https://www.vulncheck.com/blogVulnCheck Blog2026-04-16T22:57:27.909Zhttps://github.com/jpmonette/feedBlog posts we have recently written or historic blog posts we have written in the past.https://www.vulncheck.com/__og-image__/image/blog/og.pngCopyright (c) 2026 VulnCheck, Inc.<![CDATA[Tracking CVEs Attributed to Anthropic Researchers and Project Glasswing]]>/blog/anthropic-glasswing-cves2026-04-15T15:00:00.000ZPatrick Garrityhttps://www.linkedin.com/in/patrickmgarrity/2026-04-15T15:00:00.000Z<![CDATA[CVE-2026-20079 - Cisco FMC Authentication Bypass RCE Analysis]]>/blog/cisco-fmc-auth-bypass-cve-2026-200792026-03-26T22:00:00.000ZCale Blackhttps://hosakacorp.net2026-03-26T22:00:00.000Z<![CDATA[The Return of the Kinsing]]>/blog/return-of-the-kinsing2026-03-26T14:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2026-03-26T14:00:00.000Z<![CDATA[2026 State of Exploitation: Exploiting The Network Edge]]>/blog/network-edge-device-report-20262026-03-23T14:00:00.000ZPatrick Garrityhttps://www.linkedin.com/in/patrickmgarrity/2026-03-23T14:00:00.000Z<![CDATA[n8n Should Have More Than One CISA KEV Entry]]>/blog/n8n-needs-more-kev2026-03-20T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2026-03-20T00:00:00.000Z<![CDATA[Herding Cats: Recent Cisco SD-WAN Manager Vulnerabilities]]>/blog/cisco-sd-wan-manager-vulns2026-03-12T00:00:00.000ZJosh Shomohttps://www.linkedin.com/in/josh-shomo-5260bb259/Caitlin Condonhttps://www.linkedin.com/in/ccondon/2026-03-12T00:00:00.000Z<![CDATA[SiftRanking Canary Intelligence]]>/blog/siftrank_canaries2026-03-02T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2026-03-02T00:00:00.000Z<![CDATA[Introducing the 2026 VulnCheck Exploit Intelligence Report]]>/blog/2026-vulncheck-exploit-intelligence-report2026-02-25T00:00:00.000ZCaitlin Condonhttps://www.linkedin.com/in/ccondon/2026-02-25T00:00:00.000Z<![CDATA[What 28 Days of Faster Vulnerability Intelligence Is Worth]]>/blog/economic-value-lead-time2026-02-11T00:00:00.000ZTanner Embryhttps://www.linkedin.com/in/tannerembry/2026-02-11T00:00:00.000Z<![CDATA[Making Serialization Gadgets by Hand - Java]]>/blog/making-java-gadgets2026-02-05T00:00:00.000ZJonathan Petersonhttps://infosec.exchange/@lobsterjerusalem2026-02-05T00:00:00.000Z<![CDATA[Metro4Shell: Exploitation of React Native’s Metro Server in the Wild]]>/blog/metro4shell_eitw2026-02-03T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2026-02-03T00:00:00.000Z<![CDATA[Street Smarts: SmarterMail ConnectToHub Unauthenticated RCE (CVE-2026-24423)]]>/blog/smartermail-connecttohub-rce-cve-2026-244232026-01-26T00:00:00.000ZCale Blackhttps://hosakacorp.net2026-01-26T00:00:00.000Z<![CDATA[VulnCheck State of Exploitation 2026]]>/blog/state-of-exploitation-20262026-01-21T00:00:00.000ZPatrick Garrityhttps://www.linkedin.com/in/patrickmgarrity/2026-01-21T00:00:00.000Z<![CDATA[How to Report a Security Vulnerability to VulnCheck]]>/blog/report-a-vulnerability2026-01-09T00:00:00.000ZWade Sparkshttps://www.linkedin.com/in/wadesparksvt/Patrick Garrityhttps://www.linkedin.com/in/patrickmgarrity/2026-01-09T00:00:00.000Z<![CDATA[FortiCloud SSO Login Bypass Vulnerabilities Exploited in the Wild]]>/blog/forticloud-sso-login-bypass2025-12-18T00:00:00.000ZCaitlin Condonhttps://www.linkedin.com/in/ccondon/2025-12-18T00:00:00.000Z<![CDATA[Tales from the Exploit Mines: Gladinet Triofox CVE-2025-12480 RCE]]>/blog/triofox-exploit-cve-2025-124802025-12-18T00:00:00.000ZCale Blackhttps://hosakacorp.net2025-12-18T00:00:00.000Z<![CDATA[What's Next: React2Shell Beyond Next.js]]>/blog/react2shell-beyond-nextjs2025-12-16T00:00:00.000ZJonathan Petersonhttps://infosec.exchange/@lobsterjerusalemCale Blackhttps://hosakacorp.net2025-12-16T00:00:00.000Z<![CDATA[Critical CVEs, CVSS v4, and the Adoption Gap No One Talks About]]>/blog/cvss-severity2025-12-15T00:00:00.000ZPatrick Garrityhttps://www.linkedin.com/in/patrickmgarrity/2025-12-15T00:00:00.000Z<![CDATA[React2Shell Exploits on