🚧 Planned Maintenance 🚧
The application may be unavailable for a period of time❗️

On Sunday, August 3, 2025, at 08:00 UTC ⏰, we will servicing the Netlas load balancer. In case of problems, the application may be unavailable for a couple of hours. Our team will do everything possible to prevent this.

Please remember to save your work before this time.

The $1.5 B Bybit Hack & How OSINT Cracked the Case 🔍

On February 21, 2025, the Lazarus Group tricked a Safe{Wallet} developer into approving malicious multisig transactions — netting over $1.4 billion from Bybit’s cold wallet — and covered their tracks with targeted JavaScript injection.

In our latest article, see how open-source sleuthing linked the heist to North Korea’s premier APT and learn the OSINT techniques that unraveled this record-breaking crypto theft.

👉 Read now: https://netlas.io/blog/bybit_hack

CVE-2025-53786: Elevation of Privilege in Microsoft Exchange, 8.0 rating❗️

A vulnerability in Microsoft Exchange hybrid configurations could potentially allow an attackers with high local privileges to escalate their privileges in an organization's cloud infrastructure.

Search at Netlas.io:
👉 Link: https://nt.ls/GBh5M
👉 Dork: tag.name:"microsoft_exchange"

Vendor's advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53786

CVE-2025-50055: SAML Injection in OpenVPN Access Server, high rating❗️

The vulnerability allows an attacker to perform JavaScript injection via SAML relaystate, potentially leading to RCE.

Search at Netlas.io:
👉 Link: https://nt.ls/uLSQx
👉 Dork: http.headers.server:"OpenVPN-AS"

Vendor's advisory: https://ssg-dev.openvpn.net/as-docs/as-3-0-release-notes.html#access-server-3-0-versions

I, Robot + NIST AI RMF: Prevent the Great Robot Uprising 🤖

Thinking your toaster couldn’t lead an army? Think again.

In our latest article, we use classic scenes from I, Robot to break down the NIST AI Risk Management Framework’s four pillars — Map, Measure, Manage, Govern — so you can keep your AIs on task (and off the march).

👉 Read now: https://netlas.io/blog/nist_ai_rmf/

CVE-2025-54253 and CVE-2025-54254: Arbitrary code execution in Adobe Experience Manager CMS

Adobe is aware that CVE-2025-54253 and CVE-2025-54254 have a publicly available proof-of-concept. Adobe is not aware of these issues being exploited in the wild.

Search at Netlas.io:
👉 Link: https://nt.ls/MngFC
👉 Dork: tag.name:"adobe_experience_manager"

Vendor's advisory: https://helpx.adobe.com/security/products/aem-forms/apsb25-82.html

👨‍💻 Want to level up your bug bounty skills? Check out these top-rated courses for 2025! From beginners to experts, there's something for everyone.

👉 Read now: https://netlas.io/blog/best_bug_boounty_courses/

CVE-2025-7384: Critical PHP Object Injection in WordPress Plugin

A critical vulnerability has been found in the Database for Contact Form 7, WPForms, and Elementor forms WordPress plugin. Since this is a backend-only plugin, it is not directly detectable through standard search dorks. Supported frontend plugins could help determine the scope. However, only about 1% of hosts identified this way are actually vulnerable.

🔍 Netlas: https://nt.ls/Be3g6
ℹ️ Advisory: https://nt.ls/RoI8t

CVE-2025-27210 – High Severity Path Traversal in Node.js (Windows)

One of our Netlas users identified a serious flaw in Windows builds of Node.js and asked us to inform the community. Any web app running Node.js 20.x before 20.19.4, 22.x before 22.17.1, or 24.x before 24.4.1 on Windows may be at risk of unauthorized file access through path traversal.

⚡️ Update immediately
ℹ️ Advisory: https://nt.ls/YX7xc

CVE-2025-20265 — Critical RCE in Cisco Secure Firewall Management Center (CVSS 10).

Exploitable by unauthenticated attackers when RADIUS authentication is enabled; affects FMC 7.0.7 & 7.7.0. We see <200 internet-exposed on-prem FMCs (cloud-hosted cdFMC excluded).

🔍 Netlas: https://nt.ls/E5j8D
ℹ️ Advisory: https://nt.ls/C3hPx

Meet Kanvas — an open-source incident response tool that turns chaos into clarity with built-in visualizations, intel lookups, and teamwork-friendly features.

