Latest Updates

VulnCheck integrates with OpenCTI - an open-source Threat Intelligence Platform by Filigran

VulnCheck identifies an unauthenticated remote code execution in the BigAnt chat server

Late last week, chat logs from Black Basta became available, offering rare insight into the operations of one of the most infamous ransomware groups. This research focuses on the vulnerabilities and CVEs mentioned in these logs, with the goal of providing defenders with actionable intelligence on the tactics of Black Basta.

VulnCheck now provides automated SSVC decisions for federal and enterprise agencies.

As a follow-up to our previous Zyxel Telnet Vulnerabilities blog, VulnCheck examines CVE-2024-40890, a recently disclosed vulnerability in the HTTP interface of many end-of-life Zyxel CPE routers.

VulnCheck and partner GreyNoise discovered Zyxel-related vulnerabilities being targeted in the wild. In this blog, VulnCheck describes the vulnerabilities CVE-2024-40891 and CVE-2025-0890.

In September, VulnCheck identified evidence of 78 CVEs that were publicly disclosed for the first time as exploited in the wild.

VulnCheck's new update enhances our CVE pages bringing actionable threat intelligence to the forefront.

In 2024, VulnCheck's Initial Access Intelligence (IAI) team delivered custom exploits and detection artifacts for 169 CVEs. Among these, 99 CVEs (58.6%) were actively exploited in the wild.

VulnCheck discovers that a new vulnerability affecting Four-Faith industrial routers has been exploited in the wild

VulnCheck discovers evidence that ProjectSend has been exploited in the wild and assigns CVE-2024-11680

We explore two key vulnerabilities in ABB's building automation and energy management software, ABB Cylon Aspect.

VulnCheck uncovers the truth behind the recently published Zyxel pre-auth remote code execution: limited to specific configurations, limitations on repeated exploitation, and no evidence of active exploitation.

VulnCheck bypasses the Apache OFBiz Groovy sandbox to land a memory resident reverse shell.

Log4Shell was proclaimed one of the most critical vulnerabilities, but in this blog, VulnCheck challenges that perspective, revealing the limited number of vulnerable systems still present two years after the initial disclosure.

VulnCheck finds a new way to exploit ActiveMQ CVE-2023-46604 that allows the attacker to hide in memory and avoid process-based detections.

VulnCheck was excited to breach ICS networks when CVE-2023-43261 was first disclosed. However, there is more to this than the CVE description would lead you to believe. Follow VulnCheck’s journey from CVE description to exploitation in the wild

Learn about VulnCheck's development of an exploit for CVE-2023-36845, leading to stealthy code execution on Juniper firewalls, while also assessing the prevalence of unpatched systems in the wild.

VulnCheck demonstrates the use of the RocketMQ remoting protocol to retrieve the broker configuration file, and shares attacker payloads used in the wild for exploitation with CVE-2023-33246.

CVE-2023-32315 was first exploited in the wild in June 2023. However, VulnCheck has discovered an new approach to exploiting this vulnerability, streamlining the attack process and adeptly bypassing the generation of log entries. In addition, VulnCheck analyzes the remaining indicators of compromise and shares network detections.

VulnCheck develops an exploit that gets a root shell on MikroTik RouterOS.

Public exploits and detections for CVE-2023-27350 focus on code execution using the PaperCut print scripting interface. In this blog, VulnCheck shares a new code execution vector and demonstrates how existing detections aren't robust enough to flag the new activity.

CVE-2023-1671 is a pre-authenticated command injection in Sophos Web Appliance. In this blog post, VulnCheck researchers analyze the vulnerability and develop a proof of concept (PoC) for it.

In search of an interesting new detail about CVE-2022-1388, VulnCheck researchers pore over open source intelligence. The researchers detail exploit variants, find signature bypasses, and publish a novel exploit variant.

CVE-2023-23752 is an information leak affecting Joomla! 4.0 - 4.7. How can an attacker use this vulnerability to achieve code execution? How many internet-facing systems are at risk?

Examining previous exploits for Grafana's CVE-2021-43798 and looking for a path to establish initial access.

Exploring a memory resident payload for CVE-2022-47966.

Sophos Firewalls were exploited using CVE-2022-3236 in September, 2022. Few details have been published about this vulnerability. In this blog, we look at log entries the exploit creates and determine how many vulnerable internet-facing firewalls still exist.

Taking a look at the timeline leading up to exploitation of CVE-2022-35914 and the current state of attacks in the wild.