| 2025-01-30 | Guy Bruneau | PCAPs or It Didn't Happen: Exposing an Old Netgear Vulnerability Still Active in 2025 [Guest Diary] |
| 2024-12-11 | Guy Bruneau | Vulnerability Symbiosis: vSphere?s CVE-2024-38812 and CVE-2024-38813 [Guest Diary] |
| 2024-08-20 | Johannes Ullrich | Where are we with CVE-2024-38063: Microsoft IPv6 Vulnerability |
| 2024-04-17 | Rob VandenBrink | The CVE's They are A-Changing! |
| 2024-04-17 | Rob VandenBrink | A Vuln is a Vuln, unless the CVE for it is after Feb 12, 2024 |
| 2023-11-30 | John Bambenek | Prophetic Post by Intern on CVE-2023-1389 Foreshadows Mirai Botnet Expansion Today |
| 2023-11-22 | Guy Bruneau | CVE-2023-1389: A New Means to Expand Botnets |
| 2023-11-06 | Johannes Ullrich | Exploit Activity for CVE-2023-22518, Atlassian Confluence Data Center and Server |
| 2023-08-28 | Didier Stevens | Analysis of RAR Exploit Files (CVE-2023-38831) |
| 2023-07-12 | Brad Duncan | Loader activity for Formbook "QM18" |
| 2023-06-17 | Brad Duncan | Formbook from Possible ModiLoader (DBatLoader) |
| 2023-05-14 | Guy Bruneau | VMware Aria Operations addresses multiple Local Privilege Escalations and a Deserialization issue |
| 2023-03-25 | Guy Bruneau | Microsoft Released an Update for Windows Snipping Tool Vulnerability |
| 2023-02-22 | Johannes Ullrich | Internet Wide Scan Fingerprinting Confluence Servers |
| 2023-01-11 | Jan Kopriva | Passive detection of internet-connected systems affected by vulnerabilities from the CISA KEV catalog |
| 2022-12-22 | Guy Bruneau | Exchange OWASSRF Exploited for Remote Code Execution |
| 2022-12-16 | Guy Bruneau | VMware Security Updates |
| 2022-08-14 | Johannes Ullrich | Realtek SDK SIP ALG Vulnerability: A Big Deal, but not much you can do about it. CVE 2022-27255 |
| 2022-06-09 | Brad Duncan | TA570 Qakbot (Qbot) tries CVE-2022-30190 (Follina) exploit (ms-msdt) |
| 2022-05-13 | Johannes Ullrich | From 0-Day to Mirai: 7 days of BIG-IP Exploits |
| 2022-04-28 | Johannes Ullrich | A Day of SMB: What does our SMB/RPC Honeypot see? CVE-2022-26809 |
| 2022-04-14 | Johannes Ullrich | An Update on CVE-2022-26809 - MSRPC Vulnerabliity - PATCH NOW |
| 2022-02-26 | Guy Bruneau | Using Snort IDS Rules with NetWitness PacketDecoder |
| 2022-01-12 | Johannes Ullrich | A Quick CVE-2022-21907 FAQ |
| 2021-12-18 | Guy Bruneau | VMware Security Update - https://www.vmware.com/security/advisories/VMSA-2021-0030.html |
| 2021-12-14 | Johannes Ullrich | Log4j: Getting ready for the long haul (CVE-2021-44228) |
| 2021-11-26 | Guy Bruneau | Searching for Exposed ASUS Routers Vulnerable to CVE-2021-20090 |
| 2021-11-20 | Guy Bruneau | Hikvision Security Cameras Potentially Exposed to Remote Code Execution |
| 2021-10-30 | Guy Bruneau | Remote Desktop Protocol (RDP) Discovery |
| 2021-10-16 | Guy Bruneau | Apache is Actively Scan for CVE-2021-41773 & CVE-2021-42013 |
| 2021-10-06 | Johannes Ullrich | Apache 2.4.49 Directory Traversal Vulnerability (CVE-2021-41773) |
| 2021-06-26 | Guy Bruneau | CVE-2019-9670: Zimbra Collaboration Suite XXE vulnerability |
| 2021-02-24 | Brad Duncan | Malspam pushes GuLoader for Remcos RAT |
| 2021-01-11 | Rob VandenBrink | Using the NVD Database and API to Keep Up with Vulnerabilities and Patches - Tool Drop: CVEScan (Part 3 of 3) |
| 2021-01-07 | Rob VandenBrink | Using the NIST Database and API to Keep Up with Vulnerabilities and Patches (Part 1 of 3) |
| 2021-01-07 | Rob VandenBrink | Directly related to today's main story on CPE/CVEs - Code Exec in Cisco Jabber, all platforms https://nvd.nist.gov/vuln/detail/CVE-2020-26085 |
| 2020-12-18 | Jan Kopriva | A slightly optimistic tale of how patching went for CVE-2019-19781 |
