Fortinet recommends that you install hotfixes for EMS 7.4.5 / 7.4.6 as per their advisory:
www.fortiguard.com/psirt/FG-IR-...

🚨 Forticlient EMS Zero Day disclosed minutes ago actively being exploited in the wild as being report by @DefusedCyber & @Fortinet

I've created a vulnerability detection script to check for vulnerable instances:
github.com/rxerium/rxer...

Note: these queries only surface public repos that explicitly committed the affected versions. The impact is far wider.

axios Compromised on npm - Malicious Versions Drop Remote Access Trojan - StepSecurity Hijacked maintainer account used to publish poisoned axios releases including 1.14.1 and 0.30.4. The attacker injected a hidden dependency that drops a cross platform RAT. We are actively…

Full technical analysis from StepSecurity:
www.stepsecurity.io/blog/axios-c...

🚨 Axios was hit by a supply chain attack as of the early hours of this morning.

I'm currently hunting affected repos on GitHub, here is what I have so far:

Vulnerable versions (via package.json):
github.com/search?q=%2F...

Presence of plain-crypto-js:
github.com/search?q=pla...

🚨 CVE-2026-21643 an SQL Injection vulnerability (CVSS 9.8) is seeing active exploitation in the wild as reported by @DefusedCyber

Vulnerability detection script available here:
github.com/rxerium/rxer...

Upgrade to 7.4.5 or later as reported by Fortinet:
fortiguard.fortinet.com/psirt/FG-IR-...

rxerium-templates/2026/CVE-2026-3055.yaml at main · rxerium/rxerium-templates Nuclei scripts created by @rxerium for zero days / actively exploited vulnerabilities. - rxerium/rxerium-templates

🚨 CVE-2026-3055 (CVSS 9.3), a unauth memory overread vulnerability affecting Citrix NetScaler ADC and NetScaler Gateway appliances that could see active exploitation itw

Vulnerability detection script:
github.com/rxerium/rxer...

Patches are available:
support.citrix.com/support-home...

UNC6201 Exploiting a Dell RecoverPoint for Virtual Machines Zero-Day | Google Cloud Blog UNC6201 utilizes a newly discovered zero-day in Dell RecoverPoint for Virtual Machines to deliver BRICKSTORM and subsequently backdoors.

Dell recommends upgrading to version 6.0.3.1 HF1 or later. Mitigations are also available.

Mandiant report:
cloud.google.com/blog/topics/...

🚨 Mandiant have identified zero-day exploitation of a high-risk vulnerability in Dell RecoverPoint for Virtual Machines, tracked as CVE-2026-22769.

RecoverPoint can be detected using this Nuclei template:
github.com/projectdisco...

Very limited exposure to the internet.

Yet another critical vulnerability in n8n - CVE-2026-25049 (CVSS 9.4).

Vulnerability detection script here:
github.com/rxerium/rxer...

Patched versions are 1.123.17 / 2.5.2 as per:
github.com/n8n-io/n8n/s...

🚨 2 new vulnerability scripts created for the n8n vulnerabilities disclosed today:

CVE-2026-1470:
github.com/rxerium/rxer...

CVE-2026-0863:
github.com/rxerium/rxer...

Happy hunting.

WHD 2026.1 release notes SOLARWINDS ACADEMY

No signs of active exploitation in the wild yet but it is strongly recommended that you patch as per Solarwind's security advisory:
documentation.solarwinds.com/en/success_c...

🚨 2 critical authentication bypass and RCE vulns in Solarwinds WHD have been disclosed.

Detection scripts can be found below:
CVE-2025-40552:
github.com/rxerium/rxer...

CVE-2025-40554:
github.com/rxerium/rxer...

🔎 With all the recent buzz around Clawdbot, I've created a Nuclei template to detect this product:
github.com/projectdisco...

Currently, there are 240 exposed instances (via Shodan) accessible on the internet at the time of posting, but I expect that number to grow:
www.shodan.io/search?query...

DNS Based OSINT Techniques for Product and Service Discovery - Rishi C YouTube video by OWASP London

Many thanks to Rishi C (@rxerium.com) for presenting his talk: "DNS Based #OSINT Techniques for Product and Service Discovery" at our meetup last week.

