Attack Research

NodeZero® autonomously solved Hack The Box Retro in just 11 minutes, chaining SMB guest access and weak credentials into an ADCS privilege escalation. This demonstration highlights how autonomous pentesting uncovers exploit chains and validates real attack paths, proving Horizon3.ai’s commitment to evidence-based, attacker-validated security.

Attackers turn native Active Directory features into a low-noise, high-impact playbook: stealthy enumeration, Kerberoasting, and AS-REP roasting can produce crackable credentials and clear paths to domain admin in minutes. This post walks through the first 15 minutes of an AD intrusion, why traditional SIEM/EDR struggles to detect it, and what defenders must catch early to…

Examining a Critical Vulnerability in Xerox FreeFlow Core

Background and Confusion On June 17, 2025, Citrix published an advisory detailing CVE-2025-5777 and CVE-2025-5349. Affected products include: On June 25, 2025, they also published an advisory detailing CVE-2025-6543. Affected products include: Of the three vulnerabilities, two of them have been receiving a bit of buzz: While we’ve developed a working exploit for one of…

Learn how Horizon3.ai uncovered CVE-2025-34508 in ZendTo, allowing attackers to access sensitive files through a path traversal flaw.

Discover how NodeZero's autonomous RAT operates, why credentials dominate post-exploitation, and what it means for your cyber defense.

Explore how a hard-coded JWT in Cisco IOS XE WLC enables unauthenticated file upload and potential RCE—and how to mitigate it.

Analyze CVE-2025-32756, a Fortinet buffer overflow flaw under active attack, and see how NodeZero can validate exposure now.

Slack's popularity creates data exfiltration risks. Autonomous pentesting finds hidden vulnerabilities.

CVE-2025-3248 is a critical code injection vulnerability affecting Langflow, a popular tool used for building out agentic AI workflows. This vulnerability is easily exploitable and enables unauthenticated remote attackers to fully compromise Langflow servers. The issue is patched in Langflow 1.3.0.