New at Horizon3.ai

Mythos has collapsed the attack path. | Learn how to prove your defenses now. →

Resource Center

Welcome to our cybersecurity resource center where we uncover how malicious actors exploit weaknesses in systems, while going beyond the technical aspects and examining real-world perspectives across various industries.

LATEST VULNERABILITIES

Bomb Streamline Icon: https://streamlinehq.com

CVE-2026-27771

CVE-2026-27771 is a high-severity authentication bypass vulnerability affecting Gitea’s built-in package and container registry functionality. The flaw may allow unauthenticated attackers to retrieve private container images and package artifacts without valid credentials.
Read More →
Bomb Streamline Icon: https://streamlinehq.com

CVE-2026-9082

CVE-2026-9082 is a highly critical SQL injection vulnerability in Drupal core affecting PostgreSQL-backed deployments. The flaw allows unauthenticated attackers to execute arbitrary SQL queries and potentially compromise affected environments.
Read More →

SEARCH

CATEGORIES

TAGS

SEARCH

    Blogs

    Mythos Didn’t Break Cybersecurity. It Exposed What Was Already Broken.

    April 17, 2026
    Mythos shows that finding vulnerabilities isn’t the problem—understanding exploitability and impact is what security teams are missing.
    Read More →
    Abstract visualization showing large volumes of vulnerabilities and data highlighting the gap between discovery and real-world exploitability
    Customer Stories

    Using Iranian Tradecraft to Eliminate a Critical AD Risk

    NodeZero uncovered and eliminated a Zerologon Active Directory attack path using Iranian tradecraft, validating remediation in under 24 hours.
    Read More →
    Blogs

    From Patch Tuesday to Pentest Wednesday®: When “Clean” Didn’t Mean Secure

    April 15, 2026
    External tests looked clean—but internal pentesting revealed a full attack path to domain compromise despite active security controls.
    Read More →
    Pentest Wednesday banner featuring NodeZero and the Find-Fix-Verify security testing rhythm
    Blogs

    Incident Response Remediation: How to Eliminate Attack Paths After a Breach

    April 8, 2026
    Digital threat monitoring shows threats and exposure—but not whether attackers can exploit your environment. Here’s what matters next.
    Read More →
    Cybersecurity network visualization showing connected systems and threat monitoring across an external attack surface
    Attack Blogs, Attack Research, Blogs, Disclosures

    10 Minutes with Claude: Remote Code Execution in Apache ActiveMQ (CVE-2026-34197)

    April 7, 2026
    CVE-2026-34197 enables remote code execution in ActiveMQ via Jolokia. Exploitation chains VM transport and remote config loading.
    Read More →
    ActiveMQ vm transport exploitation showing creation of a broker and loading of attacker-controlled configuration
    Factsheets

    SLED U.S. State, Local, & Education

    April 4, 2026
    State, local and education (SLED) organizations have unique pain points. Because they rely on taxpayer dollars, SLED organizations are often trying to do more with less.
    Read More →
    Blogs

    Best Tools for Digital Threat Monitoring and Cyber Threat Visibility

    April 1, 2026
    Digital threat monitoring reveals attacker activity and exposure across your environment—but does it show what’s actually exploitable?
    Read More →
    Security monitoring control room with multiple screens displaying surveillance feeds representing digital threat monitoring and cyber visibility
    Blogs

    When Conflict Extends Into Cyberspace: What Security Leaders Should Expect

    March 16, 2026
    Iranian cyber operators are increasingly targeting critical infrastructure and enterprise systems. Here’s what security leaders should expect and how to prepare.
    Read More →
    Close-up of a hand using a backlit tablet displaying digital data
    Blogs

    From Patch Tuesday to Pentest Wednesday®: A University’s Journey to Measure Blast Radius

    March 11, 2026
    A university moved beyond phishing click rates to measure real-world blast radius, validate domain compromise, and prove measurable risk reduction with Pentest Wednesday®.
    Read More →
    Pentest Wednesday banner featuring NodeZero and the Find-Fix-Verify security testing rhythm
    Attack Blogs, Attack Research, Blogs

    Preemptive Exposure Management Is the Goal. Autonomous Attack Validation Is How You Get There.

    March 4, 2026
    Reacting to cyberattacks has never been a winning strategy. Most organizations know this, yet many still find themselves responding after the fact, investigating incidents, explaining impact, and rebuilding trust with leadership. What’s changed is a growing recognition that risk must be reduced before attackers act, not measured after the damage is done. That’s the promise…
    Read More →
    Hand adjusting a risk control knob representing risk management strategy