New at Horizon3.ai

Mythos has collapsed the attack path. | Learn how to prove your defenses now. →

Pentesters

SEARCH

CATEGORIES

TAGS

    Whitepapers

    The 2026 Buyer’s Guide to Penetration Testing

    May 20, 2026
    The 2026 Buyer’s Guide to Penetration Testing explains how security leaders are reevaluating pentesting based on exploitability, validation, and real-world attack paths.
    Read More →
    Cybersecurity evaluation guide focused on penetration testing, attack path validation, exploitability, and measurable risk reduction
    Whitepapers

    Strengthen Supply Chain Security for CMMC

    May 18, 2026
    This whitepaper explains how organizations can move beyond CMMC compliance to continuously validate real-world security across the supply chain.
    Read More →
    Attack Blogs, Attack Research, Blogs, Disclosures

    Autonomous AI Cyber Defense You Can Trust in Production

    May 6, 2026
    New research reveals how to make AI-powered cyber defense safe, stable, and reliable for real-world deployment.
    Read More →
    Horizon3.ai logo banner
    Whitepapers

    Unifying SOC and ITSM

    May 5, 2026
    A leadership guide to aligning SOC and ITSM teams using evidence-driven cyber risk management and real-world validation.
    Read More →
    Whitepaper mockup for bringing SOC and ITSM together to improve security operations and response workflows
    Attack Blogs, Attack Research, Blogs, Disclosures

    10 Minutes with Claude: Remote Code Execution in Apache ActiveMQ (CVE-2026-34197)

    April 7, 2026
    CVE-2026-34197 enables remote code execution in ActiveMQ via Jolokia. Exploitation chains VM transport and remote config loading.
    Read More →
    ActiveMQ vm transport exploitation showing creation of a broker and loading of attacker-controlled configuration
    Attack Blogs, Attack Research, Disclosures

    CVE-2025-64155: Three Years of Remotely Rooting the Fortinet FortiSIEM

    January 13, 2026
    CVE-2025-64155 chains argument injection and privilege escalation flaws in FortiSIEM to achieve remote root compromise.
    Read More →
    NodeZero interface displaying vulnerability findings from autonomous pentesting
    Whitepapers

    From Honeypots to Active Directory Tripwires

    January 9, 2026
    Traditional deception tools promised high signal but failed at scale. This page explores how NodeZero® Active Directory Tripwires transform deception into a practical, enterprise-ready detection strategy—using real attacker behavior to deliver early, high-fidelity alerts where identity attacks matter most.
    Read More →
    Attack Blogs, Attack Paths, Attack Research

    The FreePBX Rabbit Hole: CVE-2025-66039 and others

    December 11, 2025
    We dive into a new set of FreePBX issues beyond CVE-2025-57819: an authentication bypass in webserver mode (CVE-2025-66039), multiple SQL injections (CVE-2025-61675), and an arbitrary file upload bug leading to remote code execution (CVE-2025-61678). Together, they allow authenticated or unauthenticated attackers to achieve code execution on vulnerable FreePBX instances using risky auth settings. This write-up…
    Read More →
    Visual header graphic representing FreePBX security vulnerabilities, including authentication bypass, SQL injection, and remote code execution risks.
    Attack Paths

    Hack The Box – Retro

    November 10, 2025
    NodeZero® autonomously solved Hack The Box Retro in just 11 minutes, chaining SMB guest access and weak credentials into an ADCS privilege escalation. This demonstration highlights how autonomous pentesting uncovers exploit chains and validates real attack paths, proving Horizon3.ai’s commitment to evidence-based, attacker-validated security.
    Read More →
    Illustrative image supporting the content on the “hack the box retro” page.
    Blogs

    Why Open-Source AI Pentesting Could Be Your Next Security Incident

    October 23, 2025
    Open-source AI pentesting frameworks can unintentionally transmit sensitive pentest data to external LLM APIs, creating hidden security, compliance, and governance risks for enterprises.
    Read More →