Full Width [alt+shift+f] Shortcuts [alt+shift+k]
Sign Up [alt+shift+s] Log In [alt+shift+l]
Articles [alt+h] Reading List [alt+r] [alt+s]

watchTowr Labs

Visit Blog

Sort By

Popular [alt+1] Recent [alt+2]

Change View

List View [alt+w] Expanded [alt+e]
watchTowr Labs
Backdooring Your Backdoors - Another $20 Domain, More Governments After the excitement of our .MOBI research, we were left twiddling our thumbs. As you may recall, in...
2 months ago
49

Backdooring Your Backdoors - Another $20 Domain, More Governments

from watchTowr Labs [alt+shift+b] in technology

2 months ago
After the excitement of our .MOBI research, we were left twiddling our thumbs. As you may recall, in 2024, we demonstrated the impact of an unregistered domain when we subverted the TLS/SSL CA process for verifying domain ownership to give ourselves the ability to issue valid and...
Direct Link [→] Remove from reading list Add to reading list [alt+a]
upvote [alt+ctrl+↑] downvote [alt+ctrl+↓]
watchTowr Labs
Do Secure-By-Design Pledges Come With Stickers? - Ivanti Connect Secure RCE (CVE-2025-0282) Did you have a good break? Have you had a chance to breathe? Wake up. It’s 2025, and the chaos...
2 months ago
40

Do Secure-By-Design Pledges Come With Stickers? - Ivanti Connect Secure RCE (CVE-2025-0282)

from watchTowr Labs [alt+shift+b] in technology

2 months ago
Did you have a good break? Have you had a chance to breathe? Wake up. It’s 2025, and the chaos continues. Haha, see what we did? We wrote the exact same thing in 2024 because 2024 was exactly the same. As an industry, we are on GroundHog day
Direct Link [→] Remove from reading list Add to reading list [alt+a]
upvote [alt+ctrl+↑] downvote [alt+ctrl+↓]
watchTowr Labs
Exploitation Walkthrough and Techniques - Ivanti Connect Secure RCE (CVE-2025-0282) As we saw in our previous blogpost, we fully analyzed Ivanti’s most recent unauthenticated Remote...
2 months ago
38

Exploitation Walkthrough and Techniques - Ivanti Connect Secure RCE (CVE-2025-0282)

from watchTowr Labs [alt+shift+b] in technology

2 months ago
As we saw in our previous blogpost, we fully analyzed Ivanti’s most recent unauthenticated Remote Code Execution vulnerability in their Connect Secure (VPN) appliance. Specifically, we analyzed CVE-2025-0282. Today, we’re going to walk through exploitation. Once again, however,...
Direct Link [→] Remove from reading list Add to reading list [alt+a]
upvote [alt+ctrl+↑] downvote [alt+ctrl+↓]
watchTowr Labs
Cleo Harmony, VLTrader, and LexiCom - RCE via Arbitrary File Write (CVE-2024-50623) We were having a nice uneventful week at watchTowr, when we got news of some ransomware operators...
3 months ago
34

Cleo Harmony, VLTrader, and LexiCom - RCE via Arbitrary File Write (CVE-2024-50623)

from watchTowr Labs [alt+shift+b] in technology

3 months ago
We were having a nice uneventful week at watchTowr, when we got news of some ransomware operators using a zero-day exploit in Cleo MFT software - namely, LexiCom, VLTransfer, and Harmony - applications that many large enterprises rely on to share files securely. Cleo have a...
Direct Link [→] Remove from reading list Add to reading list [alt+a]
upvote [alt+ctrl+↑] downvote [alt+ctrl+↓]
watchTowr Labs
Get FortiRekt, I am the Super_Admin Now - FortiOS Authentication Bypass CVE-2024-55591 Welcome to Monday, and what an excitingly fresh start to the week we're all having. Grab your...
a month ago
26

Get FortiRekt, I am the Super_Admin Now - FortiOS Authentication Bypass CVE-2024-55591

from watchTowr Labs [alt+shift+b] in technology

a month ago
Welcome to Monday, and what an excitingly fresh start to the week we're all having. Grab your coffee, grab your vodka - we're diving into a currently exploited-in-the-wild critical Authentication Bypass affecting foRtinet's (we are returning the misspelling gesture 🥰) flagship...
Direct Link [→] Remove from reading list Add to reading list [alt+a]
upvote [alt+ctrl+↑] downvote [alt+ctrl+↓]
watchTowr Labs
Where There’s Smoke, There’s Fire - Mitel MiCollab CVE-2024-35286, CVE-2024-41713 And An 0day It is not just APTs that like to target telephone systems, but ourselves at watchTowr too. We can't...
3 months ago
25

