Resource Center

We dive into a new set of FreePBX issues beyond CVE-2025-57819: an authentication bypass in webserver mode (CVE-2025-66039), multiple SQL injections (CVE-2025-61675), and an arbitrary file upload bug leading to remote code execution (CVE-2025-61678). Together, they allow authenticated or unauthenticated attackers to achieve code execution on vulnerable FreePBX instances using risky auth settings. This write-up…

Patch Tuesday is a known event, but attackers are moving faster than ever. For a leading U.S. manufacturer, shifting from simple patching to continuous validation became the key to proving their fixes worked, turning uncertainty into confidence.

Horizon3.ai has been named a Customers’ Choice in the October 2025 Gartner® Peer Insights™ “Voice of the Customer”: Adversarial Exposure Validation report, reflecting strong peer satisfaction and real-world impact.

Threat Informed Perspectives give organizations a structured, attacker-aligned way to measure exposure, track real security improvement, and validate remediation over time using continuous, evidence-driven insights from NodeZero.

At Horizon3.ai, transparency and security go hand in hand. The NodeZero® Offensive Security Platform protects your data during every test — encrypting communications, limiting retention, and ensuring no sensitive data leaves your environment. Download the factsheet to see how our strict controls safeguard customer information from launch to teardown.

EDR tools offer visibility, but visibility isn’t protection. Learn why credential-driven attacks often bypass EDR and how NodeZero validates real-world detection, blocking, and effectiveness across your endpoints.

Learn how the NodeZero MCP Server supercharges enterprise AI ecosystems with attacker-validated exploitability data, continuous validation, and automated security workflows.

Horizon3.ai’s NodeZero® redefines Risk-Based Vulnerability Management by connecting exploitability, business context, and attacker behavior. With new capabilities for High-Value Targeting, Advanced Data Pilfering, Threat Actor Intelligence, and Vulnerability Risk Intelligence, NodeZero moves vulnerability management from noise to proof—helping security teams prioritize, fix, and verify what truly matters.

Horizon3.ai discovered two critical vulnerabilities in N-able N-central — CVE-2025-9316 and CVE-2025-11700 — that can be chained to leak credentials and fully compromise the appliance. This in-depth analysis details how the flaws were found, exploited, responsibly disclosed, and patched in version 2025.4, turning N-days into true 0-days.

NodeZero® autonomously solved Hack The Box Retro in just 11 minutes, chaining SMB guest access and weak credentials into an ADCS privilege escalation. This demonstration highlights how autonomous pentesting uncovers exploit chains and validates real attack paths, proving Horizon3.ai’s commitment to evidence-based, attacker-validated security.