All good things must come to an end - will now be at

Our latest @metasploit weekly wrap up details a new module for an unauthenticated remote code execution bug in NetAlertX (CVE-2024-46506 plus more... https://t.co/yAdr37ONSp #infosec #cybersecurity

Our latest @rapid7 analysis details the discovery of a high-severity SQL injection vulnerability, CVE-2025-1094, affecting the PostgreSQL interactive tool psql. More details available in our write-up here: https://t.co/o79UJIkCRM #infosec #cybersecurity H/T @stephenfewer

Today @rapid7 has disclosed CVE-2025-1094, a new PostgreSQL SQLi vuln we discovered while researching CVE-2024-12356 in BeyondTrust Remote Support. Untrusted inputs that have been safely character escaped could still generate SQLi under certain conditions:

Our weekly @metasploit wrap-up details a module which exploits CVE-2018-15745, an unauthenticated directory traversal leading to file disclosure in Argus Surveillance DVR 4.0.0.0. https://t.co/bGM1DRhJ5A #infosec #cybersecurity

Our latest @metasploit weekly wrap up details a new exploit module for Craft CMS, when the attacker can use malicious FTP server to gain remote code execution https://t.co/Ts2ThXvvFy #infosec #cybersecurity

Our latest @Rapid7 analysis details the 2024 #ransomware landscape. Included are the 10 most prolific ransomware groups in 2024, ranked by the number of posts on leak sites. https://t.co/W3wWKHHr35 #infosec #cybersecurity H/T @ChristiaanBeek

Our latest @metasploit weekly wrap-up includes a new module for exploiting CVE-2024-51092, an authenticated command injection in LibreNMS. It allows the attacker to run system commands and gain remote code execution (RCE) https://t.co/8v3SWJjMgx #infosec #cybersecurity

Our latest @metasploit weekly wrap-up includes an exploit module for CVE-2024-55956, an unauthenticated file write vulnerability affecting Cleo LexiCom, VLTrader, and Harmony versions 5.8.0.23 and below. https://t.co/3uF4gu3EhW #infosec #cybersecurity

Our latest @rapid7 analysis details CVE-2024-55591, an authentication bypass vulnerability in FortiOS and FortiProxy https://t.co/zHRVNGeqaP #infosec #0day

Our latest @metasploit weekly wrap up includes multiple new modules including an exploit module for an unauthenticated arbitrary file read vulnerability, tracked as CVE-2024-45309, which affects OneDev versions <= 11.0.8. https://t.co/1LoeFg7HJN #infosec #cybersecurity

Our latest @rapid7 advisory details CVE-2025-0282: Ivanti Connect Secure zero-day which has been exploited in the wild. More details here: https://t.co/iPzl9523TS #infosec #cybersecurity

Our @metasploit 2024 wrap-up details the most notable improvements and modules including expanded support for Active Directory Certificate Services AD CS attacks. More details here: https://t.co/GQaxb3Wr98 #infosec

My latest article is now published on @SCmagazineUK detailing the challenges in dealing with a #ransomware attack, and technical and ethical challenges this poses: https://t.co/nZefqTFiOW #malware #cybersecurity

I enjoyed taking part in this webinar with @Raj_Samani and Sabeen Malik from @rapid7 to discuss our #cybersecurity predictions for 2025. What trends you see happening next year in #cybersecurity ? https://t.co/rxEns7qrqq

Our technical analysis now available @AttackerKb on CVE-2024-53677, a flawed upload logic vuln in Apache Struts 2 which permits an attacker to override internal file upload variables in apps using Apache Struts 2 File Upload Interceptor. https://t.co/ReJPPd3uNV H/T @the_emmons

Now available on @AttackerKb is our @Rapid7 technical analysis of#Cleo CVE-2024-55956 - H/T @stephenfewer this is a new vuln, not a patch bypass of CVE-2024-50623. IoCs included here: https://t.co/Oh9MIin6b9 #infosec

Our latest @metasploit weekly wrap-up details RCEs for Moodle e-Learning platform, Primefaces, WordPress Really Simple SSL and CyberPanel along with two modules to change password through LDAP and SMB. https://t.co/R8K2VZuWIM #infosec

Our latest @rapid7 analysis into a payload from the recent Cleo file transfer vuln reveals an encoded Java Archive payload. Note that this isn’t necessarily the only payload that has or will be deployed https://t.co/z5HfRRQ1b6 H/T @ChristiaanBeek #cybersecurity

Our latest Rapid7 analysis details Widespread exploitation of Cleo file transfer software (CVE-2024-50623) - with links to detection/mitigation guidance included: https://t.co/cIv7axjCNU #infosec #cybersecurity