Where There’s Smoke, There’s Fire - Mitel MiCollab CVE-2024-35286, CVE-2024-41713 And An 0day

from watchTowr Labs [alt+shift+b] in technology

3 months ago
It is not just APTs that like to target telephone systems, but ourselves at watchTowr too. We can't overstate the consequences of an attacker crossing the boundary from the 'computer system' to the 'telephone system'. We've seen attackers realise this in 2024,
Direct Link [→] Remove from reading list Add to reading list [alt+a]
upvote [alt+ctrl+↑] downvote [alt+ctrl+↓]
watchTowr Labs
8 Million Requests Later, We Made The SolarWinds Supply Chain Attack Look Amateur Surprise surprise, we've done it again. We've demonstrated an ability to compromise significantly...
a month ago
24

8 Million Requests Later, We Made The SolarWinds Supply Chain Attack Look Amateur

from watchTowr Labs [alt+shift+b] in technology

a month ago
Surprise surprise, we've done it again. We've demonstrated an ability to compromise significantly sensitive networks, including governments, militaries, space agencies, cyber security companies, supply chains, software development systems and environments, and more. “Ugh, won’t...
Direct Link [→] Remove from reading list Add to reading list [alt+a]
upvote [alt+ctrl+↑] downvote [alt+ctrl+↓]
watchTowr Labs
Hop-Skip-FortiJump-FortiJump-Higher - Fortinet FortiManager CVE-2024-47575 It’s been a tricky time for Fortinet (and their customers) lately - arguably, even more so than...
4 months ago
22

Hop-Skip-FortiJump-FortiJump-Higher - Fortinet FortiManager CVE-2024-47575

from watchTowr Labs [alt+shift+b] in technology

4 months ago
It’s been a tricky time for Fortinet (and their customers) lately - arguably, even more so than usual. Adding to the steady flow of vulnerabilities in appliances recently was a nasty CVSS 9.8 vulnerability in FortiManager, their tool for central management of FortiGate...
Direct Link [→] Remove from reading list Add to reading list [alt+a]
upvote [alt+ctrl+↑] downvote [alt+ctrl+↓]
watchTowr Labs
Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474 It'll be no surprise that 2024, 2023, 2022, and every other year of humanities' existence has been...
4 months ago
19

Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474

from watchTowr Labs [alt+shift+b] in technology

4 months ago
It'll be no surprise that 2024, 2023, 2022, and every other year of humanities' existence has been tough for SSLVPN appliances. Anyhow, there are new vulnerabilities (well, two of them) that are being exploited in the Palo Alto Networks firewall and SSLVPN offering, and as ever,...
Direct Link [→] Remove from reading list Add to reading list [alt+a]
upvote [alt+ctrl+↑] downvote [alt+ctrl+↓]
watchTowr Labs
Visionaries Have Democratised Remote Network Access - Citrix Virtual Apps and Desktops... Well, we’re back again, with yet another fresh-off-the-press bug chain (and associated Interactive...
4 months ago
18

Visionaries Have Democratised Remote Network Access - Citrix Virtual Apps and Desktops (CVE-2024-8068 and CVE-2024-8069)

from watchTowr Labs [alt+shift+b] in technology

4 months ago
Well, we’re back again, with yet another fresh-off-the-press bug chain (and associated Interactive Artifact Generator). This time, it’s in Citrix’s “Virtual Apps and Desktops” offering. This is a tech stack that enables end-users (and likely, your friendly neighbourhood...
Direct Link [→] Remove from reading list Add to reading list [alt+a]
upvote [alt+ctrl+↑] downvote [alt+ctrl+↓]
watchTowr Labs
The Best Security Is When We All Agree To Keep Everything Secret (Except The Secrets) - NAKIVO... As an industry, we believe that we’ve come to a common consensus after 25 years of circular debates...
4 weeks ago
16

The Best Security Is When We All Agree To Keep Everything Secret (Except The Secrets) - NAKIVO Backup & Replication (CVE-2024-48248)

from watchTowr Labs [alt+shift+b] in technology

4 weeks ago
As an industry, we believe that we’ve come to a common consensus after 25 years of circular debates - disclosure is terrible, information is actually dangerous, it’s best that it’s not shared, and the only way to really to ensure that no one ever
Direct Link [→] Remove from reading list Add to reading list [alt+a]
upvote [alt+ctrl+↑] downvote [alt+ctrl+↓]
watchTowr Labs
Fortinet FortiGate CVE-2024-23113 - A Super Complex Vulnerability In A Super Secure Appliance In... Today we'd like to share a recent journey into (yet another) SSLVPN appliance vulnerability - a...
5 months ago
13