GitHub]]>/blog/react2shell-github2025-12-12T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2025-12-12T00:00:00.000Z<![CDATA[React2Shell and What Our Canaries See]]>/blog/react2shell-canaries2025-12-09T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2025-12-09T00:00:00.000Z<![CDATA[Reacting to Shells: React2Shell Variants & the CVE-2025-55182 Exploit Ecosystem]]>/blog/reacting-to-shells-react2shell-variants-ecosystem2025-12-08T00:00:00.000ZCale Blackhttps://hosakacorp.net2025-12-08T00:00:00.000Z<![CDATA[Frost Checks First: Selective Exploitation]]>/blog/frost-checks-first2025-12-04T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2025-12-04T00:00:00.000Z<![CDATA[Critical vulnerability in React and Next.js (CVE-2025-55182)]]>/blog/cve-2025-55182-react-nextjs2025-12-03T00:00:00.000ZCaitlin Condonhttps://www.linkedin.com/in/ccondon/2025-12-03T00:00:00.000Z<![CDATA[Helping Improve and Scale the CVE Ecosystem Through the Lens of Security Research]]>/blog/helping-scale-cve2025-12-02T00:00:00.000ZPatrick Garrityhttps://www.linkedin.com/in/patrickmgarrity/2025-12-02T00:00:00.000Z<![CDATA[The Mystery OAST Host Behind a Regionally Focused Exploit Operation]]>/blog/mystery-oast2025-11-27T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2025-11-27T00:00:00.000Z<![CDATA[Introducing VulnCheck Canary Intelligence]]>/blog/introducing-vulncheck-canary-intelligence2025-11-17T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2025-11-17T00:00:00.000Z<![CDATA[Fortinet FortiWeb Exploitation Hits Silently Patched Vulnerability]]>/blog/fortinet-forti-web-exploitation-hits-silently-patched-vulnerability2025-11-14T00:00:00.000ZCaitlin Condonhttps://www.linkedin.com/in/ccondon/2025-11-14T00:00:00.000Z<![CDATA[XWiki Under Increased Attack]]>/blog/xwiki-under-increased-attack2025-11-14T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2025-11-14T00:00:00.000Z<![CDATA[Making Serialization Gadgets by Hand - .NET]]>/blog/making-dotnet-gadgets2025-11-12T00:00:00.000ZJonathan Petersonhttps://infosec.exchange/@lobsterjerusalem2025-11-12T00:00:00.000Z<![CDATA[VulnCheck Research Highlights: November 2025]]>/blog/november-2025-research-highlights2025-11-05T00:00:00.000ZCaitlin Condonhttps://www.linkedin.com/in/ccondon/2025-11-05T00:00:00.000Z<![CDATA[XWiki CVE-2025-24893 Exploited in the Wild]]>/blog/xwiki-cve-2025-24893-eitw2025-10-28T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2025-10-28T00:00:00.000Z<![CDATA[Accelerating Our Footprint and Innovation: Why VulnCheck Posted a Record-Setting Q3]]>/blog/q3-2025-momentum2025-10-16T00:00:00.000ZTom Bainhttps://x.com/tmbainjr12025-10-16T00:00:00.000Z<![CDATA[ICTBroadcast Command Injection Actively Exploited (CVE-2025-2611)]]>/blog/ictbroadcast-kev2025-10-14T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2025-10-14T00:00:00.000Z<![CDATA[VulnCheck Research Highlights: October 2025]]>/blog/october-2025-research-highlights2025-10-09T00:00:00.000ZCaitlin Condonhttps://www.linkedin.com/in/ccondon/2025-10-09T00:00:00.000Z<![CDATA[THREATCON1 2025 Recap: A New Standard for Cybersecurity Events]]>/blog/2025-threatcon1-recap2025-10-06T00:00:00.000ZTom Bainhttps://twitter.com/tmbainjr12025-10-06T00:00:00.000Z<![CDATA[Oracle E-Business Suite CVE-2025-61882 Exploited in Extortion Attacks]]>/blog/oracle-e-business-suite-cve-2025-61882-exploited-in-extortion-attacks2025-10-06T00:00:00.000ZCaitlin Condonhttps://www.linkedin.com/in/ccondon/2025-10-06T00:00:00.000Z<![CDATA[CVE-2025-10035: Critical Vulnerability in Fortra GoAnywhere MFT]]>/blog/cve-2025-10035-fortra-go-anywhere-mft2025-09-19T00:00:00.000ZCaitlin Condonhttps://www.linkedin.com/in/ccondon/2025-09-19T00:00:00.000Z<![CDATA[Getting Ahead of Exploitation with Initial Access Intelligence]]>/blog/vulncheck-initial-access2025-09-11T00:00:00.000ZTim Robertshttps://www.linkedin.com/in/timroberts213/2025-09-11T00:00:00.000Z<![CDATA[VulnCheck Insights: CVE Context at the Hover of Your