Latest Updates

All the latest VulnCheck news, straight from the team.

Tags:

November 26, 2024

ProjectSend CVE-2024-11680 Exploited in the Wild

VulnCheck discovers evidence that ProjectSend has been exploited in the wild and assigns CVE-2024-11680

November 22, 2024

Exploring CISA’s 2023 Top Routinely Exploited Vulnerabilities

In September, VulnCheck identified evidence of 78 CVEs that were publicly disclosed for the first time as exploited in the wild.

October 22, 2024

Bring VulnCheck Anywhere w/ VulnCheck CLI

VulnCheck delivers intelligence to the command line with VulnCheck’s new open source tool, VulnCheck CLI.

September 17, 2024

5 Ways to Enhance Your Security Product Offering with VulnCheck

Discover 5 ways VulnCheck enhances your security product offering with real-time intelligence, detection capabilities, and expanded vulnerability visibility.

July 25, 2024

VulnCheck go-exploit Goes Scanless

Demonstrating the new scanless feature in the go-exploit exploit framework.

February 21, 2024

re: Zyxel VPN Series Pre-auth Remote Command Execution

VulnCheck uncovers the truth behind the recently published Zyxel pre-auth remote code execution: limited to specific configurations, limitations on repeated exploitation, and no evidence of active exploitation.

February 2, 2024

There Are Too Many Damn Honeypots

VulnCheck faces a horde of honeypots while assessing the potential impact of Atlassian Confluence's CVE-2023-22527. This blog delves into Shodan queries to filter out honeypots and uncover the actual on-premise Confluence install base.

January 18, 2024

7777-Botnet Infection Vectors

VulnCheck recently announced an IP Intelligence product that tracks attacker command & control (C2) infrastructure, as well as internet-facing potentially vulnerable systems. Using this data, we’ll explore the vulnerabilities that the 7777-Botnet is likely using to infect new hosts.

October 13, 2023

Looking for CVE-2023-43261 in the Real World

VulnCheck was excited to breach ICS networks when CVE-2023-43261 was first disclosed. However, there is more to this than the CVE description would lead you to believe. Follow VulnCheck’s journey from CVE description to exploitation in the wild

September 5, 2023

Exposing RocketMQ CVE-2023-33246 Payloads

VulnCheck demonstrates the use of the RocketMQ remoting protocol to retrieve the broker configuration file, and shares attacker payloads used in the wild for exploitation with CVE-2023-33246.

March 23, 2023

Joomla! CVE-2023-23752 to Code Execution

CVE-2023-23752 is an information leak affecting Joomla! 4.0 - 4.7. How can an attacker use this vulnerability to achieve code execution? How many internet-facing systems are at risk?

February 21, 2023

Assessing Potential Exploitation of Grafana's CVE-2021-43798 for Initial Access

Examining previous exploits for Grafana's CVE-2021-43798 and looking for a path to establish initial access.

December 21, 2022

GLPI Exploitation Timeline

Taking a look at the timeline leading up to exploitation of CVE-2022-35914 and the current state of attacks in the wild.

November 30, 2022

Xiongmai IoT Exploitation

An examination of vulnerabilities affecting Xiongmai IoT devices, including exploit development and an analysis of exploitation in the wild.

Ready to get started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence directly into the tools, processes, programs, and systems that need it to outpace adversaries.