Horizon3.ai

RCE flaw in tool for building AI agents exploited by attackers (CVE-2025-3248)

Censys, Don't miss, exploit, Horizon3.ai, Hot stuff, News, PoC, SANS ISC, vulnerability /

RCE flaw in tool for building AI agents exploited by attackers (CVE-2025-3248) 2025-05-06 at 16:19 By Zeljka Zorz A missing authentication vulnerability (CVE-2025-3248) in Langflow, a web application for building AI-driven agents, is being exploited by attackers in the wild, CISA has confirmed by adding it to its Known Exploited Vulnerabilities (KEV) catalog. About CVE-2025-3248 […]

React to this headline:

Loading spinner

RCE flaw in tool for building AI agents exploited by attackers (CVE-2025-3248) Read More »

PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433)

Arctic Wolf Networks, Don't miss, exploit, Horizon3.ai, Hot stuff, News, Platform Security, PoC, ProDefense, Ruhr University Bochum, SSH, vulnerability /

PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433) 2025-04-22 at 15:48 By Zeljka Zorz There are now several public proof-of-concept (PoC) exploits for a maximum-severity vulnerability in the Erlang/OTP SSH server (CVE-2025-32433) unveiled last week. “All users running an SSH server based on the Erlang/OTP SSH library are likely to be affected by

React to this headline:

Loading spinner

PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433) Read More »

PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159)

Don't miss, endpoint management, enterprise, Horizon3.ai, Hot stuff, Ivanti, News, PoC /

PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159) 2025-02-24 at 16:18 By Zeljka Zorz A proof-of-concept (PoC) exploit for four critical Ivanti Endpoint Manager vulnerabilities has been released by Horizon3.ai researchers. The vulnerabilities – CVE-2024-10811, CVE-2024-13161, CVE-2024-13160 and CVE-2024-13159 – may be exploited by remote, unauthenticated attackers to leverage Ivanti EPM machine account credentials

React to this headline:

Loading spinner

PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159) Read More »

SimpleHelp RMM vulnerabilities may have been exploited to breach healthcare orgs

Arctic Wolf Networks, Don't miss, healthcare, Horizon3.ai, Hot stuff, News, remote management, SimpleHelp /

SimpleHelp RMM vulnerabilities may have been exploited to breach healthcare orgs 2025-01-30 at 17:16 By Zeljka Zorz Attackers may have leveraged vulnerabilities in the SimpleHelp remote monitoring and management solution to gain initial access to healthcare organizations. About the vulnerabilities On January 13, 2025, Horizon3.ai researchers revealed their discovery of three vulnerabilities affecting SimpleHelp’s server

React to this headline:

Loading spinner

SimpleHelp RMM vulnerabilities may have been exploited to breach healthcare orgs Read More »

Critical SimpleHelp vulnerabilities fixed, update your server instances!

Don't miss, enterprise, Horizon3.ai, Hot stuff, News, remote access, SimpleHelp, SMBs, software, tech support, vulnerability /

Critical SimpleHelp vulnerabilities fixed, update your server instances! 2025-01-16 at 17:04 By Zeljka Zorz If you’re an organization using SimpleHelp for your remote IT support/access needs, you should update or patch your server installation without delay, to fix security vulnerabilities that may be exploited by remote attackers to execute code on the underlying host. About

React to this headline:

Loading spinner

Critical SimpleHelp vulnerabilities fixed, update your server instances! Read More »

Infosec products of the month: December 2024

Appdome, Cato Networks, Datadog, Fortinet, GitGuardian, Horizon3.ai, Netwrix, News, Radiant Logic, RunSafe Security, SecureAuth, Stairwell, Stamus Networks, Sweet Security, Tenable, Trellix, Versa Networks, Veza /

Infosec products of the month: December 2024 2024-12-27 at 06:03 By Help Net Security Here’s a look at the most interesting products from the past month, featuring releases from: Appdome, Cato Networks, Datadog, Fortinet, GitGuardian, Horizon3.ai, Netwrix, Radiant Logic, RunSafe Security, SecureAuth, Stairwell, Stamus Networks, Sweet Security, Tenable, Trellix, Versa Networks, and Veza. GitGuardian launches

React to this headline:

Loading spinner

Infosec products of the month: December 2024 Read More »

New infosec products of the week: December 13, 2024

Cato Networks, Horizon3.ai, News, SecureAuth, Stamus Networks, Trellix, Versa Networks /

