Vulnerability Analysis
In-depth guides and analysis on vulnerability analysis from the Safeguard engineering team.
568 articles
Progress WS_FTP CVE-2023-40044: Another File Transfer Platform Falls to Pre-Auth RCE
A critical deserialization vulnerability in Progress WS_FTP Server allowed unauthenticated RCE. Coming after MOVEit, it proved that file transfer platforms remain a systemic weak point.
WinRAR Zero-Day CVE-2023-38831: Weaponized Archives in the Wild
A WinRAR vulnerability exploited since April 2023 allowed attackers to execute arbitrary code when users opened seemingly harmless files inside ZIP archives.
Ivanti EPMM Zero-Day CVE-2023-35078: Norwegian Government Breach
A critical authentication bypass in Ivanti's Endpoint Manager Mobile was exploited to breach Norwegian government agencies, earning a perfect CVSS 10.0 score.
Zenbleed: AMD CPU Vulnerability Leaks Data Across Processes (CVE-2023-20593)
A speculative execution bug in AMD Zen 2 processors allows attackers to steal sensitive data at 30KB per core per second, affecting cloud environments and shared infrastructure.
Citrix NetScaler Zero-Day CVE-2023-3519: Mass Exploitation in the Wild
CVE-2023-3519 allowed unauthenticated remote code execution on Citrix NetScaler ADC and Gateway devices, leading to widespread exploitation and CISA emergency directives.
Zimbra Collaboration CVE-2023-37580: XSS Zero-Day Exploited by Four Nation-State Groups
A reflected XSS vulnerability in Zimbra Collaboration was exploited by four distinct threat groups targeting government organizations worldwide. The campaign showed how even 'low severity' bugs enable espionage.
Microsoft Teams Vulnerability: External Tenant Attacks and the Collaboration Security Gap
Researchers demonstrated that Microsoft Teams' default configuration allowed external attackers to deliver malware directly to employees, bypassing email security controls entirely.
Progress MOVEit: Second Critical Vulnerability Discovered Amid Breach Fallout
While organizations were still reeling from the first MOVEit zero-day, a second critical vulnerability was found — raising questions about the product's security.
Barracuda ESG Zero-Day CVE-2023-2868: When Patching Isn't Enough
Barracuda told customers to physically replace compromised Email Security Gateway appliances. The vulnerability had been exploited since October 2022.
FortiGate CVE-2023-27997: Critical Heap Overflow in SSL VPN
A pre-authentication heap overflow in FortiOS SSL VPN allowed remote code execution on hundreds of thousands of internet-facing firewalls.
MOVEit Transfer CVE-2023-34362: The Zero-Day That Hit Thousands
The MOVEit Transfer SQL injection zero-day exploited by Cl0p ransomware gang became 2023's most impactful vulnerability. Here's the full technical analysis.
CISA KEV Catalog: One Year Analysis of Known Exploited Vulnerabilities
After one year, the CISA KEV catalog has reshaped how organizations prioritize patching. Here's what the data tells us about real-world exploitation.