Session keys and passwords aplenty, here’s our deep-dive for CVE-2025-5777, aka CitrixBleed 2. Apart from the normal root-cause analysis, we’ve doubled down on actionable steps to investigate Indicators of Compromise. horizon3.ai/attack-researc…

Here is a really cool blog post by wasamasa whos is a past student of our FSWA class: emacsninja.com/posts/cve-2025…. You can find them on Mastodon: lonely.town/@wasamasa/

Our latest disclosures for CVE-2025-8355 and CVE-2025-8356 - discovering a critical RCE in Xerox FreeFlow Core horizon3.ai/attack-researc…

🛜 What happens when the convenience of network-edge NAS devices goes terribly wrong? Read on via 'DisguiseDelimit', Ryan Emmons' main-stage #DEFCON33 talk-turned-whitepaper on his discovery of a critical Synology NAS vulnerability: r-7.co/4lvMm4q

[ZDI-25-799|CVE-2025-8651] (0Day) (Pwn2Own) Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability (CVSS 6.8; Credit: Evan Grant) zerodayinitiative.com/advisories/ZDI…

📢Presentations📢 We are thrilled to announce that the presentations from #BsidesDublin2025 have now been uploaded to bsidesdub.ie/past/2025.php Thank you again to all our speakers

The story of how I almost pwned the Lexmark Postscript stack for Pwn2Own 2025... And I would have gotten away with it too, if it hadn't been for those meddling firmware updates! boredpentester.com/pwn2own-2025-p…

We have another collision. Evan Grant (evan) used a single bug to exploit the QNAP TS-453E, but, unfortunately, it had been used earlier in the contest. He still earns $10,000 and 2 Master of Pwn points. #Pwn2Own

📢Video Upload📢 Happy to announce that #BsidesDublin2025 talk recordings are now live on our YouTube youtube.com/@securitybside…

We just published our AttackerKB Rapid7 analysis of CVE-2025-12480. Disclosed yesterday, but patch back in July, its an access control bypass affecting not only Gladinet Triofox, but as we show, also Gladinet CentreStack. Analysis & RCE details here: attackerkb.com/topics/5C4wRy6…

MediaTek? More like Media-REKT! blog.coffinsec.com/0days/2025/12/…

Today we are disclosing the details of CVE-2025-64155, an unauth argument injection leading to root remote code execution affecting the Fortinet FortiSIEM. Find the technical details, indicators of compromise, and proof-of-concept exploit in the blog. horizon3.ai/attack-researc…

Collision! evan targeted the Grizzl-E Smart 40A with the Charging Connector Protocol/Signal Manipulation add-on, hitting two bug collisions, still earning $15,000 USD and 3 Master of Pwn points. #Pwn2Own #P2OAuto

Today we are disclosing the details of CVE-2025-40551, an unauth deserialization vuln leading to remote code execution affecting SolarWinds WebHelpDesk. Find the technical details, indicators of compromise, and proof-of-concept exploit in the blog. horizon3.ai/attack-researc…

Someone knows Bash disgustingly well, and we love it. Here's our analysis of the Ivanti EPMM Pre-Auth RCE vulnerabilities - CVE-2026-1281 & CVE-2026-1340. This research fuels our technology, enabling our clients to accurately determine their exposure. labs.watchtowr.com/someone-knows-…

🪲 Registration is Open NOW! (REcon) recon.cx/2026/en/traini…

We just published our Rapid7 analysis of CVE-2026-1731, a critical command injection affecting BeyondTrust Privileged Remote Access (PRA) & Remote Support (RS). Unauthenticated RCE, with a root cause due to Bash arithmetic evaluation. Analysis/PoC here: attackerkb.com/topics/jNMBccs…

Today we are disclosing CVE-2026-2329, a critical unauthenticated stack-based buffer overflow vulnerability affecting the Grandstream GXP1600 series of VoIP phones. Check out our disclosure over on the Rapid7 blog, including technical details for unauthenticated RCE, and