Resource Center

Welcome to our cybersecurity resource center where we uncover how malicious actors exploit weaknesses in systems, while going beyond the technical aspects and examining real-world perspectives across various industries.

LATEST VULNERABILITIES

WEBINAR REPLAY

SEARCH

CATEGORIES

TAGS

    Factsheets

    NodeZero Phishing Impact Test

    February 7, 2024
    Horizon3.ai introduces a groundbreaking test type in its NodeZero platform: the Phishing Impact test. It delivers tangible insights into the potential consequences of phishing attacks on your organization’s infrastructure.
    Read More →
    Attack Paths

    NodeZero APT: Azure Password Spray Leads to Business Email Compromise

    February 6, 2024
    NodeZero APT: Azure Password Spray to Business Email Compromise
    Read More →
    Attack Blogs

    Rust Won’t Save Us: An Analysis of 2023’s Known Exploited Vulnerabilities

    February 6, 2024
    Introduction Memory safety issues have plagued the software industry for decades. The Cybersecurity & Infrastructure Security Agency (CISA) has been leading a charge for secure-by-design and encouraging developers and vendors to utilize memory safe languages like Rust to eradicate this vulnerability class.  Google Chromium, the engine used by the majority of browsers around the world,…
    Read More →
    Blogs

    CVE-2024-21893: Another Ivanti Vulnerability Exploited in the Wild. Verify with NodeZero Today!

    February 5, 2024
    On 22 January, Ivanti published an advisory stating that they discovered two new, high-severity vulnerabilities (CVE-2024-21888 and CVE-2024-21893) after researching previously reported vulnerabilities affecting Ivanti Connect Secure, Ivanti Policy Secure and ZTA gateways. Ivanti provides enterprise solutions, including patch management and IT security solutions to over 40,000 customers worldwide. While there is no evidence of…
    Read More →
    Blogs

    Gone Phishing: How an Intern’s Credentials can be a Gateway to Your Crown Jewels

    February 5, 2024
    “Who cares that the intern was phished during our phishing campaign? It’s an intern, they don't have access to anything important."
    Read More →
    Six fishing poles mounted to the back of a motorized boat
    Blogs

    CVE-2024-23897: Check Critical Jenkins Arbitrary File Leak Vulnerability Now!

    January 30, 2024
    On 24 January 2024, the Jenkins team issued a security advisory disclosing a critical vulnerability that affects the Jenkins CI/CD tool. Jenkins is a Java-based open-source automation server run by over 1 million users that helps developers build, test and deploy applications, enabling continuous integration and continuous delivery. The critical vulnerability is tracked as CVE-2024-23897…
    Read More →
    Attack Blogs

    CVE-2024-23897: Assessing the Impact of the Jenkins Arbitrary File Leak Vulnerability

    January 29, 2024
    CVE-2024-23897: Assessing the Impact of the Jenkins Arbitrary File Leak Vulnerability.
    Read More →
    CVE-2024-23897: Assessing the Impact of the Jenkins Arbitrary File Leak Vulnerability.
    Blogs

    CVE-2024-0204: Check Critical Fortra GoAnywhere MFT Authentication Bypass with NodeZero™️ Now!

    January 24, 2024
    On 22 January, Fortra issued an advisory stating that versions of its GoAnywhere Managed File Transfer (MFT) product suffer from an authentication bypass vulnerability.
    Read More →
    hands typing on a laptop
    Whitepapers

    Shifting the Focus to Exploitability in CTEM and ASM

    January 24, 2024
    The Exploitable Attack Surface Keeps Expanding: Discover and Remediate Exploitable Vulnerabilities with NodeZero
    Read More →
    Blogs

    NodeZero Updated With Attack Content for Critical Confluence RCE

    January 23, 2024
    On 16 January, Atlassian released a security advisory concerning CVE-2023-22527 that affects vulnerable out-of-date versions of Confluence Data Center and Server.
    Read More →
    Man in dark hood with red code projected on his face