Fortinet FortiGate CVE-2024-23113 - A Super Complex Vulnerability In A Super Secure Appliance In 2024

from watchTowr Labs [alt+shift+b] in technology

5 months ago
Today we'd like to share a recent journey into (yet another) SSLVPN appliance vulnerability - a Format String vulnerability, unusually, in Fortinet's FortiGate devices. It affected (before patching) all currently-maintained branches, and recently was highlighted by CISA as...
Direct Link [→] Remove from reading list Add to reading list [alt+a]
upvote [alt+ctrl+↑] downvote [alt+ctrl+↓]
watchTowr Labs
IBM QRadar - When The Attacker Controls Your Security Stack (CVE-2022-26377) Welcome to April 2024. A depressing year so far - we've seen critical vulnerabilities across a wide...
11 months ago
12

IBM QRadar - When The Attacker Controls Your Security Stack (CVE-2022-26377)

from watchTowr Labs [alt+shift+b] in technology

11 months ago
Welcome to April 2024. A depressing year so far - we've seen critical vulnerabilities across a wide range of enterprise software stacks. In addition, we've seen surreptitious and patient threat actors light our industry on fire with slowly introduced backdoors in the XZ...
Direct Link [→] Remove from reading list Add to reading list [alt+a]
upvote [alt+ctrl+↑] downvote [alt+ctrl+↓]
watchTowr Labs
Auth. Bypass In (Un)Limited Scenarios - Progress MOVEit Transfer (CVE-2024-5806) In the early hours of a day in a month in 2024, watchTowr Labs was sent a chat log: 13:37 -!-...
9 months ago
12

Auth. Bypass In (Un)Limited Scenarios - Progress MOVEit Transfer (CVE-2024-5806)

from watchTowr Labs [alt+shift+b] in technology

9 months ago
In the early hours of a day in a month in 2024, watchTowr Labs was sent a chat log: 13:37 -!- dav1d_bl41ne [def_not_phalanx@kernel.org] has joined #!hack (irc.efnet.nl) 13:37 -!- dav1d_bl41ne changed the topic of #!hack to: mag1c sh0w
Direct Link [→] Remove from reading list Add to reading list [alt+a]
upvote [alt+ctrl+↑] downvote [alt+ctrl+↓]
watchTowr Labs
We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI Welcome back to another watchTowr Labs blog. Brace yourselves, this is one of our most astounding...
6 months ago
12

We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI

from watchTowr Labs [alt+shift+b] in technology

6 months ago
Welcome back to another watchTowr Labs blog. Brace yourselves, this is one of our most astounding discoveries. Summary What started out as a bit of fun between colleagues while avoiding the Vegas heat and $20 bottles of water in our Black Hat hotel rooms - has now seemingly...
Direct Link [→] Remove from reading list Add to reading list [alt+a]
upvote [alt+ctrl+↑] downvote [alt+ctrl+↓]
watchTowr Labs
No Way, PHP Strikes Again! (CVE-2024-4577) Orange Tsai tweeted a few hours ago about “One of [his] PHP vulnerabilities, which affects XAMPP by...
9 months ago
11

No Way, PHP Strikes Again! (CVE-2024-4577)

from watchTowr Labs [alt+shift+b] in technology

9 months ago
Orange Tsai tweeted a few hours ago about “One of [his] PHP vulnerabilities, which affects XAMPP by default”, and we were curious to say the least. XAMPP is a very popular way for administrators and developers to rapidly deploy Apache, PHP, and a bunch of other tools, and
Direct Link [→] Remove from reading list Add to reading list [alt+a]
upvote [alt+ctrl+↑] downvote [alt+ctrl+↓]
watchTowr Labs
“To live is to fight, to fight is to live! - IBM ODM Remote Code Execution In previous blogs, we’ve discussed some of the big players in the enterprise software space, but...
a year ago
10

“To live is to fight, to fight is to live! - IBM ODM Remote Code Execution

from watchTowr Labs [alt+shift+b] in technology

a year ago
In previous blogs, we’ve discussed some of the big players in the enterprise software space, but there is one that we have not mentioned before, that is - quite frankly - the heavy-weight champion of the world in terms of applications for large enterprises. With over a hundred
Direct Link [→] Remove from reading list Add to reading list [alt+a]
upvote [alt+ctrl+↑] downvote [alt+ctrl+↓]
watchTowr Labs
Check Point - Wrong Check Point (CVE-2024-24919) Gather round, gather round - it’s time for another blogpost tearing open an SSLVPN appliance and...
10 months ago
9

Check Point - Wrong Check Point (CVE-2024-24919)

from watchTowr Labs [alt+shift+b] in technology

10 months ago
Gather round, gather round - it’s time for another blogpost tearing open an SSLVPN appliance and laying bare a recent in-the-wild exploited bug. This time, it is Check Point who is the focus of our penetrative gaze. Check Point, for those unaware, is the vendor responsible for...
Direct Link [→] Remove from reading list Add to reading list [alt+a]
upvote [alt+ctrl+↑] downvote [alt+ctrl+↓]
watchTowr Labs
Bypassing Authentication Like It’s The ‘90s - Pre-Auth RCE Chain(s) in Kentico Xperience CMS I recently joined watchTowr, and it is, therefore, time - time for my first watchTowr Labs blogpost,...
a week ago
9

