The Ghost in the Tenant: Chaining SVG UI Redressing and Persistent Authorization for Stealth Account Takeover5 February 2026·4 minsSecurity Research SVG Injection Broken Access Control Account Takeover UI Redressing Web Security
Breaking the Paywall: How a 'Lazy' Search Implementation Compromised a Paywall23 March 2025·5 minsSecurity Research Broken Access Control Business Logic Web Security Red Teaming Brute Force
The 1-Shekel Ticket: Broken Access Control, Mass PII Exposure, and Price Manipulation in a Concert Ticketing Platform17 September 2024·4 minsSecurity Research IDOR Broken Access Control Business Logic PII Exposure Web Security