New infosec products of the week: December 13, 2024 2024-12-13 at 06:04 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from Cato Networks, Horizon3.ai, SecureAuth, Stamus Networks, Trellix, and Versa Networks. Trellix Drive Encryption enhances security against insider attacks Trellix Drive Encryption offers enhanced security

React to this headline:

Loading spinner

New infosec products of the week: December 13, 2024 Read More »

Horizon3.ai NodeZero Insights enables executives to visualize changes in their security posture

Horizon3.ai, Industry news /

Horizon3.ai NodeZero Insights enables executives to visualize changes in their security posture 2024-12-10 at 16:19 By Industry News Horizon3.ai launched NodeZero Insights, a platform designed for security leaders, CIOs, CISOs and practitioners. This new solution delivers real-time dashboards to measure, track and strengthen an organization’s security posture over time. NodeZero Insights provides the clarity and

React to this headline:

Loading spinner

Horizon3.ai NodeZero Insights enables executives to visualize changes in their security posture Read More »

Palo Alto Networks firewalls, Expedition under attack (CVE-2024-9463, CVE-2024-9465)

Censys, CISA, configuration management, Don't miss, enterprise, firewall, Horizon3.ai, Hot stuff, News, Palo Alto Networks /

Palo Alto Networks firewalls, Expedition under attack (CVE-2024-9463, CVE-2024-9465) 2024-11-15 at 13:16 By Zeljka Zorz Attackers have been spotted exploiting two additional vulnerabilities (CVE-2024-9463, CVE-2024-9465) in Palo Alto Networks’ Expedition firewall configuration migration tool, CISA has confirmed on Thursday. About the vulnerabilities (CVE-2024-9463, CVE-2024-9465) CVE-2024-9463 allows unauthenticated attackers to run arbitrary OS commands as root

React to this headline:

Loading spinner

Palo Alto Networks firewalls, Expedition under attack (CVE-2024-9463, CVE-2024-9465) Read More »

Critical Palo Alto Networks Expedition bug exploited (CVE-2024-5910)

CVE, Don't miss, Horizon3.ai, Hot stuff, News, Palo Alto Networks, PoC, vulnerability /

Critical Palo Alto Networks Expedition bug exploited (CVE-2024-5910) 2024-11-08 at 13:36 By Zeljka Zorz A vulnerability (CVE-2024-5910) in Palo Alto Networks Expedition, a firewall configuration migration tool, is being exploited by attackers in the wild, the Cybersecurity and Infrastructure Security Agency (CISA) confirmed on Thursday. About CVE-2024-5910 Unearthed and reported by Brian Hysell of Synopsys

React to this headline:

Loading spinner

Critical Palo Alto Networks Expedition bug exploited (CVE-2024-5910) Read More »

PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987)

CVE, Don't miss, education, enterprise, Government, Horizon3.ai, Hot stuff, MSP, News, PoC, SMBs, SolarWinds, vulnerability /

PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987) 2024-09-25 at 17:17 By Zeljka Zorz Details about and proof-of-concept (PoC) exploit code for CVE-2024-28987, a recently patched SolarWinds Web Help Desk (WHD) vulnerability that could be exploited by unauthenticated attackers to remotely read and modify all help desk ticket details, are now public. “When

React to this headline:

Loading spinner

PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987) Read More »

PoC exploit for exploited Ivanti Cloud Services Appliance flaw released (CVE-2024-8190)

CVE, Don't miss, enterprise, Horizon3.ai, Hot stuff, Ivanti, News, PoC, secure communications, vulnerability /

PoC exploit for exploited Ivanti Cloud Services Appliance flaw released (CVE-2024-8190) 2024-09-17 at 13:02 By Zeljka Zorz CVE-2024-8190, an OS command injection vulnerability in Ivanti Cloud Services Appliance (CSA) v4.6, is under active exploitation. Details about the attacks are still unknown, but there may be more in the near future: Horizon3.ai researchers have published their

React to this headline:

Loading spinner

PoC exploit for exploited Ivanti Cloud Services Appliance flaw released (CVE-2024-8190) Read More »

PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992)

CVE, Don't miss, enterprise, exploit, Fortinet, Horizon3.ai, Hot stuff, News, PoC, vulnerability /

PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992) 2024-05-29 at 13:01 By Zeljka Zorz Horizon3.ai researches have released proof-of-concept (PoC) exploits for CVE-2024-23108 and CVE-2023-34992, vulnerabilities that allow remote, unauthenticated command execution as root on certain Fortinet FortiSIEM appliances. CVE confusion FortiSIEM helps customers build an inventory of their organization’s assets, it

React to this headline:

Loading spinner

PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992) Read More »