Cursor]]>/blog/vulncheck-insights-chrome-extension2025-09-08T00:00:00.000ZKimber Dukehttps://www.linkedin.com/in/kimberduke/2025-09-08T00:00:00.000Z<![CDATA[New Citrix NetScaler Zero-Day Vulnerability Exploited in the Wild]]>/blog/new-citrix-netscaler-zero-day-vulnerability-exploited-in-the-wild2025-08-26T00:00:00.000ZCaitlin Condonhttps://www.linkedin.com/in/ccondon/2025-08-26T00:00:00.000Z<![CDATA[ScriptCase - Hunt It, Exploit It, Defend It]]>/blog/scriptcase-rce2025-08-14T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2025-08-14T00:00:00.000Z<![CDATA[Dispatch from the Desert: VulnCheck at BlackHat, Security Wasteland, and DEFCON]]>/blog/blackhat-2025-review2025-08-12T00:00:00.000ZKimber Dukehttps://www.linkedin.com/in/kimberduke/2025-08-12T00:00:00.000Z<![CDATA[Command Injection in Jenkins via Git Parameter (CVE-2025-53652)]]>/blog/git-parameter-rce2025-08-07T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2025-08-07T00:00:00.000Z<![CDATA[Still Up. Still Evil.]]>/blog/stillup-stillevil2025-07-31T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2025-07-31T00:00:00.000Z<![CDATA[State of Exploitation - A look Into The 1H-2025 Vulnerability Exploitation & Threat Activity]]>/blog/state-of-exploitation-1h-20252025-07-30T00:00:00.000ZPatrick Garrityhttps://www.linkedin.com/in/patrickmgarrity/2025-07-30T00:00:00.000Z<![CDATA[Novel Use of "mount" Spotted in Hikvision Attacks]]>/blog/hikvision-mount-shell2025-07-24T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2025-07-24T00:00:00.000Z<![CDATA[The Linuxsys Cryptominer]]>/blog/linuxsys-cryptominer2025-07-17T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2025-07-17T00:00:00.000Z<![CDATA[Expanding VulnCheck’s KEV: Auditing ShadowServer, New CVE Assignments, and Source Expansion]]>/blog/kev-expansion-20252025-07-10T00:00:00.000ZPatrick Garrityhttps://www.linkedin.com/in/patrickmgarrity/2025-07-10T00:00:00.000Z<![CDATA[VulnCheck Integrates with ThreatQuotient: Operationalize Exploit Intelligence in the ThreatQ Platform and is Now Generally Available on the ThreatQ Marketplace]]>/blog/vulncheck-threatquotient-partnership2025-07-02T00:00:00.000ZTom Bainhttps://twitter.com/tmbainjr12025-07-02T00:00:00.000Z<![CDATA[Timely Threat Intelligence for Defenders with VulnCheck KEV Alerts]]>/blog/vulncheck-kev-alerts2025-06-25T00:00:00.000ZPatrick Garrityhttps://www.linkedin.com/in/patrickmgarrity/2025-06-25T00:00:00.000Z<![CDATA[CVE Fragility Is Real, But Totally Fixable.]]>/blog/cve-fragility2025-05-23T00:00:00.000ZTom Bainhttps://twitter.com/tmbainjr12025-05-23T00:00:00.000Z<![CDATA[Understanding Exploit Proof-of-Concept]]>/blog/understanding-exploit-proof-of-concept2025-05-23T00:00:00.000ZTom Bainhttps://twitter.com/tmbainjr12025-05-23T00:00:00.000Z<![CDATA[Understanding Initial Access Exploits]]>/blog/understanding-initial-access-exploits2025-05-23T00:00:00.000ZTom Bainhttps://twitter.com/tmbainjr12025-05-23T00:00:00.000Z<![CDATA[Understanding Exploit Availability]]>/blog/understanding-exploit-availability2025-05-21T00:00:00.000ZTom Bainhttps://twitter.com/tmbainjr12025-05-21T00:00:00.000Z<![CDATA[Understanding Exploit Maturity]]>/blog/understanding-exploit-maturity2025-05-21T00:00:00.000ZTom Bainhttps://twitter.com/tmbainjr12025-05-21T00:00:00.000Z<![CDATA[Understanding Software Dependency Graphs]]>/blog/understanding-software-dependency-graphs2025-05-21T00:00:00.000ZTom Bainhttps://twitter.com/tmbainjr12025-05-21T00:00:00.000Z<![CDATA[Understanding Software Supply Chain Security]]>/blog/understanding-software-supply-chain-security2025-05-21T00:00:00.000ZTom Bainhttps://twitter.com/tmbainjr12025-05-21T00:00:00.000Z<![CDATA[Does ENISA EUVD live up to all the hype?]]