Fedramp High - check JWICS is next !!

Check out our latest deep dive into the #Fortinet CVE-2025-32756, a classic buffer overflow! This is being exploited in the wild and was added to the CISA KEV catalog last week. horizon3.ai/attack-researc…

A new Rapid7 Analysis of CVE-2024-58136 was just published to AttackerKB, courtesy of Calum Hutton 🔥 Affecting the Yii framework, this analysis details the root cause and how it can be leveraged for RCE via a dirty file write to a log file: attackerkb.com/topics/U2Ddokj…

Our latest blog looks at CVE-2025-20188, an arbitrary file upload in #Cisco IOS XE Wireless Controllers due to a hardcoded credential. horizon3.ai/attack-researc…

Our blog is live! Here's our QNAP exploit from Pwn2Own Ireland ht3labs.com/2024-qnap-en.h…

We don’t talk about it much, but Robby Craig and I also tackle some hard problems on the software eng side too. We’ve built the post-exploitation and implant orchestration framework the last few years here. Take a look at some of that work James wrote up: horizon3.ai/attack-researc…

Microsoft just released the patch for CVE-2025-33073, a critical vulnerability allowing a standard user to remotely compromise any machine with SMB signing not enforced! Checkout the details in the blogpost by Guillaume André and Wil. synacktiv.com/publications/n…

Today Rapid7 is disclosing 8 new printer vulnerabilities affecting 742 models across 4 vendors. After 13 months of coordinated disclosure with Brother Industries, Ltd, we're detailing all issues including a critical auth bypass. Full details here: rapid7.com/blog/post/mult…

CVE-2025-5777, aka #CitrixBleed 2, allows leaking of memory in the response which can allow for compromising session tokens, and other sensitive information. A deep-dive to follow next week.

Session keys and passwords aplenty, here’s our deep-dive for CVE-2025-5777, aka CitrixBleed 2. Apart from the normal root-cause analysis, we’ve doubled down on actionable steps to investigate Indicators of Compromise. horizon3.ai/attack-researc…

Whenever I audit C# code, I look for benign file operations such as File.Exists(), especially if there's a preceding Path.Combine(). Read about how we leaked NTLM hashes pre-authentication in DotNetNuke (CVE-2025-52488) due to a perfect storm of issues. slcyber.io/assetnote-secu…

courtesy of SinSinology 🫡

Another Falls! Fortinet PSIRT really needs to go out and touch grass ☠️

okay now that it's burned, dropping it: CVE-2025-25257: a Pre-Auth RCE in Fortinet's WAF product called FortiWeb. github.com/0xbigshaq/CVE-…

We have reproduced "ToolShell", the unauthenticated exploit chain for CVE-2025-49706 + CVE-2025-49704 used by Khoa Dinh to pop SharePoint at #Pwn2Own Berlin 2025, it's really just one request! Kudos to Markus Wulftange

We now have a (draft) Metasploit Project exploit module in the pull queue for the recent Microsoft SharePoint Server unauthenticated RCE zero-day (CVE-2025-53770), based on the in-the-wild exploit published a few days ago. Check it out here: github.com/rapid7/metaspl…

Stack overflows, heap overflows, and existential dread - it must be an SSLVPN. labs.watchtowr.com/stack-overflow…

The Searchlight Cyber research team is releasing our final research post for our Christmas in July efforts, two RCEs and one XXE (all pre-auth) in Adobe Experience Manager Forms. One of the RCEs and the XXE still do not have official patches: slcyber.io/assetnote-secu…