Thomas Rinsma
LightNews LightNews
banner
thomas.rins.ma
Thomas Rinsma
@thomas.rins.ma
26 followers 62 following 2 posts
Th0mas.nl | lead security analyst @ codean.io
Posts Replies Media Videos
thomas.rins.ma
Here's the write-up for CVE-2025-47934, a logic bug we found in OpenPGP.js which allowed for signature spoofing. The PoC is included at the end, where we demonstrate by spoofing a message by the Dutch government's Cyber Security Center ;)

codeanlabs.com/blog/researc...
CVE-2025-47934 - Spoofing OpenPGP.js signature verification — Codean Labs
CVE-2025-47934 allows attackers to spoof arbitrary signatures and encrypted emails that appear as valid in OpenPGP.js. The only requirement is access to a single valid signed message from the target a...
codeanlabs.com
June 10, 2025 at 10:16 AM
thomas.rins.ma
Just published the write-up of two bugs I found in LibreOffice, allowing remote exfiltration of file/env data and a semi-arbitrary file write. Also relevant for document conversion/preview usecases :)

codeanlabs.com/blog/general...
Exploiting LibreOffice (CVE-2024-12425 and CVE-2024-12426) — Codean Labs
Attackers can write semi-arbitrary files in the filesystem, and remotely extract values from environment variables and from INI-like files in the filesystem via two vulnerabilities in LibreOffice. Bot...
codeanlabs.com
February 13, 2025 at 7:56 AM
Reposted by Thomas Rinsma
portswiggerres.bsky.social
The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2024! portswigger.net/research/top...
Top 10 web hacking techniques of 2024
Welcome to the Top 10 Web Hacking Techniques of 2024, the 18th edition of our annual community-powered effort to identify the most innovative must-read web security research published in the last year
portswigger.net
February 4, 2025 at 3:02 PM
Reposted by Thomas Rinsma
jennileder.bsky.social
I will always play a Tetris game if I see it. Even if it's in a PDF (?!?!?! 🤯) th0mas.nl/downloads/pd...

by @thomas.rins.ma
th0mas.nl
January 10, 2025 at 7:18 PM