>/blog/enisa-euvd2025-05-20T00:00:00.000ZPatrick Garrityhttps://www.linkedin.com/in/patrickmgarrity/2025-05-20T00:00:00.000Z<![CDATA[2025 Q1 Trends in Vulnerability Exploitation]]>/blog/exploitation-trends-q1-20252025-04-24T00:00:00.000ZPatrick Garrityhttps://www.linkedin.com/in/patrickmgarrity/2025-04-24T00:00:00.000Z<![CDATA[Understanding Command & Control (C2) Infrastructure]]>/blog/understanding-command-control-infrastructure2025-04-21T00:00:00.000ZTom Bainhttps://twitter.com/tmbainjr12025-04-21T00:00:00.000Z<![CDATA[Attacker Infrastructure]]>/blog/attacker-infrastructure2025-04-18T00:00:00.000ZTom Bainhttps://twitter.com/tmbainjr12025-04-18T00:00:00.000Z<![CDATA[Understanding APTs]]>/blog/understanding-apts2025-04-18T00:00:00.000ZTom Bainhttps://twitter.com/tmbainjr12025-04-18T00:00:00.000Z<![CDATA[NIST’s New Deferred CVE Status: What It Means for Defenders]]>/blog/nist-nvd-deferred2025-04-14T00:00:00.000ZTony Wenzelhttps://www.linkedin.com/in/awenzel/2025-04-14T00:00:00.000Z<![CDATA[VulnCheck & Filigran: Delivering Actionable Security Intelligence for the Enterprise]]>/blog/vulncheck-filigran-parternship2025-03-27T00:00:00.000ZTom Bainhttps://twitter.com/tmbainjr12025-03-27T00:00:00.000Z<![CDATA[Exploring VulnCheck Intelligence in OpenCTI]]>/blog/opencti-integration2025-03-13T00:00:00.000ZEJ Reillyhttps://www.linkedin.com/in/ej-reilly/2025-03-13T00:00:00.000Z<![CDATA[BigAnt Small Chain - CVE-2025-0364 Exploitation]]>/blog/bigant-cve-2025-03642025-02-27T00:00:00.000ZCale Blackhttps://hosakacorp.net2025-02-27T00:00:00.000Z<![CDATA[Exposing CVEs from Black Bastas' Chats]]>/blog/black-basta-chats2025-02-24T00:00:00.000ZPatrick Garrityhttps://www.linkedin.com/in/patrickmgarrity/2025-02-24T00:00:00.000Z<![CDATA[Helping Enterprises & Governments Adopt Stakeholder Specific Vulnerability Categorization (SSVC)]]>/blog/automating-ssvc2025-02-13T00:00:00.000ZPatrick Garrityhttps://www.linkedin.com/in/patrickmgarrity/2025-02-13T00:00:00.000Z<![CDATA[Zyxel HTTP Vulnerability]]>/blog/zyxel-http-vuln2025-02-07T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2025-02-07T00:00:00.000Z<![CDATA[Zyxel Telnet Vulnerabilities]]>/blog/zyxel-telnet-vulns2025-02-04T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2025-02-04T00:00:00.000Z<![CDATA[2024 Trends in Vulnerability Exploitation]]>/blog/2024-exploitation-trends2025-02-03T00:00:00.000ZPatrick Garrityhttps://www.linkedin.com/in/patrickmgarrity/2025-02-03T00:00:00.000Z<![CDATA[New Year, New UI]]>/blog/new-year-new-ui2025-01-30T00:00:00.000ZKimber Dukehttps://www.linkedin.com/in/kimberduke/2025-01-30T00:00:00.000Z<![CDATA[VulnCheck Initial Access Intelligence - 2024 Year in Review]]>/blog/vulncheck-iai-20242025-01-29T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2025-01-29T00:00:00.000Z<![CDATA[Four-Faith Industrial Router CVE-2024-12856 Exploited in the Wild]]>/blog/four-faith-cve-2024-128562024-12-27T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2024-12-27T00:00:00.000Z<![CDATA[Are the Top 25 CWEs Truly the Most Dangerous Software Weaknesses in 2024?]]>/blog/cwe-top-25-20242024-12-19T00:00:00.000ZPatrick Garrityhttps://www.linkedin.com/in/patrickmgarrity/2024-12-19T00:00:00.000Z<![CDATA[Active C2 Servers]]>/blog/active-c2-servers2024-12-12T00:00:00.000ZTom Bainhttps://twitter.com/tmbainjr12024-12-12T00:00:00.000Z<![CDATA[Common Vulnerability Scoring System (CVSS)]]>/blog/common-vulnerability-scoring-system2024-12-12T00:00:00.000ZTom Bainhttps://twitter.com/tmbainjr12024-12-12T00:00:00.000Z<![CDATA[Detecting Exploitation w/ VulnCheck Initial Access Intelligence - November 2024]]>/blog/initial-access-intelligence-november-20242024-12-11T00:00:00.000ZPatrick Garrityhttps://www.linkedin.com/in/patrickmgarrity/2024-12-11T00:00:00.000Z<![CDATA[A Peek Into the Known Exploited Vulnerabilities of 2024]]>/blog/comparing-kevs-jupyter2024-12-05T00:00:00.000ZPatrick Garrityhttps://www.linkedin.com/in/patrickmgarrity/2024-12-05T00:00:00.000Z<![CDATA[Common Vulnerabilities and Exposures]]>/blog/common-vulnerabilities-and-exposures2024-12-04T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2024-12-04T00:00:00.000Z<![CDATA[Understanding