CVE-2024-29847, affecting #Ivanti EPM, allows remote unauthenticated attackers to execute arbitrary commands as SYSTEM. Check out our latest deep-dive: horizon3.ai/attack-researc… Credit to SinSinology for the initial discovery.

In our latest post, we investigate the recent #CISA #KEV for CVE-2024-8190: a command injection vulnerability affecting #Ivanti Cloud Service Appliance. horizon3.ai/attack-researc…

Today, we are disclosing the details of CVE-2024-28987, a hardcoded cred vuln affecting #SolarWinds Web Help Desk. It allows attackers to read all help desk tickets, often containing sensitive IT procedures: 🔹User onboarding 🔹Password resets 🔹Shared resource creds

Our latest post detailing compromising the #PaloAlto #Expedition. While investigating CVE-2024-5910, we discovered and reported 3 additional vulnerabilities allowing an attacker to obtain RCE and leak integration credentials across the ecosystem. horizon3.ai/attack-researc…

We disclosed a few vulns last week affecting SimpleHelp's remote support software: ♦️ CVE-2024-57726: Priv esc to admin ♦️ CVE-2024-57727: Unauth arbitrary file download ♦️ CVE-2024-57728: Admin RCE via arbitrary file upload Together these vulns could enable an attacker with

Today, we are disclosing the details of 4 vulns effecting #Ivanti #EPM which allow an unauth attacker to coerce the machine credential of the EPM server to be used in relay attacks. horizon3.ai/attack-researc… Depending on the environment, compromising the EPM server may be

Our Indicators of Compromise blog post for CVE-2025-2825, an authentication bypass affecting #CrushFTP. horizon3.ai/attack-researc…

We discovered an interesting code injection vulnerability, CVE-2025-3248, affecting #Langflow, a popular agentic AI workflow tool. This enables unauthenticated attackers to fully compromise Langflow servers. horizon3.ai/attack-researc…

Just finished reproducing CVE-2025-32433 and putting together a quick PoC exploit — surprisingly easy. Wouldn’t be shocked if public PoCs start dropping soon. If you’re tracking this, now’s the time to take action. #Erlang #SSH

Check out our latest deep dive into the #Fortinet CVE-2025-32756, a classic buffer overflow! This is being exploited in the wild and was added to the CISA KEV catalog last week. horizon3.ai/attack-researc…

Our latest blog looks at CVE-2025-20188, an arbitrary file upload in #Cisco IOS XE Wireless Controllers due to a hardcoded credential. horizon3.ai/attack-researc…

Checkout our new deep dive on CVE-2025-34508 -- a path traversal vulnerability in #ZendTo. horizon3.ai/attack-researc…

Session keys and passwords aplenty, here’s our deep-dive for CVE-2025-5777, aka CitrixBleed 2. Apart from the normal root-cause analysis, we’ve doubled down on actionable steps to investigate Indicators of Compromise. horizon3.ai/attack-researc…

Our latest disclosures for CVE-2025-8355 and CVE-2025-8356 - discovering a critical RCE in Xerox FreeFlow Core horizon3.ai/attack-researc…

horizon3.ai/attack-researc… While investigating prior CISA KEVs effecting N-able N-central, we discovered a series of vulns that would allow an unauth attacker to leak files via XXE, and in most cases, compromise the N-central database. The DB contains AD creds, API keys, SSH keys,