Full Width [alt+shift+f] Shortcuts [alt+shift+k] TRY SIMPLE MODE
Sign Up [alt+shift+s] Log In [alt+shift+l]
31
Well, we’re back again, with yet another fresh-off-the-press bug chain (and associated Interactive Artifact Generator). This time, it’s in Citrix’s “Virtual Apps and Desktops” offering. This is a tech stack that enables end-users (and likely, your friendly neighbourhood ransomware gang) to access
8 months ago

Improve your reading experience

Logged in users get linked directly to articles resulting in a better reading experience. Please login for free, it takes less than 1 minute.

More from watchTowr Labs

SysOwned, Your Friendly Support Ticket - SysAid On-Premise Pre-Auth RCE Chain (CVE-2025-2775 And Friends)

It’s… another week, and another vendor who is apparently experienced with ransomware gangs but yet struggles with email. In what we've seen others term "the watchTowr treatment", we are once again (surprise, surprise) disclosing vulnerability research that allowed us to gain pre-authenticated Remote

3 months ago 31 votes
SonicBoom, From Stolen Tokens to Remote Shells - SonicWall SMA (CVE-2023-44221, CVE-2024-38475)

Another day, another edge device being targeted - it’s a typical Thursday! In today’s blog post, we’re excited to share our previously private analysis of the now exploited in-the-wild N-day vulnerabilities affecting SonicWall’s SMA100 appliance. Over the last few months, our client

3 months ago 19 votes
Fire In The Hole, We’re Breaching The Vault - Commvault Remote Code Execution (CVE-2025-34028)

As we pack our bags and prepare for the adult-er version of BlackHat (that apparently doesn’t require us to print out stolen mailspoolz to hand to people at their talks), we want to tell you about a recent adventure - a heist, if you will. No heist story

3 months ago 49 votes
Is The Sofistication In The Room With Us? - X-Forwarded-For and Ivanti Connect Secure (CVE-2025-22457)

What's that Skippy? Another Ivanti Connect Secure vulnerability? At this point, regular readers will know all about Ivanti (and a handful of other vendors of the same class of devices), from our regular analysis. Do you know the fun things about these posts? We can copy text from

4 months ago 44 votes
XSS To RCE By Abusing Custom File Handlers - Kentico Xperience CMS (CVE-2025-2748)

We know what you’re waiting for - this isn’t it. Today, we’re back with more tales of our adventures in Kentico’s Xperience CMS. Due to it’s wide usage, the type of solution, and the types of enterprises using this solution

4 months ago 46 votes

More in technology

A robotic hand with the dexterity to sign the whole ASL alphabet

Even if we ignore intelligence, humans are able to speak when other animals — even other great apes — can’t, because of our specialized and complex vocal anatomy. Similarly, ASL (American Sign Language) wouldn’t be possible without our incredible hand and finger dexterity. Like any other complex physiological system, that is difficult to recreate artificially. […] The post A robotic hand with the dexterity to sign the whole ASL alphabet appeared first on Arduino Blog.

18 hours ago 3 votes
Practical Computing Interviewed Alan Sugar (1985)

A Quick Look Behind the Scenes at Amstrad.

18 hours ago 3 votes
Updated Arduino cores with ZephyrOS (beta)  

Last December we released our beta Arduino cores based on Zephyr. Today, we are excited to make another step in this beta program for Arduino cores based on Zephyr! ZephyrOS is an open-source, state-of-the-art, real-time operating system (RTOS) designed for low-power, resource-constrained devices. We are transitioning Arduino cores to ZephyrOS to ensure continued support and […] The post Updated Arduino cores with ZephyrOS (beta)   appeared first on Arduino Blog.

2 days ago 5 votes
How to run Uptime Kuma in Docker in an IPv6-only environment

I use Uptime Kuma to check the availability of a few services that I run, with the most important one being my blog. It’s really nice. Today I wanted to set it up on a different machine to help troubleshoot and confirm some latency issues that I’ve observed, and for that purpose I picked the cheapest ARM-based Hetzner Cloud VM hosted in Helsinki, Finland. Hetzner provides a public IPv6 address for free, but you have to pay extra for an IPv4 address. I didn’t want to do that out of principle, so I went ahead and copied my Docker Compose definition over to the new server. For some reason, Uptime Kuma would start up on the new IPv6-only VM, but it was unsuccessful in making requests to my services, which support both IPv4 and IPv6. The requests would time out and show up as “Pending” in the UI, and the service logs complained about not being able to deliver e-mails about the failures. I confirmed IPv6 connectivity within the container by running docker exec -it uptime-kuma bash and running a few curl and ping commands with IPv6 flags, had no issues with those. When I added a public IPv4 address to the container, everything started working again. I fixed the issue by explicitly disabling the IPv4 network in the Docker Compose service definition, and that did the trick, Uptime Kuma made successful requests towards my services. It seems that the service defaults to IPv4 due to the internal Docker network giving it an IPv4 network to work with, and that causes issues when your machine doesn’t have any IPv4 network or public IPv4 address associated with it. Here’s an example Docker Compose file: name: uptime-kuma services: uptime-kuma: container_name: uptime-kuma networks: - uptime-kuma ports: - 3001:3001" volumes: - /path/to/your/storage:/app/data image: docker.io/louislam/uptime-kuma restart: always networks: uptime-kuma: enable_ipv6: true enable_ipv4: false That’s it! If you’re interested in different ways to set up IPv6 networking in Docker, check out this overview that I wrote a while ago.

3 days ago 6 votes
This inexpensive adapter brings Apple Universal Control to vintage Macs

In the distant past of about two decades ago, one would need to use a KVM (Keyboard, Video, Mouse) switch to control multiple computers with the same mouse and keyboard — and even then, it would take a button press to move from one to the other. Today, Apple’s Universal Control feature lets users seamlessly […] The post This inexpensive adapter brings Apple Universal Control to vintage Macs appeared first on Arduino Blog.

4 days ago 9 votes