Initial Access Intelligence

Exploits and detections for Microsoft WSUS, FOG Project, Xdebug, and Spring Cloud Netflix Hystrix Dashboard. Fresh signatures for CVEs detected in the wild by VulnCheck canaries, plus a scanner for WatchGuard Fireware OS RCE.

New exploits and detections for Gladinet CentreStack, IBM Operational Decision Manager, VICIdial, China Mobile Intelligent Home Gateways, JeecgBoot, and NETGEAR routers. Signatures for Windows Server Update Services.

New exploits and detections for Tenda AC15 AC1900 devices, Flowise, and LG Simple Editor. New version scanner and queries for F5 BIG-IP. New Redis signatures.

Signatures for Cisco ASA and FTD. New exploits and detections for Oracle E-Business Suite, Dell UnityVSA, and LG Simple Editor.

Offline scanning support for Censys Platform data. GoAnywhere MFT signatures and queries. New exploits (and more) for Cisco ASDM, Kerio Control, FortiSIEM, and GL.iNet routers.

Queries for new Cisco ASA and Cisco IOS / IOS XE vulnerabilities. New exploits for Cisco Smart Licensing Utility, Flowise AI, and FortiSIEM.

Exploit and detection coverage for FreePBX, FortiSIEM, ARC Solo, and Django

New exploits, queries, and detections for N-Central, Docker Desktop, the FOG Project, and XWiki

New exploits and detections for N-able N-Central, LibreNMS, BentoML, and Shenzhen Aitemi M300 devices.

Three auth bypasses walk into a bar: New exploits and signatures on tap for CrushFTP, Commvault, FortiWeb, Tenda AC20 routers, and WordPress.

New exploits and detections for FortiSIEM, SharePoint, SUSE Manager, Web-Check, and CHCNAV P5E GNSS. New support for legacy Censys queries.

New exploits and detections for WinRAR, ScriptCase, ICTBroadcast, and GeoServer. New signature coverage for Pulse Secure.

NTLM PrivEsc, AI Framework RCE, ScriptCase Bug Chain Part 1, Lighthouse Studio RCE, and XWiki Leaves Us Disappointed

ToolShell and Cisco ISE Updates, New Jenkins and WordPress Plugin Coverage, SQL Server Deserialization, Customer-Requested Signatures, and Expanded Attacker Infrastructure Tracking

Fresh SharePoint & Delta Coverage, Hikvision Gets a Twist, CrushFTP in Progress

From FortiWeb to Exchange: New Exploits and Detections

Citrix, Cisco, SonicWall, Sitecore, Wing FTP, Sante PACS, CWP: We Hit Them All

We’re Gonna Need Pagination for This Changelog

Shells Across the Stack: Windows, vBulletin, and RoundCube

Invision, Infoblox, and vBulletin Walk Into a Changelog

Cisco Rooted, DrayTek Injected, Flowise Twisted, Samsung Popped, and Veeam Remoted

Langflow RCEs, BioTime Raises Eyebrows, VMware Lingers, and Customer Requests Spanning More Than a Decade

Carpe Diem: Seizing the XXEs, RCEs, and Fresh Signatures

This Week’s Exploit and Detections Menu: GeoVision, SysAid, FUXA, and Arcserve

SonicWall SonicBoom, Magnus Billing, Casbin Casdoor, WinZip Local with Sigma, and go-exploit 1.43 Oh My!

New week, new exploits and detections: NetScaler, Commvault, FoxCMS, Craft CMS, and SAP.

Content for Erlang SSH, Apache Parquet, Polkit, and a Windows Vulnerability Exploited in the Wild

A content *bomb* including coverage for Fortinet, Ivanti, GLPI, and Netgear products. A new go-exploit release and SpiceRAT tracking

RCE in Apache Camel, AppSmith, and MajorDoMo. Credential leaks in GLPI.

CrushFTP RCE, Vite & Splunk Information Leaks, and Additional Coverage for Wordpress Plugin Exploited In the Wild

Infosec hyped vulnerabilities: IngressNightmare and Next.js Authentication Bypass. An erroneous CISA ICS Advisory. ManageEngine and Netatalk exploits and more!

Buffer Overflow for Netatalk, VMware vCenter Server OVA Upload, Apache Tomcat Java Deserialization RCE, and continued development of Sitecore exploits.

