Security Practitioner

NodeZero® enables federal agencies to continuously validate Zero Trust controls in production environments, delivering real-time, adversary-driven proof aligned to FedRAMP, NIST, CMMC, and DoD Zero Trust mandates.

CVE-2025-40551 details multiple chained vulnerabilities in SolarWinds Web Help Desk that allow unauthenticated attackers to achieve remote code execution on vulnerable instances.

CVE-2026-22200 is a severe vulnerability affecting osTicket, a popular open source helpdesk and ticketing system. This vulnerability enables anonymous attackers to read arbitrary files from the osTicket server, and in some cases execute arbitrary code. This issue is patched in osTicket 1.18.3 / 1.17.7.

CVE-2025-64155 chains argument injection and privilege escalation flaws in FortiSIEM to achieve remote root compromise.

Traditional deception tools promised high signal but failed at scale. This page explores how NodeZero® Active Directory Tripwires transform deception into a practical, enterprise-ready detection strategy—using real attacker behavior to deliver early, high-fidelity alerts where identity attacks matter most.

The DoW’s new Cybersecurity Risk Management Construct demands continuous, evidence-driven security. Learn how Horizon3.ai’s NodeZero delivers real-time, attacker-validated proof to support mission resilience.

We dive into a new set of FreePBX issues beyond CVE-2025-57819: an authentication bypass in webserver mode (CVE-2025-66039), multiple SQL injections (CVE-2025-61675), and an arbitrary file upload bug leading to remote code execution (CVE-2025-61678). Together, they allow authenticated or unauthenticated attackers to achieve code execution on vulnerable FreePBX instances using risky auth settings. This write-up…

At Horizon3.ai, transparency and security go hand in hand. The NodeZero® Offensive Security Platform protects your data during every test — encrypting communications, limiting retention, and ensuring no sensitive data leaves your environment. Download the factsheet to see how our strict controls safeguard customer information from launch to teardown.

Learn how the NodeZero MCP Server supercharges enterprise AI ecosystems with attacker-validated exploitability data, continuous validation, and automated security workflows.

Cybersecurity awareness training builds knowledge—but not proof. This post shows how to evolve from education to validation by continuously testing your defenses with NodeZero®. Discover how real-world verification closes policy gaps, exposes hidden risks, and transforms one month of awareness into year-round assurance your security truly works.