By Executive Order, We Are Banning Blacklists - Domain-Level RCE in Veeam Backup & Replication (CVE-2025-23120) • BoredReading.com

By Executive Order, We Are Banning Blacklists - Domain-Level RCE in Veeam Backup & Replication (CVE-2025-23120)

from watchTowr Labs [alt+shift+b] in technology

It’s us again! Once again, we hear the collective groans - but we're back and with yet another merciless pwnage of an inspired and clearly comprehensive RCE solution - no, wait, it's another vuln in yet another backup and replication solution.. While we would

a week ago

Remove from reading list Add to reading list [alt+a] Read now [→]

Improve your reading experience

Logged in users get linked directly to articles resulting in a better reading experience. Please login for free, it takes less than 1 minute.

More from watchTowr Labs

Bypassing Authentication Like It’s The ‘90s - Pre-Auth RCE Chain(s) in Kentico Xperience CMS

I recently joined watchTowr, and it is, therefore, time - time for my first watchTowr Labs blogpost, previously teased in a tweet of a pre-auth RCE chain affecting some ‘unknown software’. Joining the team, I wanted to maintain the trail of destruction left by the watchTowr Labs team,

a week ago • 9 votes

The Best Security Is When We All Agree To Keep Everything Secret (Except The Secrets) - NAKIVO Backup & Replication (CVE-2024-48248)

As an industry, we believe that we’ve come to a common consensus after 25 years of circular debates - disclosure is terrible, information is actually dangerous, it’s best that it’s not shared, and the only way to really to ensure that no one ever

4 weeks ago • 16 votes

8 Million Requests Later, We Made The SolarWinds Supply Chain Attack Look Amateur

Surprise surprise, we've done it again. We've demonstrated an ability to compromise significantly sensitive networks, including governments, militaries, space agencies, cyber security companies, supply chains, software development systems and environments, and more. “Ugh, won’t they just stick to creating poor-quality memes?” we

a month ago • 24 votes

Get FortiRekt, I am the Super_Admin Now - FortiOS Authentication Bypass CVE-2024-55591

Welcome to Monday, and what an excitingly fresh start to the week we're all having. Grab your coffee, grab your vodka - we're diving into a currently exploited-in-the-wild critical Authentication Bypass affecting foRtinet's (we are returning the misspelling gesture 🥰) flagship SSLVPN appliance, the

a month ago • 26 votes

More in technology

Ghetto soldering tweezers

[Misc] And other 3D printed accessories

8 hours ago • 2 votes

+ Why don't I post mock ups anymore?

Hey, where did the design concepts go?

23 hours ago • 1 votes

Listen: How the YIMBYs won

My event with Anya Martin (with a brief cameo from Chris Curtis MP!)

17 hours ago • 1 votes

My job doesn't need to exist?

Rands: The Product Engineer You don’t need Product Managers. There. I said it. As someone who just moved into a product management role, you had best believe this line caught my eye. 👀 The post makes some reasonable arguments, although I think a lot of it is an

12 hours ago • 1 votes

How AI Is Built Podcast

Nicolay Gerold interviewed me for his How AI is Built podcast. Our conversation focused on information architecture – with an interesting angle: Nicolay’s audience consists primarily of engineers developing AI products. What can these folks learn from IA to create better AI products? Conversely, what can IAs learn from engineers? And does information architecture matter at all in a world where these technologies exist? Tune in to find out: Spotify Apple Podcasts YouTube

17 hours ago • 1 votes

New here?