Resource Center

Welcome to our cybersecurity resource center where we uncover how malicious actors exploit weaknesses in systems, while going beyond the technical aspects and examining real-world perspectives across various industries.

LATEST VULNERABILITIES

WEBINAR REPLAY

SEARCH

CATEGORIES

TAGS

    Attack Paths

    NodeZero Pivots Through Your Network with the Attacker’s Perspective

    August 7, 2023
    A NodeZero autonomous attack that leveraged two weaknesses to achieve domain compromise in 33 minutes, 9 seconds.
    Read More →
    Podcasts

    Directing penetration testing at attack surface management

    August 7, 2023
    Last Watchdog Editor-In-Chief Byron Acohido interviews Horizon3.ai CEO Snehal Antani about advanced pentesting tools and services.
    Read More →
    Attack Paths

    Privileged Credentials Often Bite Back

    August 7, 2023
    Active Directory Analytics Solution Enables Domain Compromise
    Read More →
    Attack Blogs, Disclosures

    CVE-2023-39143: PaperCut Path Traversal/File Upload RCE Vulnerability

    August 4, 2023
    Summary CVE-2023-39143 is a critical vulnerability we disclosed to PaperCut that affects the widely used PaperCut NG/MF print management software. It affects PaperCut NG/MF running on Windows, prior to version 22.1.3. If you are a user of PaperCut on Windows, and have it exposed to the Internet, we recommend you check out the July 2023…
    Read More →
    Video

    Airiam and Horizon3.ai Threat Actors Webinar – Attack Simulation

    Art Ocain, Field CISO at Airiam, and Naveen Sunkavally, Chief Architect at Horizon3.ai join forces in this webinar, where you will gain an in-depth understanding of threat actors and their tactics through a LIVE attack simulation.
    Watch Now →
    Attack Paths

    Low-Level Credentials Can Get Big Gains

    July 26, 2023
    Combining Compromised Credentials Enables Domain Takeover
    Read More →
    Attack Paths

    Veeam CVE Leads to Full Compromise

    July 26, 2023
    Low-Level Vulnerability Leads to Domain Compromise
    Read More →
    Attack Paths

    You Can’t Manage Risk if You Lack Context

    June 29, 2023
    Low-Level Vulnerability Leads to Domain Compromise
    Read More →
    Video

    War Stories from 15K Pentests: With Log4shell, Vulnerable ≠ Exploitable

    In Horizon3.ai's three years of operation, we have conducted more than 15,000 pentests yielding results for our clients and data for our engineers. Join our CEO, Snehal Antani, for stories from the trenches. This month we'll take a look at the Log4shell example, and learn about how the distinction between being vulnerable and being exploitable…
    Watch Now →
    Blogs

    INSIGHT – MOVEit Zero-Day Reminds Us Yet Again to Be Diligent in Monitoring Our IT Infrastructure

    June 15, 2023
    Over the last week, the widely reported critical security flaw in the Progress MOVEit Transfer application (CVE-2023-34362) reminded us yet again to remain vigilant in securing our IT infrastructure from potential cyber threat actors.
    Read More →