Attack Blogs

CVE-2026-22200 is a severe vulnerability affecting osTicket, a popular open source helpdesk and ticketing system. This vulnerability enables anonymous attackers to read arbitrary files from the osTicket server, and in some cases execute arbitrary code. This issue is patched in osTicket 1.18.3 / 1.17.7.

CVE-2025-64155 chains argument injection and privilege escalation flaws in FortiSIEM to achieve remote root compromise.

CVE-2026-21858, the so-called “Ni8mare” n8n RCE, drew significant attention—but real-world impact appears limited. Horizon3.ai breaks down the technical prerequisites, observed exposure, and why most organizations are unlikely to be affected.

We dive into a new set of FreePBX issues beyond CVE-2025-57819: an authentication bypass in webserver mode (CVE-2025-66039), multiple SQL injections (CVE-2025-61675), and an arbitrary file upload bug leading to remote code execution (CVE-2025-61678). Together, they allow authenticated or unauthenticated attackers to achieve code execution on vulnerable FreePBX instances using risky auth settings. This write-up…

Horizon3.ai discovered two critical vulnerabilities in N-able N-central — CVE-2025-9316 and CVE-2025-11700 — that can be chained to leak credentials and fully compromise the appliance. This in-depth analysis details how the flaws were found, exploited, responsibly disclosed, and patched in version 2025.4, turning N-days into true 0-days.

Attackers turn native Active Directory features into a low-noise, high-impact playbook: stealthy enumeration, Kerberoasting, and AS-REP roasting can produce crackable credentials and clear paths to domain admin in minutes. This post walks through the first 15 minutes of an AD intrusion, why traditional SIEM/EDR struggles to detect it, and what defenders must catch early to…

Examining a Critical Vulnerability in Xerox FreeFlow Core

Background and Confusion On June 17, 2025, Citrix published an advisory detailing CVE-2025-5777 and CVE-2025-5349. Affected products include: On June 25, 2025, they also published an advisory detailing CVE-2025-6543. Affected products include: Of the three vulnerabilities, two of them have been receiving a bit of buzz: While we’ve developed a working exploit for one of…

Learn how Horizon3.ai uncovered CVE-2025-34508 in ZendTo, allowing attackers to access sensitive files through a path traversal flaw.

Discover how NodeZero's autonomous RAT operates, why credentials dominate post-exploitation, and what it means for your cyber defense.