New at Horizon3.ai

Mythos has collapsed the attack path. | Learn how to prove your defenses now. →

Disclosures

SEARCH

CATEGORIES

TAGS

    Attack Blogs, Attack Research, Blogs, Disclosures

    Autonomous AI Cyber Defense You Can Trust in Production

    May 6, 2026
    New research reveals how to make AI-powered cyber defense safe, stable, and reliable for real-world deployment.
    Read More →
    Horizon3.ai logo banner
    Attack Blogs, Attack Research, Blogs, Disclosures

    10 Minutes with Claude: Remote Code Execution in Apache ActiveMQ (CVE-2026-34197)

    April 7, 2026
    CVE-2026-34197 enables remote code execution in ActiveMQ via Jolokia. Exploitation chains VM transport and remote config loading.
    Read More →
    ActiveMQ vm transport exploitation showing creation of a broker and loading of attacker-controlled configuration
    Attack Blogs, Disclosures

    Ticket to Shell: Exploiting PHP Filters and CNEXT in osTicket (CVE-2026-22200)

    January 22, 2026
    CVE-2026-22200 is a severe vulnerability affecting osTicket, a popular open source helpdesk and ticketing system. This vulnerability enables anonymous attackers to read arbitrary files from the osTicket server, and in some cases execute arbitrary code. This issue is patched in osTicket 1.18.3 / 1.17.7.
    Read More →
    NodeZero platform screenshot showing autonomous pentesting results and attack paths
    Attack Blogs, Attack Research, Disclosures

    CVE-2025-64155: Three Years of Remotely Rooting the Fortinet FortiSIEM

    January 13, 2026
    CVE-2025-64155 chains argument injection and privilege escalation flaws in FortiSIEM to achieve remote root compromise.
    Read More →
    NodeZero interface displaying vulnerability findings from autonomous pentesting
    Attack Blogs, Disclosures

    N-able N-central: From N-days to 0-days

    Horizon3.ai discovered two critical vulnerabilities in N-able N-central — CVE-2025-9316 and CVE-2025-11700 — that can be chained to leak credentials and fully compromise the appliance. This in-depth analysis details how the flaws were found, exploited, responsibly disclosed, and patched in version 2025.4, turning N-days into true 0-days.
    Read More →
    Illustrative image supporting the content on the “n able n central from n days to 0 days” page.
    Attack Blogs, Disclosures

    CVE-2025-34508: Another File Sharing Application, Another Path Traversal

    June 17, 2025
    Learn how Horizon3.ai uncovered CVE-2025-34508 in ZendTo, allowing attackers to access sensitive files through a path traversal flaw.
    Read More →
    Attack Blogs, Disclosures

    Unsafe at Any Speed: Abusing Python Exec for Unauth RCE in Langflow AI

    April 9, 2025
    CVE-2025-3248 is a critical code injection vulnerability affecting Langflow, a popular tool used for building out agentic AI workflows. This vulnerability is easily exploitable and enables unauthenticated remote attackers to fully compromise Langflow servers. The issue is patched in Langflow 1.3.0.
    Read More →
    Attack Blogs, Disclosures

    Ivanti Endpoint Manager – Multiple Credential Coercion Vulnerabilities

    February 19, 2025
    Critical Ivanti Endpoint Manager vulnerabilities revealed—learn about CVE exploits and mitigation.
    Read More →
    Attack Blogs, Disclosures

    Critical Vulnerabilities in SimpleHelp Remote Support Software

    January 13, 2025
    SimpleHelp remote support software is susceptible to critical vulnerabilities that could allow full takeover of SimpleHelp servers. Users of SimpleHelp should upgrade to the latest version ASAP.
    Read More →
    Attack Blogs, Disclosures

    Palo Alto Expedition: From N-Day to Full Compromise

    On July 10, 2024, Palo Alto released a security advisory for CVE-2024-5910, a vulnerability which allowed attackers to remotely reset the Expedition application admin credentials. While we had never heard of Expedition application before, it's advertised as: The purpose of this tool is to help reduce the time and efforts of migrating a configuration from…
    Read More →