The video recording of the talk is available to watch 📺 on the #OWASPLondon YouTube Channel [PLEASE SUBSCRIBE!]:
👇
www.youtube.com/watch?v=lGO3...

🔍 Compete with 200 others and put your investigation skills to the test!

CTFs are one of the best ways to develop real-world OSINT skills. You’ll learn new techniques, discover useful tools, and practice creative problem-solving in realistic scenarios.

Join the UK OSINT Community CTF today 👇

🚨 CVE-2025-64155: Critical unauthenticated OS command injection in Fortinet FortiSIEM - CVSS 9.4

I've created a vulnerability detection script here:
github.com/rxerium/rxer...

Fortinet's advisory
fortiguard.fortinet.com/psirt/FG-IR-...

🚨 Critical (CVSS 9.6) vulnerability in Appsmith allows account takeover via Origin header manipulation in password reset/email verification flows.

I've created a vulnerability detection script here:
github.com/rxerium/rxer...

Reference:
github.com/appsmithorg/...

Following the recently released CTF challenge from the UK OSINT Community, Joshua Richards will be walking through the approach, key decisions, and OSINT techniques used step by step.

Join us tomorrow at 5PM GMT on the Discord for a live walkthrough.

Join the Discord: osint.uk/join

🚨 Yet another critical (CVSS 10) vulnerability affecting n8n instances tagged as CVE-2026-21877.

Vulnerability detection script here:
github.com/rxerium/rxer...

The issue has been resolved in n8n version 1.121.3.

Advisory:
github.com/advisories/G...

🚨 CVE-2025-52691 (CVSS 10) in SmarterMail allows unauthenticated arbitrary file upload leading to RCE.

Affects Build ≤9406. Update to 9413+.

Detection script: github.com/rxerium/CVE-2025-52691

CSA Alert: www.csa.gov.sg/alerts-and-a...

🚨 Critical RCE (CVSS 10) vulnerability affecting n8n instances: CVE-2025-68613

I've created a vulnerability detection script here:
github.com/rxerium/CVE-...

Advisory:
github.com/n8n-io/n8n/s...

🇵🇹✈️ Next stop: Portugal

I’m honoured to be delivering a workshop-style talk on DNS-based OSINT techniques at BSides Porto this Saturday, 29 November!

If you’re attending, I’d love to meet up and discuss all things cyber!

Looking forward to seeing you there 👋

Is your AI coding agent a security expert?

20+ Claude Code skills:
SAST • DAST • SCA • Secrets • Containers • Policy • Offensive Security - and more!

Looking for testers and contributors 👀

github.com/AgentSecOps/...

#DevSecOps #AI #Security #OpenSource #ClaudeCodeSkills #AgentSecOps #Claude

Active Exploitation of Gladinet CentreStack and Triofox Local File Inclusion Flaw | Huntress Huntress has observed in-the-wild exploitation of a Local File Inclusion vulnerability in Gladinet CentreStack and Triofox products.

**No patch is available yet, but affected organisations should implement the mitigation immediately**

huntress.com/blog/gladine...

🚨 Active Exploitation of Gladinet CentreStack and Triofox Local File Inclusion Flaw (CVE-2025-11371)

I've created a vulnerability detection script here: github.com/rxerium/CVE-...

As reported by Huntress this is an unauthenticated Local File Inclusion flaw in Gladinet CentreStack and Triofox.

Here is the current exposure for E-Business Suite (via Shodan):
shodan.io/search?query...

Patches are available as per Oracle's Security Advisory:
oracle.com/security-ale...

GitHub - rxerium/CVE-2025-61882: Detection for CVE-2025-61882 Detection for CVE-2025-61882. Contribute to rxerium/CVE-2025-61882 development by creating an account on GitHub.

🚨 Critical zero-day tagged as CVE-2025-61882 (CVSS 9.8) affecting Oracle E-Business Suite

I've created a vulnerability detection script here:
github.com/rxerium/CVE-...

This vulnerability is remotely exploitable without authentication.

Solarwinds critical vuln - CVE-2025-26399

"Given SolarWinds’ past, in-the-wild exploitation is highly likely" as being reported by WatchTowr Labs

I've created a detection script for this vuln:
github.com/rxerium/CVE-...

128 currently vulnerable across 22 countries / 90 cities: