A technical analysis of a vulnerability in CyberPanel, a Pre-Auth Root RCE, including confirmed exploitation paths, investigated components, and research methodology findings.

Product

Revamped Search, new detection capabilities, actively exploited CVEs and much more.

The latest releases introduces a revamped search UI, new detection capabilities, attack surface & inventory performance improvements, plus much more.

Tue 22 October 2024

Security

Defending Against GraphQL Attacks: A Deep Dive into Common Vulnerabilities

This article is an in-depth look at the most common GraphQL vulnerabilities, why they occur, and how they can be mitigated.

Mon 21 October 2024

Security

Assessing the Large-Scale Exposure of CUPS Vulnerabilities: Chained CVEs Leading to Remote Code Execution

This article assesses the large-scale exposure of systems to multiple CVEs affecting the CUPS printing service, which can be chained together to achieve unauthenticated remote code execution (RCE). We provide an overview of how these vulnerabilities, including CVE-2024-47176, work in tandem, walking through the exploit flow. Additionally, we analyze how many systems are potentially vulnerable and highlight a unique behavior observed during testing.

Wed 16 October 2024

The Threat Center provides essential updates for organizations to stay informed about security threats, offering actionable intelligence and detailed asset information to help users proactively protect their systems.

An in-depth look at the CVE-2024-47374 vulnerability affecting LiteSpeed Cache plugin for WordPress, its impact, and a technical breakdown of our detection method.

Latest posts

HTTP2, Private Custom Checks, actively exploited CVE and much more.

The latest releases introduce HTTP/2 support, improve UI and detection, enhance privacy and security measures, and update custom checks and analysis environments for better performance.

Mon 07 October 2024

Actively Exploited CVE-2022-21445, Deep Dive

The article delves into the technical details of this CVE, its potential impact, and the methods used to detect and exploit it.

Wed 25 September 2024

Unraveling the VigorConnect Vulnerability: A Journey of Discovery and Correction

The article uncovers an Arbitrary File Read vulnerability in VigorConnect that lets attackers access sensitive files. The issue originates from improper input validation in file handling methods.

Thu 12 September 2024

Enhanced Vulnerability Detection, Expanded Features, and Critical Fixes

This update introduces enhanced vulnerability detection with AI improvements, new UI features, expanded support for asset types, upgraded network interception, and broader CVE coverage, alongside several bug fixes and optimizations across scanning, fingerprinting, and GitHub Actions.

Mon 09 September 2024

OXO Titan, Support for CVSS4, and Attack Surface search with certificates

Our latest release features a new OnPrem UI, better PDF Reports with insightful graphs, support for CVSS4, plus much more.

Wed 28 August 2024

OXO Titan UI: Simplifying Security Scanning for Everyone

OXO Titan UI encapsulates OXO's capabilities within an accessible interface, democratizing advanced security scanning techniques. This article explores OXO Titan's journey from concept to reality, highlighting its key features and presenting a practical user workflow example.

Mon 26 August 2024

Privacy Compliance Testing, Fingerprint detection, and User Experience Enhancements

Dive into our latest release featuring the introduction of Privacy Compliance Testing, new detection of several fingerprints, and User Experience Enhancements.

Mon 12 August 2024

Threat Center, Account Security Enhancements, and added detection

Dive into our latest release featuring the introduction of a Threat Center, enhanced account security, and new detection.

Mon 05 August 2024


Previous
1 of 14