Vulnerability & Exploit Coverage
18 articles · sorted newest first

GitLab's ExifTool RCE: A Patch That Sat Unrecognized for Months
CVE-2021-22205 was quietly fixed in April 2021 — but its full unauthenticated remote-code-execution severity wasn't widely understood until late 2021, by which point mass exploitation had already begun.

Barracuda Told Customers to Replace Their Appliances, Not Just Patch Them. Here's Why.
CVE-2023-2868 was exploited as a zero-day for roughly seven months before discovery — and left some compromised appliances backdoored even after the software patch was applied.

The WinRAR Bug That Hid a Malicious Script Behind a Fake Photo
CVE-2023-38831 let a booby-trapped archive execute code when a user clicked what looked like a harmless image file — exploited against trading forums before the technical details were widely known.

vCenter's Unrestricted-Upload Bug: A Reminder That Management Planes Shouldn't Face the Internet
CVE-2021-21972 let unauthenticated attackers execute code with root privileges on VMware vCenter Server — and internet scans found tens of thousands of instances exposed anyway, against VMware's own guidance.

Spring4Shell: Why This One Needed Careful Triage, Not Panic
CVE-2022-22965 leaked publicly before VMware's patch was ready — but unlike Log4Shell, exploitation required a specific combination of conditions that made blanket panic the wrong response.

The Confluence Bug That Went From Zero-Day to Mass Ransomware Precursor in Days
CVE-2022-26134 gave unauthenticated attackers remote code execution on any exposed Confluence instance — and became a go-to foothold for ransomware operators within days of disclosure.

FortiOS Auth Bypass: Why Fortinet Warned Select Customers Before Going Public
CVE-2022-40684 let attackers bypass authentication on FortiOS and FortiProxy management interfaces and plant persistent SSH keys — Fortinet quietly warned targeted customers before public disclosure.
F5 BIG-IP's Maximum-Severity Auth Bypass: What CVE-2022-1388 Actually Exposed
A critical authentication-bypass flaw in F5 BIG-IP's iControl REST API let unauthenticated attackers execute system commands on appliances that front an enormous share of enterprise application traffic.

Follina Explained: The MSDT Bug That Skipped the Macro Warning Entirely
CVE-2022-30190 let a Word document trigger arbitrary code execution through the Windows Support Diagnostic Tool — no macros, and in some configurations no explicit click required beyond opening the file.

The MSHTML Zero-Day That Turned a Word Document Into Full Code Execution
CVE-2021-40444 let attackers execute arbitrary code through a malicious Office document with no macros required — exploited in the wild before Microsoft's patch existed.

ProxyLogon: Inside the Exchange Server Attack Chain That Triggered an FBI Court Order
CVE-2021-26855 and three chained Exchange Server bugs gave attackers unauthenticated remote code execution — and led to a compromise event so widespread the FBI obtained a court order to remove webshells itself.

PrintNightmare: How a Leaked Proof-of-Concept Forced an Emergency Windows Patch
CVE-2021-34527 let attackers turn the Windows Print Spooler service — running by default on nearly every Windows machine — into a path to SYSTEM privileges or full domain compromise.

Log4Shell, Explained: Why a Logging Library Became the Internet's Worst Week
CVE-2021-44228 turned a single misused feature in Apache Log4j2 — a Java logging library embedded almost everywhere — into one of the most widely exploited vulnerabilities ever recorded.

The Outlook 'MonikerLink' Bug: One Click, Protected View Bypassed
CVE-2024-21413 let attackers bypass Outlook's Protected View sandbox with a single specially crafted hyperlink, leading to code execution and potential credential leakage. Patched in February 2024's Patch Tuesday.

PAN-OS GlobalProtect Zero-Day Gave Attackers Root on the Firewall Itself
CVE-2024-3400, a maximum-severity command-injection flaw in Palo Alto Networks' PAN-OS GlobalProtect feature, was exploited in the wild before a patch existed — handing attackers root access to the perimeter firewall.

Inside the Ivanti Connect Secure Zero-Day Chain Attackers Used Before a Patch Existed
CVE-2023-46805 and CVE-2024-21887, chained together, gave a suspected nation-state actor unauthenticated remote code execution on Ivanti Connect Secure and Policy Secure VPN gateways for weeks before patches.

Citrix Bleed: How a Memory Leak in NetScaler Bypassed MFA Entirely
CVE-2023-4966, known as Citrix Bleed, let attackers pull live session tokens straight out of NetScaler ADC and Gateway memory — hijacking already-authenticated sessions without needing a password or MFA code.

Cisco IOS XE Web UI Zero-Day: How One Bug Compromised Tens of Thousands of Devices
CVE-2023-20198, a maximum-severity privilege-escalation flaw in Cisco IOS XE's web management interface, was exploited at mass scale before a patch existed — handing attackers full admin control of network infrastructure.