Exploits]]>/blog/understanding-exploits2024-12-04T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2024-12-04T00:00:00.000Z<![CDATA[Vulnerability Exchange Formats - CycloneDX, SPDX, VDR, and VEX]]>/blog/vulnerability-exchange-formats2024-12-04T00:00:00.000ZTom Bainhttps://twitter.com/tmbainjr12024-12-04T00:00:00.000Z<![CDATA[Vulnerability Prioritization]]>/blog/vulnerability-prioritization-1012024-12-04T00:00:00.000ZPatrick Garrityhttps://www.linkedin.com/in/patrickmgarrity/2024-12-04T00:00:00.000Z<![CDATA[Exploit Intelligence]]>/blog/exploit-intelligence2024-12-02T00:00:00.000ZTom Bainhttps://twitter.com/tmbainjr12024-12-02T00:00:00.000Z<![CDATA[ProjectSend CVE-2024-11680 Exploited in the Wild]]>/blog/projectsend-exploited-itw2024-11-26T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2024-11-26T00:00:00.000Z<![CDATA[Exploring CISA’s 2023 Top Routinely Exploited Vulnerabilities]]>/blog/cisa-top-exploited-20242024-11-22T00:00:00.000ZPatrick Garrityhttps://www.linkedin.com/in/patrickmgarrity/2024-11-22T00:00:00.000Z<![CDATA[Outpacing NIST NVD with VulnCheck NVD++]]>/blog/outpacing-nvd-cpe2024-11-14T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2024-11-14T00:00:00.000Z<![CDATA[Detecting Exploitation w/ VulnCheck Initial Access Intelligence - October 2024]]>/blog/initial-access-intelligence-october-20242024-11-12T00:00:00.000ZPatrick Garrityhttps://www.linkedin.com/in/patrickmgarrity/2024-11-12T00:00:00.000Z<![CDATA[Introducing a New Command-and-Control Feature in go-exploit: The ShellTunnel]]>/blog/go-exploit-shelltunnel2024-11-01T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2024-11-01T00:00:00.000Z<![CDATA[Exploring ABB Vulnerabilities and Their Impact on Industrial Control Systems]]>/blog/exploring-abb-ics-vulns2024-10-30T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2024-10-30T00:00:00.000Z<![CDATA[Bring VulnCheck Intelligence to Your Python and Go Apps with Our New SDKs]]>/blog/python-go-sdk2024-10-24T00:00:00.000ZEJ Reillyhttps://www.linkedin.com/in/ej-reilly/2024-10-24T00:00:00.000Z<![CDATA[Reducing Attack Surface Risk]]>/blog/reducing-attack-surface-risk-oem-series2024-10-23T00:00:00.000ZTom Bainhttps://twitter.com/tmbainjr12024-10-23T00:00:00.000Z<![CDATA[Bring VulnCheck Anywhere w/ VulnCheck CLI]]>/blog/vulncheck-cli-anywhere2024-10-22T00:00:00.000ZPatrick Garrityhttps://www.linkedin.com/in/patrickmgarrity/2024-10-22T00:00:00.000Z<![CDATA[VulnCheck Exploited Vulnerabilities Report - September 2024]]>/blog/kev-report-september-20242024-10-13T00:00:00.000ZPatrick Garrityhttps://www.linkedin.com/in/patrickmgarrity/2024-10-13T00:00:00.000Z<![CDATA[VulnCheck Initial Access Intelligence Update - September 2024]]>/blog/initial-access-intelligence-september-20242024-10-09T00:00:00.000ZPatrick Garrityhttps://www.linkedin.com/in/patrickmgarrity/2024-10-09T00:00:00.000Z<![CDATA[Following the Trail of Flax Typhoon to Uncover Newly Discovered Vulnerabilities in Linear Emerge Access Control Devices]]>/blog/flax-typhoon-linear-merge2024-10-08T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2024-10-08T00:00:00.000Z<![CDATA[Danger is Still Lurking in the NVD Backlog]]>/blog/nvd-backlog-exploitation-lurking2024-09-30T00:00:00.000ZPatrick Garrityhttps://www.linkedin.com/in/patrickmgarrity/2024-09-30T00:00:00.000Z<![CDATA[Exploring Targeted Technologies and Countries of the Flax Typhoon Botnet]]>/blog/flax-typhoon-botnet2024-09-23T00:00:00.000ZPatrick Garrityhttps://www.linkedin.com/in/patrickmgarrity/2024-09-23T00:00:00.000Z<![CDATA[5 Ways to Enhance Your Security Product Offering with VulnCheck]]>/blog/5-ways-to-enhance-your-security-product2024-09-17T00:00:00.000ZPatrick Garrityhttps://www.linkedin.com/in/patrickmgarrity/2024-09-17T00:00:00.000Z<![CDATA[Intelligence is the Most Important and Most Lucrative Asset in Cybersecurity]]>/blog/mastercard-recorded-future-acquisition2024-09-13T00:00:00.000ZTom Bainhttps://twitter.com/tmbainjr12024-09-13T00:00:00.000Z<![CDATA[VulnCheck