HHS pledges $50M for autonomous vulnerability management solution for hospitals

CISA, Don't miss, healthcare, Horizon3.ai, Hot stuff, News, patching, Ransomware, vulnerability management /

HHS pledges $50M for autonomous vulnerability management solution for hospitals 2024-05-23 at 10:18 By Zeljka Zorz As organizations in the healthcare sector continue to be a prime target for ransomware gangs and CISA warns about a vulnerability (CVE-2023-43208) in a healthcare-specific platform being leveraged by attackers, the Advanced Research Projects Agency for Health (ARPA-H) has

React to this headline:

Loading spinner

HHS pledges $50M for autonomous vulnerability management solution for hospitals Read More »

Critical FortiClient EMS vulnerability fixed, (fake?) PoC for sale (CVE-2023-48788)

Don't miss, endpoint management, Fortinet, Horizon3.ai, Hot stuff, News, PoC, SANS ISC, vulnerability /

Critical FortiClient EMS vulnerability fixed, (fake?) PoC for sale (CVE-2023-48788) 2024-03-14 at 16:36 By Zeljka Zorz A recently fixed SQL injection vulnerability (CVE-2023-48788) in Fortinet’s FortiClient Endpoint Management Server (EMS) solution has apparently piqued the interest of many: Horizon3’s Attack Team means to publish technical details and a proof-of-concept exploit for it next week, and

React to this headline:

Loading spinner

Critical FortiClient EMS vulnerability fixed, (fake?) PoC for sale (CVE-2023-48788) Read More »

White House: Use memory-safe programming languages to protect the nation

critical infrastructure, Don't miss, Government, Honeywell, Horizon3.ai, Hot stuff, News, programming, software development, Trail of Bits, USA /

White House: Use memory-safe programming languages to protect the nation 2024-02-27 at 16:31 By Zeljka Zorz The White House is asking the technical community to switch to using memory-safe programming languages – such as Rust, Python, Swift, C#, Java, and Go – to prevent memory corruption vulnerabilities from entering the digital ecosystem. According to a

React to this headline:

Loading spinner

White House: Use memory-safe programming languages to protect the nation Read More »

PoC exploit for easily exploitable Fortra GoAnywhere MFT vulnerability released (CVE-2024-0204)

Don't miss, enterprise, file-sharing, Fortra, Horizon3.ai, Hot stuff, News, PoC, Shodan, SMBs, Tenable, vulnerability /

PoC exploit for easily exploitable Fortra GoAnywhere MFT vulnerability released (CVE-2024-0204) 2024-01-24 at 15:32 By Zeljka Zorz Proof-of-concept (PoC) exploit code for a critical vulnerability (CVE-2024-0204) in Fortra’s GoAnywhere MFT solution has been made public, sparking fears that attackers may soon take advantage of it. Fortra’s GoAnywhere MFT is a web-based managed file transfer solution

React to this headline:

Loading spinner

PoC exploit for easily exploitable Fortra GoAnywhere MFT vulnerability released (CVE-2024-0204) Read More »

PaperCut fixes bug that can lead to RCE, patch quickly! (CVE-2023-39143)

Don't miss, Horizon3.ai, News, security update, Tenable, Trend Micro, vulnerability /

PaperCut fixes bug that can lead to RCE, patch quickly! (CVE-2023-39143) 07/08/2023 at 13:48 By Zeljka Zorz Horizon3.ai researchers have published some details (but no PoC for now, thankfully!) about CVE-2023-39143, two vulnerabilities in PaperCut application servers that could be exploited by unauthenticated attackers to execute code remotely. But, they noted, unlike the PaperCut vulnerability

React to this headline:

Loading spinner

PaperCut fixes bug that can lead to RCE, patch quickly! (CVE-2023-39143) Read More »

PoC exploit for exploited MOVEit vulnerability released (CVE-2023-34362)

data theft, Don't miss, exploit, extortion, Horizon3.ai, Hot stuff, Huntress, News, PoC, Progress, Rapid7, UK, USA /

PoC exploit for exploited MOVEit vulnerability released (CVE-2023-34362) 13/06/2023 at 14:18 By Zeljka Zorz As more victim organizations of Cl0p gang’s MOVEit rampage continue popping up, security researchers have released a PoC exploit for CVE-2023-34362, the RCE vulnerability exploited by the Cl0p cyber extortion group to plunder confidential data. CVE-2023-34362 PoC exploit released Horizon3 security

React to this headline:

Loading spinner

PoC exploit for exploited MOVEit vulnerability released (CVE-2023-34362) Read More »

Scroll to Top