New at Horizon3.ai

Mythos has collapsed the attack path. | Learn how to prove your defenses now. →

Security Practitioner

SEARCH

CATEGORIES

TAGS

    Attack Blogs

    CVE-2025-32756: Low-Rise Jeans are Back and so are Buffer Overflows

    May 22, 2025
    Analyze CVE-2025-32756, a Fortinet buffer overflow flaw under active attack, and see how NodeZero can validate exposure now.
    Read More →
    Blogs

    Using NodeZero® to Uncover the Paths Attackers Take, Before They Do

    May 2, 2025
    Discover how NodeZero emulates real attackers to uncover critical attack paths, escalate access, and deliver proof—fast and autonomously.
    Read More →
    Video

    Fireside Chat: Horizon3.ai and Quantum Marine Engineering

    DoD supply chain cyber threats are surging. Learn how CAPT helps suppliers find, fix & verify gaps with scalable, autonomous security testing.
    Watch Now →
    Blogs

    The Duty to Know: Why Security Leaders Can’t Afford Ignorance

    April 28, 2025
    Security leaders can’t afford blind spots. Learn why proving security effectiveness is now a must—and how to meet the Duty to Know.
    Read More →
    Attack Blogs, Disclosures

    Unsafe at Any Speed: Abusing Python Exec for Unauth RCE in Langflow AI

    April 9, 2025
    CVE-2025-3248 is a critical code injection vulnerability affecting Langflow, a popular tool used for building out agentic AI workflows. This vulnerability is easily exploitable and enables unauthenticated remote attackers to fully compromise Langflow servers. The issue is patched in Langflow 1.3.0.
    Read More →
    Blogs

    NodeZero® Release Recap: Spring Edition

    April 7, 2025
    Spring updates are here! Explore NodeZero’s latest threat detection, pentest, and insights features—built to stay ahead of attackers.
    Read More →
    NodeZero UI
    Blogs

    There’s More To Our Annual Report: The State of Cybersecurity in 2025

    April 2, 2025
    Discover hidden cybersecurity risks from our 2025 report. Unfiltered insights on BAS, compliance pitfalls, third-party threats & more.
    Read More →
    The State of Cybersecurity in2025. Two copies of the report, one closed and the other open to the first page, lay on top of a red and purple neon grid. The grid fading to the starry dark blue-black background.
    Attack Blogs

    CrushFTP Authentication Bypass: Indicators of Compromise

    March 27, 2025
    CrushFTP auth bypass (CVE-2025-2825) could grant attackers admin access. Learn IoCs & test exposure with NodeZero. Patch now!
    Read More →
    Attack Blogs

    Critical or Clickbait: GitHub Actions and Apache Tomcat RCE Vulnerabilities 2025

    March 21, 2025
    Explore CVE-2025-30066 and CVE-2025-24813 with real-world data from Horizon3.ai to assess whether these vulnerabilities are truly critical or overhyped.
    Read More →
    Red alarm light against a metal wall with vertical ridges
    Attack Blogs, Disclosures

    Ivanti Endpoint Manager – Multiple Credential Coercion Vulnerabilities

    February 19, 2025
    Critical Ivanti Endpoint Manager vulnerabilities revealed—learn about CVE exploits and mitigation.
    Read More →