email to hi@positive.security