Horizon3 Attack Team
@Horizon3Attack
@Horizon3ai Attack Team | Security Research | Exploit Dev | TTPs
Bạn có thể thích
Check out our new deep dive on CVE-2025-66039 and other related CVEs. We found an authentication bypass, multiple SQL injections, and file upload to RCE in FreePBX. horizon3.ai/attack-researc…
horizon3.ai/attack-researc… While investigating prior CISA KEVs effecting N-able N-central, we discovered a series of vulns that would allow an unauth attacker to leak files via XXE, and in most cases, compromise the N-central database. The DB contains AD creds, API keys, SSH keys,…
Our latest disclosures for CVE-2025-8355 and CVE-2025-8356 - discovering a critical RCE in Xerox FreeFlow Core horizon3.ai/attack-researc…
Session keys and passwords aplenty, here’s our deep-dive for CVE-2025-5777, aka CitrixBleed 2. Apart from the normal root-cause analysis, we’ve doubled down on actionable steps to investigate Indicators of Compromise. horizon3.ai/attack-researc…
Checkout our new deep dive on CVE-2025-34508 -- a path traversal vulnerability in #ZendTo. horizon3.ai/attack-researc…
Our latest blog looks at CVE-2025-20188, an arbitrary file upload in #Cisco IOS XE Wireless Controllers due to a hardcoded credential. horizon3.ai/attack-researc…
Check out our latest deep dive into the #Fortinet CVE-2025-32756, a classic buffer overflow! This is being exploited in the wild and was added to the CISA KEV catalog last week. horizon3.ai/attack-researc…
Just finished reproducing CVE-2025-32433 and putting together a quick PoC exploit — surprisingly easy. Wouldn’t be shocked if public PoCs start dropping soon. If you’re tracking this, now’s the time to take action. #Erlang #SSH
We discovered an interesting code injection vulnerability, CVE-2025-3248, affecting #Langflow, a popular agentic AI workflow tool. This enables unauthenticated attackers to fully compromise Langflow servers. horizon3.ai/attack-researc…
Our Indicators of Compromise blog post for CVE-2025-2825, an authentication bypass affecting #CrushFTP. horizon3.ai/attack-researc…
Today, we are disclosing the details of 4 vulns effecting #Ivanti #EPM which allow an unauth attacker to coerce the machine credential of the EPM server to be used in relay attacks. horizon3.ai/attack-researc… Depending on the environment, compromising the EPM server may be…
We disclosed a few vulns last week affecting SimpleHelp's remote support software: ♦️ CVE-2024-57726: Priv esc to admin ♦️ CVE-2024-57727: Unauth arbitrary file download ♦️ CVE-2024-57728: Admin RCE via arbitrary file upload Together these vulns could enable an attacker with…
Our latest post detailing compromising the #PaloAlto #Expedition. While investigating CVE-2024-5910, we discovered and reported 3 additional vulnerabilities allowing an attacker to obtain RCE and leak integration credentials across the ecosystem. horizon3.ai/attack-researc…
Today, we are disclosing the details of CVE-2024-28987, a hardcoded cred vuln affecting #SolarWinds Web Help Desk. It allows attackers to read all help desk tickets, often containing sensitive IT procedures: 🔹User onboarding 🔹Password resets 🔹Shared resource creds…
In our latest post, we investigate the recent #CISA #KEV for CVE-2024-8190: a command injection vulnerability affecting #Ivanti Cloud Service Appliance. horizon3.ai/attack-researc…
CVE-2024-29847, affecting #Ivanti EPM, allows remote unauthenticated attackers to execute arbitrary commands as SYSTEM. Check out our latest deep-dive: horizon3.ai/attack-researc… Credit to @SinSinology for the initial discovery.
United States Xu hướng
- 1. Merry Christmas Eve 50.4K posts
- 2. Spurs 50.1K posts
- 3. #Pluribus 21.3K posts
- 4. Rockets 24.9K posts
- 5. Cooper Flagg 12.7K posts
- 6. UNLV 2,609 posts
- 7. Chet 10.5K posts
- 8. SKOL 1,740 posts
- 9. Ime Udoka N/A
- 10. Dillon Brooks 4,999 posts
- 11. Rosetta Stone N/A
- 12. Mavs 6,372 posts
- 13. #PorVida 1,819 posts
- 14. #VegasBorn N/A
- 15. Yellow 58.5K posts
- 16. Randle 2,700 posts
- 17. Kawhi Leonard 1,241 posts
- 18. connor 154K posts
- 19. Logan's Run N/A
- 20. #ClipperNation N/A
Bạn có thể thích
-
PortSwigger Research
@PortSwiggerRes -
Netlas.io
@Netlas_io -
XSS Payloads
@XssPayloads -
bugcrowd
@Bugcrowd -
d1rkmtr
@d1rkmtr -
Trend Zero Day Initiative
@thezdi -
/r/netsec
@_r_netsec -
starlabs
@starlabs_sg -
x86matthew
@x86matthew -
James Kettle
@albinowax -
Horizon3.ai
@Horizon3ai -
ProjectDiscovery
@pdiscoveryio -
SinSinology
@SinSinology -
PT SWARM
@ptswarm -
ςεяβεяμs - мαℓωαяε яεsεαяςнεя
@c3rb3ru5d3d53c
Something went wrong.
Something went wrong.