Ghost CVEs are vulnerabilities disclosed in GitHub and advisories before hitting NVD. Tracking them lets us patch threats days faster than teams waiting for official databases.

Critical RCE vulnerabilities (CVE-2026-1281 & CVE-2026-1340) have been discovered in Ivanti EPMM

A developing security situation involving Clawdbot (recently rebranded as Moltbot) - an open-source, self-hosted AI assistant.

Drawing on data from over 3,000 environments, this report ranks the six biggest vulnerabilities of 2025.

Discover how our security team uncovered complex vulnerabilities that required human expertise to detect - helping our customers stay ahead of emerging threats.

When one of our go-to resources, cvetrends.com, shut down last year, it left us with no choice but to build our own. Meet our free vulnerability intelligence resource.

Get the latest on the OpenSSH regreSSHion vulnerability (CVE-2024-6387). Intruder's Security team explain what it is, its potential impact, and what action you need to take.

Get the latest on the Progress MOVEit vulnerability (CVE-2024-5806). Intruder's Security Team explain what it is and what action you can take.

Find out all you need to know about the Check Point Security Gateways vulnerability (CVE-2024-24919): what is it, which systems are at risk, and how can Intruder help?

Get the latest on the Palo Alto GlobalProtect vulnerability (CVE-2024-3400), including how Intruder's Attack Surface view can help you check for it.

Find out everything you need to know about the xz-utils vulnerability (CVE-2024-3094) and what you should do if your systems are at risk.

Get our take on the impact of the NetScaler vulnerability, see if you're affected, and find out how to fix it.

Intruder's experts explain the severity of Cisco IOS XE zero-day vulnerability, whether you're affected, and how to mitigate any risk.

Intruder's security expert explains what the curl vulnerability is, whether you should be concerned about it, and how to identify and fix it.

Grab security updates for your Linux distributions because there's a security hole that can be easily exploited by rogue users, intruders, & malicious software to gain root access.

Phishing isn't going away any time soon. Learn about the latest attack techniques and scam examples so you can better protect your business.

Focus on these key areas to secure your environments and safeguard your success in 2023. Make sure you're only in the news when you want to be.

The OpenSSL project has pre-announced a new and critical vulnerability that will be fixed in OpenSSL version 3.0.7, expected 1 November 2022. Updates to this announcement will ...

Cybersecurity today matters so much because of everyone’s dependence on technology, from collaboration, communication and collecting data...

Spring4Shell is a critical vulnerability (CVSSv3 9.8) targetting Java’s most popular framework, Spring, and was disclosed on 31 March ...

Apache Log4j is a logging package for Java which has been widely adopted and integrated into many applications. Developers need a way of ...

Every single day around 60 new vulnerabilities are discovered in software used throughout the world. Not all are serious but just one can...

Our research shows that Mongo databases are subject to continual attacks when exposed to the internet. Attacks are carried out ...

A new critical vulnerability in affecting Windows systems came to light on Tuesday, affecting SMB services used by the latest versions of...

Over the last few days there’s been a lot of hype surrounding the recently released (and patched) VENOM vulnerability. This post hopes to…

You may have heard of the new DROWN vulnerability as it’s been in the news a fair bit over the past couple of days.

It seems that merely releasing a vulnerability with a cool logo and marketing budget isn’t enough these days. Like the movie studio behind…

You may have heard of two new MySQL vulnerabilities in the news over the past couple of days (CVE-2016–6662 & CVE-2016–6663).

Leaked from the NSA’s toolkit of private exploits, this recently disclosed Heartbleed-esque vulnerability can allow an attacker anywhere on…

You may have heard of a new Linux vulnerability named “Dirty COW” in the news today.

A number of new vulnerabilities in Memcached were recently discovered, which affect versions of the software before 1.4.33.

Intruder’s latest research reveals that up to 13,000 organisations are affected by little-known user enumeration flaws in a range of…

Yesterday (May 14th 2019), Microsoft published a security advisory bulletin for a critical vulnerability in its remote login service…

The ROBOT attack. Sounds pretty ominous, right? Choosing catchy names for web-based cryptography (TLS) vulnerabilities has become pretty…

Petya or NotPetya — How long should it take to patch against a globally recognised exploit, and why are attackers still able to use…

“We are the Team Xball and we have chosen your website/network as target for our next DDoS attack.”

On March 7th a critical vulnerability was announced in the Apache Struts framework, a popular web development toolkit that is commonly used…

The Heartbleed vulnerability, renowned for allowing hackers anywhere on the internet to access encrypted communication between websites and…

A number of vulnerabilities were recently discovered, which affect email sending functionality in the following software libraries:

A vulnerability in the PHPMailer library was recently discovered, which affects versions of the software before 5.2.18.