Known Exploited Vulnerabilities Report - Summer 2024]]>/blog/kev-report-summer-20242024-09-12T00:00:00.000ZPatrick Garrityhttps://www.linkedin.com/in/patrickmgarrity/2024-09-12T00:00:00.000Z<![CDATA[VulnCheck go-exploit External C2s]]>/blog/go-exploit-external-c2s2024-09-11T00:00:00.000ZCale Blackhttps://hosakacorp.net2024-09-11T00:00:00.000Z<![CDATA[VulnCheck Initial Access Intelligence Update - August 2024]]>/blog/initial-access-intelligence-august-20242024-09-04T00:00:00.000ZPatrick Garrityhttps://www.linkedin.com/in/patrickmgarrity/2024-09-04T00:00:00.000Z<![CDATA[Weaponized Vulnerabilities Deserve a Seat at The Prioritization Table]]>/blog/metasploit-kev2024-08-27T00:00:00.000ZPatrick Garrityhttps://www.linkedin.com/in/patrickmgarrity/2024-08-27T00:00:00.000Z<![CDATA[VulnCheck and ThreatConnect - Real-time Threat Visibility and the Most Comprehensive Asset Intelligence]]>/blog/vulncheck-threatconnect-partnership2024-08-06T00:00:00.000ZTom Bainhttps://twitter.com/tmbainjr12024-08-06T00:00:00.000Z<![CDATA[State of Exploitation - A Peek into 1H-2024 Vulnerability Exploitation]]>/blog/state-of-exploitation-1h-20242024-08-05T00:00:00.000ZPatrick Garrityhttps://www.linkedin.com/in/patrickmgarrity/2024-08-05T00:00:00.000Z<![CDATA[VulnCheck Initial Access Intelligence Update - July 2024]]>/blog/initial-access-intelligence-july-20242024-08-01T00:00:00.000ZPatrick Garrityhttps://www.linkedin.com/in/patrickmgarrity/2024-08-01T00:00:00.000Z<![CDATA[VulnCheck and Sevco - Real-time Threat Visibility and the Most Comprehensive Asset Intelligence]]>/blog/vulncheck-sevco2024-08-01T00:00:00.000ZTom Bainhttps://twitter.com/tmbainjr12024-08-01T00:00:00.000Z<![CDATA[VulnCheck go-exploit Goes Scanless]]>/blog/vulncheck-goes-scanless2024-07-25T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2024-07-25T00:00:00.000Z<![CDATA[VulnCheck Initial Access Intelligence Update - June 2024]]>/blog/initial-access-intelligence-june-20242024-07-19T00:00:00.000ZPatrick Garrityhttps://www.linkedin.com/in/patrickmgarrity/2024-07-19T00:00:00.000Z<![CDATA[Top 5 Reasons to Use VulnCheck Community]]>/blog/top-5-reasons-to-use-vulncheck-community2024-07-17T00:00:00.000ZPatrick Garrityhttps://www.linkedin.com/in/patrickmgarrity/2024-07-17T00:00:00.000Z<![CDATA[Taking an Evidence-Based Approach to Vulnerability Prioritization]]>/blog/vulnerability-prioritization2024-06-25T00:00:00.000ZPatrick Garrityhttps://www.linkedin.com/in/patrickmgarrity/2024-06-25T00:00:00.000Z<![CDATA[VulnCheck Exploited Vulnerabilities Report - May 2024]]>/blog/kev-report-may-20242024-06-13T00:00:00.000ZPatrick Garrityhttps://www.linkedin.com/in/patrickmgarrity/2024-06-13T00:00:00.000Z<![CDATA[VulnCheck Initial Access Intelligence Update - May 2024]]>/blog/initial-access-intelligence-may-20242024-06-07T00:00:00.000ZPatrick Garrityhttps://www.linkedin.com/in/patrickmgarrity/2024-06-07T00:00:00.000Z<![CDATA[The Real Danger Lurking in the NVD Backlog]]>/blog/nvd-backlog-exploitation2024-05-23T00:00:00.000ZPatrick Garrityhttps://www.linkedin.com/in/patrickmgarrity/2024-05-23T00:00:00.000Z<![CDATA[Expanding Access to CVE Data - CVE Program’s CVE List added to VulnCheck Community]]>/blog/cve-community2024-05-16T00:00:00.000ZPatrick Garrityhttps://www.linkedin.com/in/patrickmgarrity/2024-05-16T00:00:00.000Z<![CDATA[State of Exploitation - A Peek into the Last Decade of Vulnerability Exploitation]]>/blog/state-of-exploitation-a-decade2024-05-05T00:00:00.000ZPatrick Garrityhttps://www.linkedin.com/in/patrickmgarrity/2024-05-05T00:00:00.000Z<![CDATA[Verizon's 2024 DBIR Report - Mapping Mitre Att&CK tactics and techniques to Incident Classification Patterns]]>/blog/verizon-dbir-2024-mitre2024-05-02T00:00:00.000ZPatrick Garrityhttps://www.linkedin.com/in/patrickmgarrity/2024-05-02T00:00:00.000Z<![CDATA[Verizon's 2024 DBIR Report - Mapping CIS Controls to Incident Classification Patterns]]>/blog/2024-verizon-dbir2024-05-01T00:00:00.000ZPatrick