Attack Research

SEARCH

CATEGORIES

TAGS

    From Support Ticket to Zero Day

    August 13, 2025
    Examining a Critical Vulnerability in Xerox FreeFlow Core

    CVE-2025-5777: CitrixBleed 2 Write-Up… Maybe?

    July 7, 2025
    Background and Confusion On June 17, 2025, Citrix published an advisory detailing CVE-2025-5777 and CVE-2025-5349. Affected products include: On June 25, 2025, they also published an advisory detailing CVE-2025-6543. Affected products include: Of the three vulnerabilities, two of them have been receiving a bit of buzz: While we’ve developed a working exploit for one of…

    CVE-2025-34508: Another File Sharing Application, Another Path Traversal

    June 17, 2025
    Learn how Horizon3.ai uncovered CVE-2025-34508 in ZendTo, allowing attackers to access sensitive files through a path traversal flaw.

    What 7,000+ NodeZero RAT Attempts Show Us About Cyber Security

    June 9, 2025
    Discover how NodeZero's autonomous RAT operates, why credentials dominate post-exploitation, and what it means for your cyber defense.

    Cisco IOS XE WLC Arbitrary File Upload Vulnerability (CVE-2025-20188) Analysis

    May 29, 2025
    Explore how a hard-coded JWT in Cisco IOS XE WLC enables unauthenticated file upload and potential RCE—and how to mitigate it.

    CVE-2025-32756: Low-Rise Jeans are Back and so are Buffer Overflows

    May 22, 2025
    Analyze CVE-2025-32756, a Fortinet buffer overflow flaw under active attack, and see how NodeZero can validate exposure now.

    How Hackers Weaponize Slack: Lessons From Real Slack Dump Attacks

    Slack's popularity creates data exfiltration risks. Autonomous pentesting finds hidden vulnerabilities.

    Unsafe at Any Speed: Abusing Python Exec for Unauth RCE in Langflow AI

    April 9, 2025
    CVE-2025-3248 is a critical code injection vulnerability affecting Langflow, a popular tool used for building out agentic AI workflows. This vulnerability is easily exploitable and enables unauthenticated remote attackers to fully compromise Langflow servers. The issue is patched in Langflow 1.3.0.

    CrushFTP Authentication Bypass: Indicators of Compromise

    March 27, 2025
    CrushFTP auth bypass (CVE-2025-2825) could grant attackers admin access. Learn IoCs & test exposure with NodeZero. Patch now!

    Critical or Clickbait: GitHub Actions and Apache Tomcat RCE Vulnerabilities 2025

    March 21, 2025
    Explore CVE-2025-30066 and CVE-2025-24813 with real-world data from Horizon3.ai to assess whether these vulnerabilities are truly critical or overhyped.