Metasploit Wrap-Up 12/19/2025
React2Shell Payload ImprovementsLast week Metasploit released an exploit for the React2Shell vulnerability, and this week we have made a couple of improvements to the payloads that it uses. The first...
Read more
CVE-2025-37164: Critical unauthenticated RCE affecting Hewlett Packard Enterprise OneView
OverviewOn December 17, 2025, Hewlett Packard Enterprise (HPE) published an advisory for CVE-2025-37164, a CVSS 10.0 vulnerability in HPE OneView. The vulnerability, which was reported to HPE by security researcher...
Read more
Critical vulnerabilities in Fortinet CVE-2025-59718, CVE-2025-59719 exploited in the wild
OverviewA recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the wild. The vulnerabilities carry a critical CVSSv3 score...
Read more
Test for React2Shell with Application Security using New Functionality
Following disclosure of the React2Shell vulnerability (CVE-2025-55182), a maximum-severity Remote Code Execution (RCE) in React Server Components (RSC) a.k.a. the Flight protocol, security teams are assessing exposure and validating fixes....
Read more
Dynamic EASM Discovery: Continuous Discovery for a Changing Attack Surface
Staying ahead of what’s exposed, automatically.The modern enterprise doesn’t stand still. New domains are registered, acquisitions bring inherited infrastructure, cloud workloads spin up and down daily, and somewhere in the...
Read more
SantaStealer is Coming to Town: A New, Ambitious Infostealer Advertised on Underground Forums
Update from December 16, 2025: Shortly after publishing this blog post, we have observed a message from the official SantaStealer telegram channel announcing the release of the stealer. This means...
Read more