cy//ective
@cyllective.bsky.social
๐ค 82
๐ฅ 8
๐ 8
IT Security Services - ๐จ๐ญ๐ค๐จโ๐ป
https://cyllective.com
Lenovo released all patches for the
#Lenovo
#Vantage
#vulnerabilities
, which we've reported earlier this year. Our blog now includes the full writeโups for CVE-2025-13154, CVE-2026-1715, CVE-2026-1716, and CVE-2026-1717. ๐
cyllective.com/blog/posts/l...
loading . . .
Vulnerabilities in Lenovo Vantage
A write-up of CVE-2025-13154, CVE-2026-1715, CVE-2026-1716, and CVE-2026-1717
https://cyllective.com/blog/posts/lenovo-vantage/
1 day ago
0
0
1
No budget for an internal security team, but too complex for โweโll just do it on the sideโ? ๐ด Have you met cyAssist? โ Dedicated cybersecurity experts โ Fairโplay & flexible time mgmt โ Scalable starting from 2h/month Security without the overhead ๐
cyllective.com/blog/posts/i...
loading . . .
cyAssist - Cybersecurity Without the Overhead
We provide the continuous support you need to build a genuine security culture and baseline maturity.
https://cyllective.com/blog/posts/introducing-cyassist
15 days ago
0
0
0
Two great followโups expanding on our CVEโ2025โ13154 writeโup: ๐น Manuel Kiesel (
@rtfmkiesel.bsky.social
)- "Roll with Advantage" ๐
mkiesel.ch/posts/lenovo...
๐น Compass Security (
@compass-security.com
) - "From Folder Deletion to Admin" ๐
blog.compass-security.com/2026/02/from...
add a skeleton here at some point
27 days ago
0
2
0
reposted by
cy//ective
Manu
about 1 month ago
First research in a while! Here's my brain dump on reverse-engineering and auditing Lenovo Vantage. In total, I found four (4) vulns. Check out the post and my custom tooling if you're interested.
mkiesel.ch/posts/lenovo...
loading . . .
roll with advantage: hacking lenovo vantage | mkiesel.ch
A technical deep dive into the lands of Lenovo Vantage and its add-ins, including tooling to help you hunt for vulnerabilities
https://mkiesel.ch/posts/lenovo-vantage/
1
2
1
๐ New blog post: How to Audit Plugin Ecosystems ๐ง๐ฅ Our reusable 4โstep method helped us navigate 600+ Nextcloud/ownCloud plugins & find some vulns.
cyllective.com/blog/posts/h...
#CyberSecurity
#AppSec
#Nextcloud
#ownCloud
#infosec
#pentest
#SAST
loading . . .
How To Audit Plugin Ecosystems
How we audit plugin ecosystems, using (Nextcloud|ownCloud) as an example
https://cyllective.com/blog/posts/how-to-audit-plugin-ecosystems
about 1 month ago
0
2
2
๐จ New blog post! Read about CVE-2025-13154, a privilege-escalation vulnerability in a Lenovo Vantage add-in called SmartPerformance.
cyllective.com/blog/posts/l...
#windows
#cve
#infosec
#pentest
loading . . .
Lenovo Vantage LPE/EoP (CVE-2025-13154)
A write-up of CVE-2025-13154, a privilege escalation vulnerability in Lenovo Vantage.
https://cyllective.com/blog/posts/lenovo-vantage
about 2 months ago
1
1
3
The first CVEs of 2025 are live!๐จ We discovered ~10 vulnerabilities in Cordaware bestinformed, leading to 4 CVEs. They can be chained for an unauthenticated compromise of the server and all connected clients.๐พ CVE-2025-042{2..5}
cyllective.com/blog/posts/c...
#blogpost
#cybersecurity
#CVE
#infosec
loading . . .
Vulnerabilities in Cordaware bestinformed
A write-up of CVE-2025-0422, CVE-2025-0423, CVE-2025-0424, and CVE-2025-0425
https://cyllective.com/blog/posts/cordaware-bestinformed/
about 1 year ago
0
3
2
๐ New from cyllective: ๐๐๐ฎ๐ญ๐ก ๐๐๐๐ฌ ๐ ๐ Master OAuth 2.0 with hands-on Docker-based labs: - JWT signature flaws - Open redirect risks - Claim validation issues ๐ป Devs & pentesters: sharpen your skills! ๐
cyllective.com/blog/posts/o...
#OAuth
#Cybersecurity
#Training
#InfoSec
#Security
loading . . .
OAuth Labs: OAuth 2.0 Vulnerabilites
Introducing our latest project: the OAuth Labs. A hands-on approach to OAuth 2.0 vulnerabilities
https://cyllective.com/blog/posts/oauth-labs
over 1 year ago
0
5
3
you reached the end!!
feeds!
log in