Garrityhttps://www.linkedin.com/in/patrickmgarrity/2024-05-01T00:00:00.000Z<![CDATA[VulnCheck's CPE Coverage Update (3-weeks after launch)]]>/blog/nvd-cpe-update2024-04-15T00:00:00.000ZPatrick Garrityhttps://www.linkedin.com/in/patrickmgarrity/2024-04-15T00:00:00.000Z<![CDATA[Enhancing Access to NIST NVD data... Introducing CPE Enrichment in VulnCheck NVD++]]>/blog/nvd-cpe2024-03-25T00:00:00.000ZPatrick Garrityhttps://www.linkedin.com/in/patrickmgarrity/2024-03-25T00:00:00.000Z<![CDATA[Enhancing Access to NIST NVD data... Introducing VulnCheck NVD++]]>/blog/nvd-plus-plus2024-03-14T00:00:00.000ZPatrick Garrityhttps://www.linkedin.com/in/patrickmgarrity/2024-03-14T00:00:00.000Z<![CDATA[Does Confluence Dream of Shells?]]>/blog/confluence-dreams-of-shells2024-03-08T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2024-03-08T00:00:00.000Z<![CDATA[Exploring the Anatomy of an Exploited CVE with VulnCheck KEV]]>/blog/the-anatomy-of-an-exploited-cve2024-02-27T00:00:00.000ZPatrick Garrityhttps://www.linkedin.com/in/patrickmgarrity/2024-02-27T00:00:00.000Z<![CDATA[re: Zyxel VPN Series Pre-auth Remote Command Execution]]>/blog/zyxel-cve-2023-330122024-02-21T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2024-02-21T00:00:00.000Z<![CDATA[Reimagining How We Think About Threat Actors]]>/blog/how-we-think-about-threat-actors2024-02-15T00:00:00.000ZPatrick Garrityhttps://www.linkedin.com/in/patrickmgarrity/2024-02-15T00:00:00.000Z<![CDATA[There Are Too Many Damn Honeypots]]>/blog/too-many-honeypots2024-02-02T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2024-02-02T00:00:00.000Z<![CDATA[7777-Botnet Infection Vectors]]>/blog/ip-intel-7777-botnet2024-01-18T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2024-01-18T00:00:00.000Z<![CDATA[Weaponizing Apache OFBiz CVE-2023-51467]]>/blog/ofbiz-cve-2023-514672024-01-11T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2024-01-11T00:00:00.000Z<![CDATA[Top 10 VulnCheck Research Blogs of 2023]]>/blog/top-10-20232023-12-26T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2023-12-26T00:00:00.000Z<![CDATA[A Log4Shell Retrospective - Overblown and Exaggerated]]>/blog/log4shell-retro2023-12-18T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2023-12-18T00:00:00.000Z<![CDATA[Why We Are Open-Sourcing NVD 1.0]]>/blog/nvd-why2023-12-07T00:00:00.000ZTom Bainhttps://twitter.com/tmbainjr12023-12-07T00:00:00.000Z<![CDATA[Hijackable Go Module Repositories]]>/blog/go-repojacking2023-12-04T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2023-12-04T00:00:00.000Z<![CDATA[Executing from Memory Using ActiveMQ CVE-2023-46604]]>/blog/cve-2023-44604-activemq-in-memory2023-11-15T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2023-11-15T00:00:00.000Z<![CDATA[Widespread Cisco IOS XE Implants in the Wild]]>/blog/cisco-implants2023-10-17T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2023-10-17T00:00:00.000Z<![CDATA[Looking for CVE-2023-43261 in the Real World]]>/blog/real-world-cve-2023-432612023-10-13T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2023-10-13T00:00:00.000Z<![CDATA[Growth Starts with People]]>/blog/joining-vulncheck2023-10-12T00:00:00.000ZTom Bainhttps://twitter.com/tmbainjr12023-10-12T00:00:00.000Z<![CDATA[Fileless Remote Code Execution on Juniper Firewalls]]>/blog/juniper-cve-2023-368452023-09-18T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2023-09-18T00:00:00.000Z<![CDATA[Exposing RocketMQ CVE-2023-33246 Payloads]]>/blog/rocketmq-exploit-payloads2023-09-05T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2023-09-05T00:00:00.000Z<![CDATA[Exploitation of Openfire CVE-2023-32315]]>/blog/openfire-cve-2023-323152023-08-22T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2023-08-22T00:00:00.000Z<![CDATA[Insight into the 2022 Top Routinely Exploited Vulnerabilities VulnCheck]]>/blog/2022-top-exploited2023-08-09T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2023-08-09T00:00:00.000Z<![CDATA[Exploiting