Blogs

SEARCH

CATEGORIES

TAGS

    Blogs

    Mastering Cloud Security: Uncovering Hidden Vulnerabilities with NodeZero™

    August 21, 2024
    Master cloud security with NodeZero™ Cloud Pentesting. Easily uncover vulnerabilities across AWS and Azure, prioritize identity risks, and secure your environment in just minutes. Stay ahead of threats.
    Read More →
    Blogs

    Ensuring Cybersecurity: Horizon3.ai’s Rapid Response Service in Action

    July 10, 2024
    How Horizon3.ai's Rapid Response Identified and Mitigated a Critical Mirth Connect Vulnerability A key consideration in cybersecurity is determining whether a known software vulnerability is actually exploitable. This often depends on how and where the at-risk software is deployed in your environment. To address the need to find what’s exploitable, Horizon3.ai developed and recently unveiled…
    Read More →
    Blogs

    Enhancing Vulnerability Management: Integrating Autonomous Penetration Testing

    June 17, 2024
    Traditional vulnerability scanning tools are enhanced with NodeZero's autonomous penetration testing, revolutionizing Vulnerability Management by providing comprehensive risk assessment, exploitability analysis, and cross-host vulnerability chaining, empowering organizations to prioritize and mitigate security weaknesses strategically.
    Read More →
    Blogs

    NodeZero: Testing for Exploitability of Palo Alto Networks CVE-2024-3400

    April 25, 2024
    On April 12 (and then updated again on April 20), Palo Alto Networks released an advisory about a vulnerability in the PAN-OS® software that runs Palo Alto Networks® Next-Generation Firewalls (NGFWs).
    Read More →
    Blogs

    CVE-2024-21893: Another Ivanti Vulnerability Exploited in the Wild. Verify with NodeZero Today!

    February 5, 2024
    On 22 January, Ivanti published an advisory stating that they discovered two new, high-severity vulnerabilities (CVE-2024-21888 and CVE-2024-21893) after researching previously reported vulnerabilities affecting Ivanti Connect Secure, Ivanti Policy Secure and ZTA gateways. Ivanti provides enterprise solutions, including patch management and IT security solutions to over 40,000 customers worldwide. While there is no evidence of…
    Read More →
    Blogs

    Gone Phishing: How an Intern’s Credentials can be a Gateway to Your Crown Jewels

    February 5, 2024
    “Who cares that the intern was phished during our phishing campaign? It’s an intern, they don't have access to anything important."
    Read More →
    Six fishing poles mounted to the back of a motorized boat
    Blogs

    CVE-2024-23897: Check Critical Jenkins Arbitrary File Leak Vulnerability Now!

    January 30, 2024
    On 24 January 2024, the Jenkins team issued a security advisory disclosing a critical vulnerability that affects the Jenkins CI/CD tool. Jenkins is a Java-based open-source automation server run by over 1 million users that helps developers build, test and deploy applications, enabling continuous integration and continuous delivery. The critical vulnerability is tracked as CVE-2024-23897…
    Read More →
    Blogs

    CVE-2024-0204: Check Critical Fortra GoAnywhere MFT Authentication Bypass with NodeZero™️ Now!

    January 24, 2024
    On 22 January, Fortra issued an advisory stating that versions of its GoAnywhere Managed File Transfer (MFT) product suffer from an authentication bypass vulnerability.
    Read More →
    hands typing on a laptop
    Blogs

    NodeZero Updated With Attack Content for Critical Confluence RCE

    January 23, 2024
    On 16 January, Atlassian released a security advisory concerning CVE-2023-22527 that affects vulnerable out-of-date versions of Confluence Data Center and Server.
    Read More →
    Man in dark hood with red code projected on his face
    Blogs

    Understanding the Actively-Exploited Ivanti CVE’s

    January 22, 2024
    Two recent Ivanti CVEs are being actively exploited by suspected nation-state threat actors.
    Read More →