How NodeZero Enhances Cybersecurity

IT and cybersecurity team from a U.S.-based management consulting organization improve their penetration testing with NodeZero by Horizon3.ai

When the Desert Research Institute (DRI) of Reno, NV, a higher education organization focusing on applied environmental research, needed a way to run penetration testing and vulnerability scanning at an affordable cost, they found NodeZero.

On 22 January, Ivanti published an advisory stating that they discovered two new, high-severity vulnerabilities (CVE-2024-21888 and CVE-2024-21893) after researching previously reported vulnerabilities affecting Ivanti Connect Secure, Ivanti Policy Secure and ZTA...

“Who cares that the intern was phished during our phishing campaign? It’s an intern, they don’t have access to anything important.”

On 24 January 2024, the Jenkins team issued a security advisory disclosing a critical vulnerability that affects the Jenkins CI/CD tool. Jenkins is a Java-based open-source automation server run by over 1 million users that helps developers build, test and deploy...

Active Directory Analytics Solution Enables Domain Compromise

Early in 2023, soon after reproducing a remote code execution vulnerability for the Fortinet FortiNAC, I was on the hunt for a set of new research targets. Fortinet seemed like a decent place to start given the variety of lesser-known security appliances I had noticed...

NextChat a.k.a ChatGPT-Next-Web, a popular Gen AI ChatBot, is vulnerable to a critical server-side request forgery (SSRF) vulnerability.

Business Wire 10/26/2023 Horizon3.ai, a leading provider of autonomous security solutions, today announced the findings from a commissioned study, “The Total Economic ImpactTM of the NodeZero Platform, October 2023,” performed by Forrester Consulting...... Read the...

Business Wire 10/05/2023 Horizon3.ai, a leading provider of autonomous security solutions, today announced that its NodeZero™ autonomous pentesting solution has been named winner of the CyberSecurity Breakthrough Award and Security Today’s New Products of the Year...

Business Wire 09/06/2023 Foresite today announced a new partnership with Horizon3.ai to integrate its NodeZero™ autonomous penetration testing technology with Foresite’s ProVision platform to deliver Managed Cyber Testing with Attacker’s View to Foresite partners and...

IT and cybersecurity team from a U.S.-based management consulting organization improve their penetration testing with NodeZero by Horizon3.ai

“Who cares that the intern was phished during our phishing campaign? It’s an intern, they don’t have access to anything important.”

Active Directory Analytics Solution Enables Domain Compromise

NextChat a.k.a ChatGPT-Next-Web, a popular Gen AI ChatBot, is vulnerable to a critical server-side request forgery (SSRF) vulnerability.

On 22 January, Fortra issued an advisory stating that versions of its GoAnywhere Managed File Transfer (MFT) product suffer from an authentication bypass vulnerability.

On 16 January, Atlassian released a security advisory concerning CVE-2023-22527 that affects vulnerable out-of-date versions of Confluence Data Center and Server.

On January 22, 2024 Fortra posted a security advisory for their GoAnywhere MFT product. This advisory details an authentication bypass vulnerability, CVE-2024-0204, that allows an unauthenticated attacker to create an administrative user for the application. Customers were made aware of the issue by an internal security advisory post and patch made available on December 4, 2023, in which researchers malcolm0x...

Two recent Ivanti CVEs are being actively exploited by suspected nation-state threat actors.

Mirth Connect, by NextGen HealthCare, is an open source data integration platform widely used by healthcare companies. Versions prior to 4.4.1 are vulnerable to an unauthenticated remote code execution vulnerability, CVE-2023-43208. If you’re a user of Mirth Connect, you’ll want to upgrade to the latest patch release, 4.4.1, as of this writing.

Introduction Back in Aug. 2023 we released an advisory for CVE-2023-39143, a critical vulnerability that affects Windows installs of the PaperCut NG/MF print management software. Attackers can exploit this vulnerability to download and delete arbitrary files, and in certain common configurations upload files, leading to remote code execution. This vulnerability was patched in PaperCut version 22.1.3 in July 2023. This...

Security Strategies

Industry Insights

Attack Research

Attack Content

Security Strategies

Industry Insights

Attack Research

Attack Content

Research Blog

Filters