Exploits for SiteCore, SolarView, and ThinVNC. New Scanners for Sophos UTM. A new go-exploit release and an IP-Intel update.

Delivered exploits and coverage for NAKIVO Backup & Replication information disclosure, MITRE Caldera RCE, Wazuh authenticated RCE, and updated D-Tale exploits to support variants.

New Initial Access Intelligence coverage developed for Xwiki, Cisco RV-Series, D-Tale, and BeyondTrust. New IP-Intel coverage for BeyondTrust Remote Support honeypots.

Major security updates including PAN-OS auth bypass, SonicWall VPN auth bypass, and CyberPanel RCE exploits with comprehensive detection coverage.

Integration of VulnCheck with OpenCTI platform completed. New exploits for Vinchin Backup, Chamilo file upload, and mySCADA PRO vulnerabilities.

Key developments include exploits for RudderStack, NetAlertX, OpenTSDB and Netatalk vulnerabilities. Major updates to go-exploit framework.

Delivered WSO2 account creation exploit, Reposilite directory traversal, and Nexus Repository RCE exploits. Enhanced API capabilities.

Focused on SimpleHelp path traversal, PAN Expedition Spark RCE, and FortiOS auth bypass exploits. Updated exploit catalog metadata.

Focused on Ivanti Connect IF-T buffer overflow, ShowDoc RCE, VoIP Monitor SQLi, and mySCADA PRO info leak exploits. Artica Proxy auth bypass covered.

Major security updates for Apache Tomcat TOCTOU, SoftEther VPN, Jorani leave management system, and CHAOS RAT exploits.

Added tracking for new C2 infrastructure, delivered exploits for Four-Faith routers, Acronis products, and Apache Solr vulnerabilities.

Rapid response for Cleo products, delivered OwnCloud Ghostscript RCE chain, and Cobbler XML-RPC auth bypass. PAN Expedition SQLi covered.

Delivered exploits for Mitel MiCollab file disclosure, OwnCloud Ghostscript RCE, WordPress plugin auth bypass. New syscall reflector tool developed.

Delivered ProjectSend CVE-2024-11680 exploit chain, Alibaba Nacos RCE, and Draytek Vigor vulnerabilities. New fortigate exploit in development.

Developed exploits for Citrix Session Recording, PAN-OS auth bypass chain, and D-Link ShareCenter DNS injection. Major API and tracking updates.

Status update on Fortinet FortiManager auth bypass, delivered detections for Netgear WAX206. Added RedGuard C2 tracking capabilities.

Released exploits for Acronis products, Apache Solr auth bypass, and pgAdmin OAuth2 info disclosure. Enhanced API query capabilities.

Major updates for Spring WebFlux, CyberPanel RCE, Delta Electronics InfraSuite, and FortiOS vulnerabilities. Integration with OpenCTI platform.

Major updates focused on exploits for Palo Alto Expedition chain, LiteSpeed Cache WordPress vulnerabilities, and network detection enhancements.

Added ZoomEye/FOFA queries, delivered exploits for ABB ASPECT, Laravel credential leak, and Magento exploit chain.

Developed Four Faith router exploits, WhatsUp Gold webshell, and discovered Zyxel CPE zero-days. Updated PCAP naming conventions.

Released exploits for AVideo RCE, XWiki RCE, Progress MOVEit Transfer bypass. Enhanced IP Intel with new C2 infrastructure tracking.

Delivered Traccar exploit chain, analyzed D-Link vulnerabilities, and created GLIBC Tunables exploit. Updated IP Intel tracking.

Released exploits for Acronis products, SolarWinds Web Help Desk, and Anyscale Ray vulnerabilities. Enhanced API query capabilities.

Delivered SPIP plugin RCE, Fortra FileCatalyst SQLi, and Exim auth bypass exploits. Added RedGuard C2 redirector tracking.

Released exploits for Ivanti vTM auth bypass, ReCrystallize Server RCE, and Cisco SSM account takeover. Enhanced detection capabilities.

Major updates for Windows RCE, Apache OFBiz, Delta Electronics, and Calibre exploits. Released go-exploit v1.24.0 documentation features.

Released exploits for Bazarr secrets leak, AJ-Report auth bypass, and Ghostscript RCE. Added RunZero integration for go-exploit cache.