Bypassing Authentication Like It’s The ‘90s - Pre-Auth RCE Chain(s) in Kentico Xperience CMS

from watchTowr Labs [alt+shift+b] in technology

a week ago
I recently joined watchTowr, and it is, therefore, time - time for my first watchTowr Labs blogpost, previously teased in a tweet of a pre-auth RCE chain affecting some ‘unknown software’. Joining the team, I wanted to maintain the trail of destruction left by the watchTowr Labs...
Direct Link [→] Remove from reading list Add to reading list [alt+a]
upvote [alt+ctrl+↑] downvote [alt+ctrl+↓]
watchTowr Labs
QNAP QTS - QNAPping At The Wheel (CVE-2024-27130 and friends) Infosec is, at it’s heart, all about that data. Obtaining access to it (or disrupting access to it)...
10 months ago
9

QNAP QTS - QNAPping At The Wheel (CVE-2024-27130 and friends)

from watchTowr Labs [alt+shift+b] in technology

10 months ago
Infosec is, at it’s heart, all about that data. Obtaining access to it (or disrupting access to it) is in every ransomware gang and APT group’s top-10 to-do-list items, and so it makes sense that our research voyage would, at some point, cross paths with products
Direct Link [→] Remove from reading list Add to reading list [alt+a]
upvote [alt+ctrl+↑] downvote [alt+ctrl+↓]
watchTowr Labs
Veeam Backup & Response - RCE With Auth, But Mostly Without Auth (CVE-2024-40711) Every sysadmin is familiar with Veeam’s enterprise-oriented backup solution, ‘Veeam Backup &...
6 months ago
8

Veeam Backup & Response - RCE With Auth, But Mostly Without Auth (CVE-2024-40711)

from watchTowr Labs [alt+shift+b] in technology

6 months ago
Every sysadmin is familiar with Veeam’s enterprise-oriented backup solution, ‘Veeam Backup & Replication’. Unfortunately, so is every ransomware operator, given it's somewhat 'privileged position' in the storage world of most enterprise's networks. There's no point deploying...
Direct Link [→] Remove from reading list Add to reading list [alt+a]
upvote [alt+ctrl+↑] downvote [alt+ctrl+↓]
watchTowr Labs
Palo Alto - Putting The Protecc In GlobalProtect (CVE-2024-3400) Welcome to April 2024, again. We’re back, again. Over the weekend, we were all greeted by...
11 months ago
7

Palo Alto - Putting The Protecc In GlobalProtect (CVE-2024-3400)

from watchTowr Labs [alt+shift+b] in technology

11 months ago
Welcome to April 2024, again. We’re back, again. Over the weekend, we were all greeted by now-familiar news—a nation-state was exploiting a “sophisticated” vulnerability for full compromise in yet another enterprise-grade SSLVPN device. We’ve seen all the commentary around the...
Direct Link [→] Remove from reading list Add to reading list [alt+a]
upvote [alt+ctrl+↑] downvote [alt+ctrl+↓]
watchTowr Labs
By Executive Order, We Are Banning Blacklists - Domain-Level RCE in Veeam Backup & Replication... It’s us again! Once again, we hear the collective groans - but we're back and with yet another...
a week ago
7

By Executive Order, We Are Banning Blacklists - Domain-Level RCE in Veeam Backup & Replication (CVE-2025-23120)

from watchTowr Labs [alt+shift+b] in technology

a week ago
It’s us again! Once again, we hear the collective groans - but we're back and with yet another merciless pwnage of an inspired and clearly comprehensive RCE solution - no, wait, it's another vuln in yet another backup and replication solution.. While we would
Direct Link [→] Remove from reading list Add to reading list [alt+a]
upvote [alt+ctrl+↑] downvote [alt+ctrl+↓]

The best way to read the internet.
Made for nerds, by a nerd.

The best way to read the internet

© 2023 Bored Reading. All rights reserved.

Terms Privacy Design by Kumail

bored reading

v. 229.328 compliant with
earth/mars-x8292 communication
protocol 29xjw899992

When Google killed Google Reader, the bloggosphere took a severe hit and the content quality went down because there weren't enough readers to justify the effort it takes to maintain a high quality blog.

What's left is a decaying wasteland of blogs, most abandoned, a lot are now SEO spam, and 99% are not worth reading. BoredReading is a way to read the remaining great blogs that survived the ice age.

To add your favorite blog, please suggest it here! I get emails every day which helps me maintain a high quality selection of blogs!

Avatar

Made by,
Kumail Hunaid

@kumailht on Twitter.
My website and email.

Close [esc]