This post, written by an experienced security analyst for fellow security analysts, breaks down how Kanvas can supercharge your IR workflow.

👉 Read the post: https://netlas.io/blog/kanvas/

🚀 Netlas v1.3.0 is live!

This update doubles the number of scanned ports, adds protocol detection to public scans, boosts vulnerability coverage, and makes downloads lightning-fast.

Explore what’s new 👉 https://docs.netlas.io/changelog/#netlas-v1-3-0

⚠️ Today, 2025-08-22, starting from 04:30 UTC, we began experiencing a major service outage.

The issue has been localized to a problem within our database cluster. Our engineering team is actively working to resolve the issue and restore full service as quickly as possible. We will continue to provide updates as we make progress.

CVE-2025-26496 and other: Multiple vulnerabilities in Tableau Server, 7.7 - 9.6 rating 🔥

Five new vulnerabilities in Tableau Server include Type Confusion, Path Traversal, Dangerous File Uploads and Improper Input Validation.

Search at Netlas.io:
👉 Link: https://nt.ls/gsuQl
👉 Dork: http.headers.server:"Tableau"

Read more: https://help.salesforce.com/s/articleView?id=005132575&type=1

CVE-2025-57819: Authentication Bypass in FreePBX Administrator, 10.0 rating 🔥🔥🔥

A critical zero-day vulnerability in FreePBX could allow an attacker to perform SQL injection and RCE. Exploitation has already been observed in the wild!

Search at Netlas.io:
👉 Link: https://nt.ls/ebwk9
👉 Dork: http.favicon.hash_sha256:dfc3cc989bec09d968e978cde336709c655fa85469fd482ac10e17942da80be9

Vendor's advisory: https://github.com/FreePBX/security-reporting/security/advisories/GHSA-m42g-xg4c-5f3h

Vibe-Coding Security Risks: When AI Ships Insecurity ⚠️

AI helps you ship code fast — and sometimes ships vulnerabilities faster.

In our latest article, learn how vibe-coding introduces issues like package hallucination, typosquatting, weak auth, and exposed configs, see real-world fallout, and get practical steps to secure AI-generated code.

👉 Read now: https://netlas.io/blog/vibe-coding-security-risks/

CVE-2025-57833: SQL Injection in Django, 7.1 rating❗️

A vulnerability in some versions of the Django framework allows attackers to access sensitive data if a web application uses insecure versions.

Search at Netlas.io:
👉 Link: https://nt.ls/gu9dj
👉 Dork: tag.name:"django"

Read more: https://www.cve.org/CVERecord?id=CVE-2025-57833

Mapping Dark Web Infrastructure 💀

In latest article we break down practical techniques investigators use to trace hidden services — clearnet resource leaks, header fingerprints, certificate reuse, and bulletproof hosting overlaps.

Real examples and ethical do’s & don’ts included.

👉 Read now: https://netlas.io/blog/mapping_dark_web/

CVE-2025-8085: SSRF in Ditty WordPress plugin, 8.6 rating❗️

The vulnerability allows attackers without authentication to make requests to arbitrary URLs.

Search at Netlas.io:
👉 Link: https://nt.ls/HthP0
👉 Dork: http.body:"plugins/ditty-news-ticker"

Read more: https://wpscan.com/vulnerability/f42c37bb-1ae0-49ab-bd81-7864dff0fcff/

CVE-2025-42944, -42922, -27500 and other: Multiple vulnerabilities in SAP NetWeaver, 3.1 - 10.0 rating 🔥🔥🔥

In the September patch, SAP reported 21 vulnerabilities, including Path Traversal, Missing Authentication check, Insecure File Operations, and RCE with the highest severity score!

Search at Netlas.io:
👉 Link: https://nt.ls/wFC1w
👉 Dork: http.headers.server:"NetWeaver"

Vendor's advisory: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/september-2025.html

Bug Bounty + Recon Toolkit: Stop Hunting Blind 🧭

Still brute-forcing in the dark? Bring a map.

In our new article, we lay out a practical, start-to-finish recon flow - from passive OSINT to active probing - with copy-paste commands, tool picks, and workflow tips to turn noise into findings.

👉 Read now: https://netlas.io/blog/best_recon_tools_for_bug_bounty/