Attack Research
SEARCH
CATEGORIES
TAGS
From Support Ticket to Zero Day
August 13, 2025
Examining a Critical Vulnerability in Xerox FreeFlow Core
CVE-2025-5777: CitrixBleed 2 Write-Up… Maybe?
July 7, 2025
Background and Confusion On June 17, 2025, Citrix published an advisory detailing CVE-2025-5777 and CVE-2025-5349. Affected products include: On June 25, 2025, they also published an advisory detailing CVE-2025-6543. Affected products include: Of the three vulnerabilities, two of them have been receiving a bit of buzz: While we’ve developed a working exploit for one of…
CVE-2025-34508: Another File Sharing Application, Another Path Traversal
June 17, 2025
Learn how Horizon3.ai uncovered CVE-2025-34508 in ZendTo, allowing attackers to access sensitive files through a path traversal flaw.
What 7,000+ NodeZero RAT Attempts Show Us About Cyber Security
June 9, 2025
Discover how NodeZero's autonomous RAT operates, why credentials dominate post-exploitation, and what it means for your cyber defense.
Cisco IOS XE WLC Arbitrary File Upload Vulnerability (CVE-2025-20188) Analysis
May 29, 2025
Explore how a hard-coded JWT in Cisco IOS XE WLC enables unauthenticated file upload and potential RCE—and how to mitigate it.
CVE-2025-32756: Low-Rise Jeans are Back and so are Buffer Overflows
May 22, 2025
Analyze CVE-2025-32756, a Fortinet buffer overflow flaw under active attack, and see how NodeZero can validate exposure now.
How Hackers Weaponize Slack: Lessons From Real Slack Dump Attacks
Slack's popularity creates data exfiltration risks. Autonomous pentesting finds hidden vulnerabilities.
Unsafe at Any Speed: Abusing Python Exec for Unauth RCE in Langflow AI
April 9, 2025
CVE-2025-3248 is a critical code injection vulnerability affecting Langflow, a popular tool used for building out agentic AI workflows. This vulnerability is easily exploitable and enables unauthenticated remote attackers to fully compromise Langflow servers. The issue is patched in Langflow 1.3.0.
CrushFTP Authentication Bypass: Indicators of Compromise
March 27, 2025
CrushFTP auth bypass (CVE-2025-2825) could grant attackers admin access. Learn IoCs & test exposure with NodeZero. Patch now!
Critical or Clickbait: GitHub Actions and Apache Tomcat RCE Vulnerabilities 2025
March 21, 2025
Explore CVE-2025-30066 and CVE-2025-24813 with real-world data from Horizon3.ai to assess whether these vulnerabilities are truly critical or overhyped.