Blog
In our blog, we report on pentesting, red teaming, and the latest news from MindBytes.
We assign our articles to categories. This gives you a quick overview of all articles in a category when needed:
Pentesting & Red Teaming | CVEs | MindBytes – Update! | Vulnerabilities & where to find them
Our February in a nutshell: annual planning is underway.
In February, we jumped back into the pentesting and red teaming action with a range of projects. At the same time, our calendar keeps filling up, we’ll soon be getting new hoodies, and several events are in the works: 📍 secIT by heise18–19/03/2026 | Hanover 📍 NIS-2...
Our January was quieter in terms of projects than it has been in a long time.
But honestly: after a very intense Q4, it felt good. Time for further training.Time for internal tooling.Time for maintaining our ISMS. And in between: our first team meeting of the year. For the first time in an Airbnb. With a door leaf taken off its hinges to serve...
SMTP Injection in enaio® component AppConnector (CVE-2025-56425)
Affected Product: enaio® component AppConnector – Version 10.10.0.183 and earlier of enaio® 10.10, Version 11.0.0.183 and earlier of enaio® 11.0, Version 11.10.0.183 and earlier of enaio® 11.10 CVSS Score (v3.1): 7.7 (High) Assigned CVE: CVE-2025-56425 Recommendation:...
XML External Entity (XXE) Injection in e-invoice pro (CVE-2025-56424)
Affected Product: e-invoice pro by Insiders Technologies GmbH - Versions prior to Release 1 Service Pack 2 CVSS Rating (v3.1): 7.6 (High) Assigned CVE: CVE-2025-56424 Recommendation: Update to Release 1 Service Pack 2 or higher Credit: Simon Holl and Lucas Noki of...
Christmas Greetings
We already shared our annual review with you on LinkedIn at the beginning of December. And yet, there's already something new:Almost secretly and quietly, our website has received a little refresh – so feel free to stop by again. Otherwise, all that's left for us is...