Matthew Kienow

GNU Inetutils telnetd pre-auth RCE within LINEMODE suboption SLC (Set Local Characters) handling runzero.com/blog/telnetd-r…

Veeam Backup & Replication authenticated domain user multiple RCE runzero.com/blog/veeam-ins…

HPE Aruba Networking AOS-CX authentication bypass (CVE-2026-23813) and more. runzero.com/blog/hpe-aruba…

Tracking unsupported edge devices just got easier! CISA’s BOD 26-02 requires agencies to identify internet-exposed EOS edge devices by May 5, 2026. Our new Findings tab surfaces them automatically. 👉 Read more from @todb & @HacksForProfit runzero.com/blog/finding-c…

EOS edge devices exposed to the internet = a 'please hack me' sign on your front door. CISA agrees. And that's what BOD 26-02 is all about. In our latest blog, @todb, @HacksForProfit & Colin Dupreay break down how runZero customers can get ahead. 👉 runzero.com/blog/cisa-bod-…

An unauthenticated RCE PoC for the React vuln (CVE-2025-55182) is now public. Confirmed to work on my test setup (Next.js 16.0.6 with React 19.2.0).

@SipeedIO Thank you

@HacksForProfit It is full sample rate in any linux(real or VM), 800M@4CH, 400M@8CH, 200M@16CH

What about this Spec #SLogic32U3 with simple oscilloscope functions: 1. USB3.2 gen2 10Gbps interface 2. Digtal sample: Max 1600M@4CH, 800M@8CH, 400M@16CH, 200M@32CH 3. Analog input: 200Msps@4CH, 400Msps@2CH, 800Msps@1CH 4. LA for 149$, ADC module 15$/CH.

@SipeedIO Thanks for the quick reply. Hopefully there is better engagement from upstream soon. Are you able to provide sample rates that are possible when using the device in a Linux VM?

@HacksForProfit We have submit PR, but sigrok upstream is very inactive and hasn't merged anything for a long time. HDL is not opensource

@UjlakiMarci It appears the initial CVSS score for CVE-2025-36636 doesn't align with the description. "Authenticated user" yet the CVSS vector has privileges required (PR) none. The initial CVSS record went through as a 10 for some reason and has not been updated yet.

A security center which... isn't secure? 🤔 NVD lists it as a max score severity vulnerability, but the official site says medium? 🟥 CVE-2025-36636, CVSS: 10.0 (#Critical, #Highest) Tenable Security Center version prior to 6.7.0 Improper access control vulnerability. Authenticated users can access areas outside their authorized scope, leading to potential data exposure. #CyberSecurity #CVE #Vulnerability #Tenable #AccessControl #670" target="_blank" rel="nofollow noopener">docs.tenable.com/release-notes/…

🎥 Missed runZero Hour live? Catch it on demand! We recap Hacker Summer Camp highlights: ✅ @hdmoore on SSH vulns + SSHamble updates ✅ Akheron Proxy w/ @HacksForProfit & @Percent_X ✅ @todb unveils EPSS Pulse ✅ OT protocol insights from Rob King 👉 runzero.com/resources/runz…

🎙 Hacker Summer Camp recap drops today on runZero Hour! ✅ @hdmoore on SSH vulns + SSHamble ✅ Akheron Proxy w/ @HacksForProfit & @Percent_X ✅ @todb unveils EPSS Pulse ✅ Rob King on OT detection across protocol gateways. 📅 Aug 20 | 10AM PT 🔗 runzero.com/research/runze…

🗣️ Happening today at Black Hat Arsenal! Join @HacksForProfit & @Percent_X at 11am PDT for a live demo of Akheron Proxy, a tool for bridging, capturing, replaying, and manipulating UART inter-chip communications. 📍 Business Hall, Arsenal Station 9 🔗 runzero.com/black-hat-arse…

I'm excited to announce our "Out-of-Band" series; focused on the security risks of management devices like BMCs, serial servers, and KVMs. "Out-of-Band, Part 1: The new generation of IP KVMs and how to find them" is now live at: runzero.com/blog/oob-p1-ip…

A PSA for why you should probably not use Postman (it can leak secrets to them): anonymousdata.medium.com/postman-is-log…

I spoke with @robertvamosi on ErrodCode podcast awhile back on "Hacking Cellular-Enabled IoT Devices" We had a fun conversation. The podcast was just published so please check it out - errorcode.podbean.com/e/ep-52-hackin…

We have just published our AttackerKB @rapid7 Analysis for CVE-2024-47575, the recent FortiManager 0day, aka FortiJump 🔥 Read our full technical analysis; detailing firmware decryption, protocol analysis, and unauthenticated RCE 🚀 attackerkb.com/topics/OFBGprm…

CVE and vendor advisory now available on the #FortiManager 0day that's been knocking around the rumor mill (and evidently some Fortinet customers' email inboxes) for a while. Mitigate immediately, but IOCs need investigating, too. rapid7.com/blog/post/2024…

@evilsocket Open Source is Magic!

I love people.

Rapid7's 2024 Attack Intelligence Report was released today and includes insights from 14 months of vulnerability and exploit analysis, thousands of ransomware incidents, 180+ APT campaigns, and a year+ of Rapid7 incident response findings. rapid7.com/research/repor…