| 2020-11-21 | Guy Bruneau | VMware privilege escalation vulnerabilities (CVE-2020-4004, CVE-2020-4005) - https://www.vmware.com/security/advisories/VMSA-2020-0026.html |
| 2020-11-16 | Jan Kopriva | Heartbleed, BlueKeep and other vulnerabilities that didn't disappear just because we don't talk about them anymore |
| 2020-10-29 | Johannes Ullrich | PATCH NOW: CVE-2020-14882 Weblogic Actively Exploited Against Honeypots |
| 2020-10-28 | Jan Kopriva | SMBGhost - the critical vulnerability many seem to have forgotten to patch |
| 2020-08-08 | Guy Bruneau | Scanning Activity Include Netcat Listener |
| 2020-08-04 | Johannes Ullrich | Reminder: Patch Cisco ASA / FTD Devices (CVE-2020-3452). Exploitation Continues |
| 2020-07-22 | Rick Wanner | A few IoCs related to CVE-2020-5902 |
| 2020-07-15 | Johannes Ullrich | PATCH NOW - SIGRed - CVE-2020-1350 - Microsoft DNS Server Vulnerability |
| 2020-07-06 | Johannes Ullrich | Summary of CVE-2020-5902 F5 BIG-IP RCE Vulnerability Exploits |
| 2020-05-28 | Xavier Mertens | Flashback on CVE-2019-19781 |
| 2020-05-14 | Rob VandenBrink | Patch Tuesday Revisited - CVE-2020-1048 isn't as "Medium" as MS Would Have You Believe |
| 2020-01-16 | Bojan Zdrnja | Summing up CVE-2020-0601, or the Let?s Decrypt vulnerability |
| 2020-01-15 | Johannes Ullrich | CVE-2020-0601 Followup |
| 2020-01-13 | Didier Stevens | Citrix ADC Exploits: Overview of Observed Payloads |
| 2020-01-11 | Johannes Ullrich | Citrix ADC Exploits are Public and Heavily Used. Attempts to Install Backdoor |
| 2020-01-07 | Johannes Ullrich | A Quick Update on Scanning for CVE-2019-19781 (Citrix ADC / Gateway Vulnerability) |
| 2019-11-06 | Brad Duncan | More malspam pushing Formbook |
| 2019-06-19 | Johannes Ullrich | Critical Actively Exploited WebLogic Flaw Patched CVE-2019-2729 |
| 2019-05-22 | Johannes Ullrich | An Update on the Microsoft Windows RDP "Bluekeep" Vulnerability (CVE-2019-0708) [now with pcaps] |
| 2019-04-28 | Johannes Ullrich | Update about Weblogic CVE-2019-2725 (Exploits Used in the Wild, Patch Status) |
| 2019-03-09 | Guy Bruneau | A Comparison Study of SSH Port Activity - TCP 22 & 2222 |
| 2019-02-02 | Guy Bruneau | Scanning for WebDAV PROPFIND Exploiting CVE-2017-7269 |
| 2018-08-20 | Didier Stevens | OpenSSH user enumeration (CVE-2018-15473) |
| 2018-05-22 | Guy Bruneau | VMware updates enable Hypervisor-Assisted Guest Mitigations for Speculative Store Bypass issue - https://www.vmware.com/security/advisories/VMSA-2018-0012.html |
| 2018-05-04 | Lorna Hutcheson | Vulnerabilities on the Rise? |
| 2017-12-30 | Xavier Mertens | 2017, The Flood of CVEs |
| 2017-05-18 | Xavier Mertens | My Little CVE Bot |
| 2016-10-22 | Guy Bruneau | Request for Packets TCP 4786 - CVE-2016-6385 |
| 2016-07-17 | Guy Bruneau | Juniper -> Junos: Self-signed certificate with spoofed trusted Issuer CN accepted as valid - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10755&actp=search |
| 2016-02-13 | Guy Bruneau | VMware VMSA-2015-0007.3 has been Re-released |
| 2016-01-31 | Guy Bruneau | OpenSSL 1.0.2 Advisory and Update |
| 2016-01-30 | Xavier Mertens | All CVE Details at Your Fingertips |
| 2015-07-12 | Guy Bruneau | PHP 5.x Security Updates |
| 2015-06-16 | John Bambenek | CVE-2014-4114 and an Interesting AV Bypass Technique |
| 2015-04-15 | Johannes Ullrich | MS15-034: HTTP.sys (IIS) DoS And Possible Remote Code Execution. PATCH NOW |
| 2015-01-27 | Johannes Ullrich | New Critical GLibc Vulnerability CVE-2015-0235 (aka GHOST) |
| 2014-09-25 | Johannes Ullrich | Update on CVE-2014-6271: Vulnerability in bash (shellshock) |
| 2014-09-24 | Pedro Bueno | Attention *NIX admins, time to patch! |
| 2014-06-12 | Guy Bruneau | BIND Security Update for CVE-2014-3859 |
