We're a team of highly skilled IT security professionals dedicated to tackling the most diverse and complex problems in the industry.
With a holistic mindset, we provide a wide range of offensive and defensive IT security services. From hacking your website, company or IoT device, to implementing security features in your app, we help you drive positive change in your organization.
We looked at the internals of JavaScript/TypeScript's most popular utility libraries and found interesting issues. The post contains hacking challenges/live demos. We recommend checking it out if you work with the affected libraries.
A significant portion of Europe's renewable energy production can be remotely controlled via longwave radio. While this system is intended to stabilize the grid, it can also be abused to destabilize it by remotely toggling energy loads and power plants, or to create a massive art installation.
We leverage indirect prompt injection to trick Auto-GPT (GPT-4) into executing arbitrary code when it is asked to perform a seemingly harmless task such as text summarization on a malicious website, and discovered vulnerabilities that allow escaping its sandboxed execution environment.
Or send an email to hi@positive.security
