Fire In The Hole, We’re Breaching The Vault - Commvault Remote Code Execution (CVE-2025-34028) • BoredReading.com

As we pack our bags and prepare for the adult-er version of BlackHat (that apparently doesn’t require us to print out stolen mailspoolz to hand to people at their talks), we want to tell you about a recent adventure - a heist, if you will. No heist story

2 weeks ago

Remove from reading list Add to reading list [alt+a] Read now [→]

Improve your reading experience

Logged in users get linked directly to articles resulting in a better reading experience. Please login for free, it takes less than 1 minute.

More from watchTowr Labs

SysOwned, Your Friendly Support Ticket - SysAid On-Premise Pre-Auth RCE Chain (CVE-2025-2775 And Friends)

It’s… another week, and another vendor who is apparently experienced with ransomware gangs but yet struggles with email. In what we've seen others term "the watchTowr treatment", we are once again (surprise, surprise) disclosing vulnerability research that allowed us to gain pre-authenticated Remote

3 days ago • 1 votes

SonicBoom, From Stolen Tokens to Remote Shells - SonicWall SMA (CVE-2023-44221, CVE-2024-38475)

Another day, another edge device being targeted - it’s a typical Thursday! In today’s blog post, we’re excited to share our previously private analysis of the now exploited in-the-wild N-day vulnerabilities affecting SonicWall’s SMA100 appliance. Over the last few months, our client

a week ago • 1 votes

Is The Sofistication In The Room With Us? - X-Forwarded-For and Ivanti Connect Secure (CVE-2025-22457)

What's that Skippy? Another Ivanti Connect Secure vulnerability? At this point, regular readers will know all about Ivanti (and a handful of other vendors of the same class of devices), from our regular analysis. Do you know the fun things about these posts? We can copy text from

a month ago • 20 votes

XSS To RCE By Abusing Custom File Handlers - Kentico Xperience CMS (CVE-2025-2748)

We know what you’re waiting for - this isn’t it. Today, we’re back with more tales of our adventures in Kentico’s Xperience CMS. Due to it’s wide usage, the type of solution, and the types of enterprises using this solution

a month ago • 26 votes

More in technology

Odds and Ends #67: Why Starmer should follow Trump's communications strategy

Plus why AI environmental claims are basically nonsense.

16 hours ago • 3 votes

Code Matters

It looks like the code that the newly announced Figma Sites is producing isn’t the best. There are some cool Figma-to-WordPress workflows; I hope Sites gets more people exploring those options.

6 hours ago • 2 votes

What got you here…

John Siracusa: Apple Turnover From virtue comes money, and all other good things. This idea rings in my head whenever I think about Apple. It’s the most succinct explanation of what pulled Apple from the brink of bankruptcy in the 1990s to its astronomical success today. Don’

7 hours ago • 2 votes

A single RGB camera turns your palm into a keyboard for mixed reality interaction

Interactions in mixed reality are a challenge. Nobody wants to hold bulky controllers and type by clicking on big virtual keys one at a time. But people also don’t want to carry around dedicated physical keyboard devices just to type every now and then. That’s why a team of computer scientists from China’s Tsinghua University […] The post A single RGB camera turns your palm into a keyboard for mixed reality interaction appeared first on Arduino Blog.

8 hours ago • 2 votes

Nintendo's financial results are actually pretty interesting

Nintendo's fiscal year just ended on March 31, and their annual results report has some goodies in there I thought were worth shouting out. First up, the company made a lot less money than in the previous year, with 30% lower revenue and 46% lower profits. As someone

2 days ago • 3 votes

New here?