Attack surface

A company's attack surface is all the entry points attackers use to gain unauthorized access and compromise systems.

Next.js security alert - how to attack and fix CVE-2025-29927

A single header bypass can compromise your entire Next.js application. Are you at risk? Find out how to fix CVE-2025-29927.

Author(s)

Iulian Tita

Published at: 24 Mar 2025

Buffer Overflows and Authentication Bypasses - exploiting CVE-2025-0282 and CVE-2024-55591

A critical Ivanti flaw lets attackers bypass defenses faster than you can patch. But that's not all. A silent vulnerability lurks in Fortinet, too.

Author(s)

Iulian Tita

Published at: 28 Feb 2025

Cross-site WebSocket hijacking: understanding and exploiting CSWSH

This is an example of why it's worth taking a look in all the "boring" places (think RFC). They just might help you find the vulnerability you've been searching for!

Author(s)

Sacha Iakovenko

Published at: 30 Oct 2024

What is CVE-2024-6387? Understand RegreSSHion, the OpenSSH vulnerability

CVE-2024-6387, aka regreSSHion, is a new critical vulnerability affecting OpenSSH which remote, unauthenticated attackers can use to execute remote code. But there's more to this CVE than meets the eye

Author(s)

David Bors

Published at: 02 Jul 2024

How to conduct a full network vulnerability assessment

The best ethical hackers build and maintain an outstanding workflow and process because it pays off – big time! When you’re always overwhelmed with work, it’s difficult to make time for tweaks and improvements, even if we both know they have compound returns in the long run.

Author(s)

Daniel Bechenea

Published at: 24 Aug 2022

[New feature] Discover your Network’s Attack Surface

What if you could automatically… Get an instant overview of your network perimeter exposure? Find open ports that shouldn’t be publicly accessible at a glance? Detect old and forgotten web technologies from a centralized view?

Author(s)

Ioana Rijnetu

Published at: 18 Sep 2020