we spent some time looking for 0days in yet another SSLVPN device - SonicWall's NSv! Follow along on the journey with the watchTowr Labs team... 🚀 #sonicwall #vulnresearch #attacksurfacemanagement labs.watchtowr.com/ghost-in-the-w…

Wrote a pretty extensive writeup for newdiary which I helped solve a few weeks ago at 0CTF If you haven't done any CSS injection before, this should be useful --- this was my first time implementing it from scratch so this should be newbie friendly! waituck.sg/2023/12/11/0ct…

🚀 We have reproduced both in-the-wild exploited Ivanti zero-days (CVE-2023-46805 & CVE-2024-21887) 🥷 We've released some of our research in this blogpost - but rest assured, full exploit chain details are heavily redacted (for now) 🙂 labs.watchtowr.com/welcome-to-202…

watchTowr is expanding globally! Owen and Jake have joined our Europe Labs team, based in the UK, and are visiting the Singapore team this week! 🚀🚀🚀🚀🚀🚀🚀🚀🚀🚀

we're back, cooking up a storm 👩‍🍳 👨‍🍳 🍳 Form Tools Remote Code Execution: We Need To Talk About PHP labs.watchtowr.com/form-tools-we-… #attacksurfacemanagement #vulnresearch #watchtowr

whew finally got the CVE-2024-3400 blog post up! I'm actually still editing it but it should be good for those who are asking for info for threat hunting/etc! labs.watchtowr.com/palo-alto-putt…

we're hiring globally, on our crusade to hack the planet watchtowr.bamboohr.com/careers

it's not Friday, but it's def Nday - ha ha ha 🫠 Check Point's very friendly 'info disclosure' needed a little bit of attention, and thus we've flung our analysis onto the Internet for CVE-2024-24919 - enjoy! labs.watchtowr.com/check-point-wr…

I'm really excited for the next 18 months of watchTowr's growth, and I'll be able to share more in the coming weeks. That being said - I continue my desire to work with people smarter than me. If you want to work with a clever team, please reach out - I can connect you.

In August, watchTowr Labs hijacked parts of the global .mobi TLD - and went on to discover the mayhem that we could cause. Enjoy.... labs.watchtowr.com/we-spent-20-to…

have you been using webshells recently? we've been watching you hack govts and more. join us on our latest ill-advised adventure... until next time.. :-) labs.watchtowr.com/more-governmen…

Do Secure-By-Design pledges come with stickers? Join watchTowr Labs again, for a walkthrough of Ivanti's CVE-2025-0282 - the pre-auth RCE in their Connect Secure appliance. The timer has begun on our Detection Artefact Generator..... labs.watchtowr.com/do-secure-by-d…

We'll just leave this here...

happy Monday! We've released our analysis and Detection Artifact Generator for Fortinet's CVE-2024-55591... labs.watchtowr.com/get-fortirekt-…

8 million requests, $400 later - we’re back. 🚀 We have demonstrated supply chain attacks that could have allowed us to trivially compromise critical infra. networks, including .gov, .mil, and more. This is real Attack Surface Management. labs.watchtowr.com/8-million-requ…

The industry is ablaze w speculation around yesterday's publicly disclosed Veeam Software Backup & Replication RCE vulnerabilities (CVE-2025-23120). We reported these vulnerabilities to Veeam in early February, tracked as WT-2025-0014 and WT-2025-0015. labs.watchtowr.com/by-executive-o…