| 2014-06-12 | Johannes Ullrich | Metasploit now includes module to exploit CVE-2014-0195 (OpenSSL DTLS Fragment Vuln.) |
| 2014-04-08 | Guy Bruneau | OpenSSL CVE-2014-0160 Fixed |
| 2014-03-24 | Johannes Ullrich | New Microsoft Advisory: Unpatched Word Flaw used in Targeted Attacks |
| 2014-03-02 | Stephen Hall | Symantec goes yellow |
| 2013-10-01 | John Bambenek | *Metaspoit Releases Module to Exploit Unpatched IE Vuln CVE-2013-3893 |
| 2013-09-20 | Russ McRee | Threat Level Yellow: Protection recommendations regarding Internet Explorer exploits in the wild |
| 2013-08-16 | Kevin Liston | CVE-2013-2251 Apache Struts 2.X OGNL Vulnerability |
| 2013-06-01 | Guy Bruneau | Exploit Sample for Win32/CVE-2012-0158 |
| 2013-05-20 | Guy Bruneau | Safe - Tools, Tactics and Techniques |
| 2013-05-09 | Johannes Ullrich | Microsoft released a Fix-it for the Internet Explorer 8 Vulnerability http://support.microsoft.com/kb/2847140 |
| 2013-02-11 | John Bambenek | OpenSSL 1.0.1e Released with Corrected fix for CVE-2013-1069, more here: http://www.openssl.org/ |
| 2013-01-19 | Guy Bruneau | Java 7 Update 11 Still has a Flaw |
| 2013-01-04 | Guy Bruneau | "FixIt" Patch for CVE-2012-4792 Bypassed |
| 2012-09-23 | Tony Carothers | Update for CVE-2012-3132 |
| 2012-06-20 | Raul Siles | CVE-2012-0217 (from MS12-042) applies to other environments too |
| 2012-06-18 | Guy Bruneau | CVE-2012-1875 exploit is now available |
| 2012-05-25 | Guy Bruneau | Technical Analysis of Flash Player CVE-2012-0779 |
| 2012-04-19 | Kevin Shortt | OpenSSL Security Advisory - CVE-2012-2110 |
| 2012-02-09 | Richard Porter | DNS Ghost Domains, How I loath you so! |
| 2012-01-12 | Rob VandenBrink | PHP 5.39 was release on the 10th, amongst other things, it addresses CVE-2011-4885 (prevents attacks based on hash collisions) and CVE-2011-4566 (integer overflow when parsing invalid exif header) |
| 2011-10-06 | Rob VandenBrink | Apache HTTP Server mod_proxy reverse proxy issue |
| 2011-05-27 | Kevin Liston | Managing CVE-0 |
| 2011-04-28 | Chris Mohan | Gathering and use of location information fears - or is it all a bit too late |
| 2011-02-23 | Manuel Humberto Santander Pelaez | Bind DOS vulnerability (CVE-2011-0414) |
| 2010-11-16 | Guy Bruneau | OpenSSL TLS Extension Parsing Race Condition |
| 2010-10-30 | Guy Bruneau | Security Update for Shockwave Player |
| 2010-10-28 | Manuel Humberto Santander Pelaez | CVE-2010-3654 - New dangerous 0-day authplay library adobe products vulnerability |
| 2010-09-17 | Robert Danford | Circa 2007 Linux Kernel Vulnerability Resurfaces (Was CVE-2007-4573, Now CVE-2010-3301) |
| 2010-09-13 | Manuel Humberto Santander Pelaez | Adobe SING table parsing exploit (CVE-2010-2883) in the wild |
| 2010-09-12 | Manuel Humberto Santander Pelaez | Adobe Acrobat pushstring Memory Corruption paper |
| 2010-09-08 | John Bambenek | Adobe Acrobat/Reader 0-day in Wild, Adobe Issues Advisory |
| 2010-08-25 | Pedro Bueno | Adobe released security update for Shockwave player that fix several CVEs: APSB1020 |
| 2010-07-20 | Manuel Humberto Santander Pelaez | iTunes buffer overflow vulnerability |
| 2010-06-15 | Manuel Humberto Santander Pelaez | Microsoft Windows Help and Support Center vulnerability (CVE 2010-1885) exploit in the wild |
| 2010-01-19 | Jim Clausing | The IE saga continues, out-of-cycle patch coming soon |
| 2010-01-15 | Kevin Liston | Exploit code available for CVE-2010-0249 |
| 2010-01-12 | Adrien de Beaupre | PoC for CVE-2009-0689 MacOS X 10.5/10.6 vulnerability |
| 2010-01-04 | Bojan Zdrnja | Sophisticated, targeted malicious PDF documents exploiting CVE-2009-4324 |
| 2009-05-28 | Stephen Hall | Microsoft DirectShow vulnerability |
