Our latest disclosures for CVE-2025-8355 and CVE-2025-8356 - discovering a critical RCE in Xerox FreeFlow Core https://t.co/GOyasjmYCa

Happy Friday! We're ending the week by publishing our analysis of Fortinet's FortiWeb CVE-2025-25257.... https://t.co/p8v99cD5LG

Session keys and passwords aplenty, here’s our deep-dive for CVE-2025-5777, aka CitrixBleed 2. Apart from the normal root-cause analysis, we’ve doubled down on actionable steps to investigate Indicators of Compromise. https://t.co/fTfaW1DbJG

CVE-2025-5777, aka #CitrixBleed 2, allows leaking of memory in the response which can allow for compromising session tokens, and other sensitive information. A deep-dive to follow next week.

Checkout our new deep dive on CVE-2025-34508 -- a path traversal vulnerability in #ZendTo. https://t.co/2NY1YdWiks

Our latest blog looks at CVE-2025-20188, an arbitrary file upload in #Cisco IOS XE Wireless Controllers due to a hardcoded credential. https://t.co/XTG5PmnoVh

Check out our latest deep dive into the #Fortinet CVE-2025-32756, a classic buffer overflow! This is being exploited in the wild and was added to the CISA KEV catalog last week. https://t.co/HYNCsIPkMl

Just finished reproducing CVE-2025-32433 and putting together a quick PoC exploit — surprisingly easy. Wouldn’t be shocked if public PoCs start dropping soon. If you’re tracking this, now’s the time to take action. #Erlang #SSH

We discovered an interesting code injection vulnerability, CVE-2025-3248, affecting #Langflow, a popular agentic AI workflow tool. This enables unauthenticated attackers to fully compromise Langflow servers. https://t.co/o3YQ3fE4XR

Our Indicators of Compromise blog post for CVE-2025-2825, an authentication bypass affecting #CrushFTP. https://t.co/1F0WfFhwlA

New from @Horizon3Attack: There's now a Rapid Response test in #NodeZero for CVE-2025-1974. Affecting #Kubernetes clusters using NGINX Ingress controllers, this vulnerability can allow an unauthenticated attacker with access to the pod network to achieve arbitrary code execution.

🚨 New GreyNoise Tag Alert: We've added a fresh tag tracking CrushFTP Authentication Bypass (CVE-2025-2825) exploitation attempts. Thanks to @Horizon3ai for the intel! Dive into the details:

Confirmed! In his #Pwn2Own debut Evan Grant (@stargravy) used an OS command injection bug to exploit the Kenwood DMX958XR in the last attempt of the contest. His unique approach earns him $10,000 and 2 Master of Pwn points. #P2OAuto

Whew! Evan Grant (@stargravy) needed all but five minutes of his attempt, but he successfully exploited the Kenwood DMX958XR using only his hands, which now must be registered under the Wassenaar arrangement. #Pwn2Own #P2OAuto

Nice! Tenable Researcher used their second attempt to compromise the Lorex 2K Indoor Wi-Fi in the most subtle of way. They head off to the disclosure room with the details. #Pwn2Own #P2OIreland

This was the last thing I found / worked on while still at Tenable. A fun SSRF via Microsoft Copilot Studio leading to a critical info disclosure (CVE-2024-38206). Thanks to @DinoBytes and the team for helping get this one out. https://t.co/VExmmKYgvE

"The Last Breath of Our Netgear RAX30 Bugs - A Tragic Tale before Pwn2Own Toronto 2022" by our intern @lanleft_ & her mentor @hi_im_d4rkn3ss Thanks to @bruce30262 for proof-reading it https://t.co/dxy6ooj4zB Sadly the bugs died during registration. :(

For those interested in #Pwn2Own Toronto, please be aware that #Netgear and others have updated. Now is a good time to check and make sure your exploit still hits. We know some entries have been patched out. May the odds be ever in your favor.

Last minute hotfix for a pwn2own target that literally prevents the device from getting a WAN address might just be more hilarious than it is frustrating. 😆