Articles by Lucas Laise

Three vulnerabilities in Avira Internet Security, from an arbitrary file delete primitive to two distinct paths to SYSTEM privileges.

Agentic AI gives LLMs the power to act: query databases, call APIs or access files. But when your tools blindly trust the LLM, you've created a confused deputy. Here's a practical and comprehensive approach to understanding and identifying this critical authorization flaw.

Exploitation of the K7 antivirus (CVE-2025-67826), from the vulnerability discovery to the retro-analysis of its key components.