MikroTik RouterOS Hardware with CVE-2023-30799]]>/blog/mikrotik-foisted-revisited2023-07-25T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2023-07-25T00:00:00.000Z<![CDATA[Actively Exploited Industrial Control Systems Hardware - SolarView Series - Blog - VulnCheck]]>/blog/solarview-exploitation2023-07-05T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2023-07-05T00:00:00.000Z<![CDATA[Fake Security Researcher GitHub Repositories Deliver Malicious Implant Blog - VulnCheck]]>/blog/fake-repos-deliver-malicious-implant2023-06-14T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2023-06-14T00:00:00.000Z<![CDATA[Introducing go-exploit - An Exploit Framework for Go]]>/blog/go-exploit2023-05-25T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2023-05-25T00:00:00.000Z<![CDATA[PaperCut Exploitation - A Different Path to Code Execution]]>/blog/papercut-rce2023-05-04T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2023-05-04T00:00:00.000Z<![CDATA[Analysis of Pre-Auth RCE in Sophos Web Appliance (CVE-2023-1671) VulnCheck]]>/blog/cve-2023-1671-analysis2023-04-21T00:00:00.000ZWilliam Vuhttps://twitter.com/wvuuuuuuuuuuuuu2023-04-21T00:00:00.000Z<![CDATA[Finding Something New About CVE-2022-1388]]>/blog/new-cve-2022-13882023-04-13T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2023-04-13T00:00:00.000Z<![CDATA[A Follow-up to the Exploit-DB and 0day.today Comparison]]>/blog/exploit-database-followup2023-04-07T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2023-04-07T00:00:00.000Z<![CDATA[A Comparison of Exploit-DB and 0day.today]]>/blog/edb-0day-compare2023-03-31T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2023-03-31T00:00:00.000Z<![CDATA[Joomla! CVE-2023-23752 to Code Execution]]>/blog/joomla-for-rce2023-03-23T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2023-03-23T00:00:00.000Z<![CDATA[The VulnCheck 2022 Exploited Vulnerability Report - Missing CISA KEV Catalog Entries - Blog - VulnCheck Catalog Entries]]>/blog/2022-missing-kev-report2023-03-09T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2023-03-09T00:00:00.000Z<![CDATA[The VulnCheck 2022 Exploited Vulnerability Report - A Year Long the CISA KEV Catalog - Blog - VulnCheck Review of the CISA KEV Catalog]]>/blog/2022-cisa-kev-review2023-03-02T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2023-03-02T00:00:00.000Z<![CDATA[Assessing Potential Exploitation of Grafana's CVE-2021-43798 for Initial Access Access - Blog - VulnCheck]]>/blog/grafana-cve-2021-437982023-02-21T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2023-02-21T00:00:00.000Z<![CDATA[A Different Payload for CVE-2022-47966]]>/blog/cve-2022-47966-payload2023-02-14T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2023-02-14T00:00:00.000Z<![CDATA[Who to Trust? National Vulnerability Database CVSS Accuracy Issues - VulnCheck]]>/blog/cvss-accuracy-issues2023-02-02T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2023-02-02T00:00:00.000Z<![CDATA[Assessing Potential Exploitation of Sophos Firewall and CVE-2022-3236 Blog - VulnCheck]]>/blog/sophos-cve-2022-32362023-01-13T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2023-01-13T00:00:00.000Z<![CDATA[GLPI Exploitation Timeline]]>/blog/glpi-exploitation2022-12-21T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2022-12-21T00:00:00.000Z<![CDATA[Moobot Uses a Fake Vulnerability]]>/blog/moobot-uses-fake-vulnerability2022-12-06T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2022-12-06T00:00:00.000Z<![CDATA[Xiongmai IoT Exploitation]]>/blog/xiongmai-iot-exploitation2022-11-30T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2022-11-30T00:00:00.000Z<![CDATA[Prioritizing CISA Known Exploited Vulnerabilities]]>/blog/kev-prioritization2022-11-14T00:00:00.000ZJacob Baineshttps://twitter.com/Junior_Baines2022-11-14T00:00:00.000Z<![CDATA[Website Launch]]>/blog/website-launch2022-11-12T00:00:00.000ZAnthony Bettini2022-11-12T00:00:00.000Z