Rishi
@rxerium.com
Senior Cyber Analyst || OWASP member || Project Discovery Ambassador || UK OSINT Officer || Purple Teamer || Privacy Advocate || Signal: @rxerium.02
🚨 Active Exploitation of Gladinet CentreStack and Triofox Local File Inclusion Flaw (CVE-2025-11371)
I've created a vulnerability detection script here: github.com/rxerium/CVE-...
As reported by Huntress this is an unauthenticated Local File Inclusion flaw in Gladinet CentreStack and Triofox.
I've created a vulnerability detection script here: github.com/rxerium/CVE-...
As reported by Huntress this is an unauthenticated Local File Inclusion flaw in Gladinet CentreStack and Triofox.
October 11, 2025 at 8:02 AM
🚨 Active Exploitation of Gladinet CentreStack and Triofox Local File Inclusion Flaw (CVE-2025-11371)
I've created a vulnerability detection script here: github.com/rxerium/CVE-...
As reported by Huntress this is an unauthenticated Local File Inclusion flaw in Gladinet CentreStack and Triofox.
I've created a vulnerability detection script here: github.com/rxerium/CVE-...
As reported by Huntress this is an unauthenticated Local File Inclusion flaw in Gladinet CentreStack and Triofox.
🚨 Critical zero-day tagged as CVE-2025-61882 (CVSS 9.8) affecting Oracle E-Business Suite
I've created a vulnerability detection script here:
github.com/rxerium/CVE-...
This vulnerability is remotely exploitable without authentication.
I've created a vulnerability detection script here:
github.com/rxerium/CVE-...
This vulnerability is remotely exploitable without authentication.
GitHub - rxerium/CVE-2025-61882: Detection for CVE-2025-61882
Detection for CVE-2025-61882. Contribute to rxerium/CVE-2025-61882 development by creating an account on GitHub.
github.com
October 5, 2025 at 6:55 PM
🚨 Critical zero-day tagged as CVE-2025-61882 (CVSS 9.8) affecting Oracle E-Business Suite
I've created a vulnerability detection script here:
github.com/rxerium/CVE-...
This vulnerability is remotely exploitable without authentication.
I've created a vulnerability detection script here:
github.com/rxerium/CVE-...
This vulnerability is remotely exploitable without authentication.
Solarwinds critical vuln - CVE-2025-26399
"Given SolarWinds’ past, in-the-wild exploitation is highly likely" as being reported by WatchTowr Labs
I've created a detection script for this vuln:
github.com/rxerium/CVE-...
128 currently vulnerable across 22 countries / 90 cities:
"Given SolarWinds’ past, in-the-wild exploitation is highly likely" as being reported by WatchTowr Labs
I've created a detection script for this vuln:
github.com/rxerium/CVE-...
128 currently vulnerable across 22 countries / 90 cities:
github.com
September 23, 2025 at 6:45 PM
Solarwinds critical vuln - CVE-2025-26399
"Given SolarWinds’ past, in-the-wild exploitation is highly likely" as being reported by WatchTowr Labs
I've created a detection script for this vuln:
github.com/rxerium/CVE-...
128 currently vulnerable across 22 countries / 90 cities:
"Given SolarWinds’ past, in-the-wild exploitation is highly likely" as being reported by WatchTowr Labs
I've created a detection script for this vuln:
github.com/rxerium/CVE-...
128 currently vulnerable across 22 countries / 90 cities:
🚨 Critical — CVE-2025-10035 (CVSS 10.0): Fortra has disclosed a deserialization flaw in the GoAnywhere MFT License Servlet that can allow remote command-injection.
I've created a #nuclei script to detect vulnerable instances at scale:
github.com/rxerium/CVE-...
I've created a #nuclei script to detect vulnerable instances at scale:
github.com/rxerium/CVE-...
September 20, 2025 at 8:36 AM
🚨 Critical — CVE-2025-10035 (CVSS 10.0): Fortra has disclosed a deserialization flaw in the GoAnywhere MFT License Servlet that can allow remote command-injection.
I've created a #nuclei script to detect vulnerable instances at scale:
github.com/rxerium/CVE-...
I've created a #nuclei script to detect vulnerable instances at scale:
github.com/rxerium/CVE-...
Detection for critical SAP Netweaver vulnerability (CVE-2025-42944):
github.com/rxerium/CVE-...
github.com/rxerium/CVE-...
September 11, 2025 at 11:01 AM
Detection for critical SAP Netweaver vulnerability (CVE-2025-42944):
github.com/rxerium/CVE-...
github.com/rxerium/CVE-...
Reposted by Rishi
🕵️♂️ New OSINT training drop: Learn how to use X (Twitter) Advanced Search to trace usernames, map networks & uncover hidden accounts.
Presented by @rxerium.com for the UK OSINT Community.
🎥 Watch here: www.youtube.com/watch?v=Yj2m...
Presented by @rxerium.com for the UK OSINT Community.
🎥 Watch here: www.youtube.com/watch?v=Yj2m...
Using OSINT to Investigate on Twitter/X
YouTube video by UK OSINT Community
www.youtube.com
September 8, 2025 at 10:52 AM
🕵️♂️ New OSINT training drop: Learn how to use X (Twitter) Advanced Search to trace usernames, map networks & uncover hidden accounts.
Presented by @rxerium.com for the UK OSINT Community.
🎥 Watch here: www.youtube.com/watch?v=Yj2m...
Presented by @rxerium.com for the UK OSINT Community.
🎥 Watch here: www.youtube.com/watch?v=Yj2m...
🚨 New zero day added to the CISA KEV under an hour ago and is actively being exploited in the wild - CVE-2025-53690; CVSS 9.0 (Critical)
Check to see if you're vulnerable:
github.com/rxerium/CVE-...
Patches / workarounds are available:
support.sitecore.com/kb?id=kb_art...
Check to see if you're vulnerable:
github.com/rxerium/CVE-...
Patches / workarounds are available:
support.sitecore.com/kb?id=kb_art...
September 4, 2025 at 8:06 PM
🚨 New zero day added to the CISA KEV under an hour ago and is actively being exploited in the wild - CVE-2025-53690; CVSS 9.0 (Critical)
Check to see if you're vulnerable:
github.com/rxerium/CVE-...
Patches / workarounds are available:
support.sitecore.com/kb?id=kb_art...
Check to see if you're vulnerable:
github.com/rxerium/CVE-...
Patches / workarounds are available:
support.sitecore.com/kb?id=kb_art...
🚨 Undiscolsed zero day affecting FreePBX servers:
- No patches are available at the time of this post.
- Workarounds are to limit access to your FreePBX instance
- I've created a detection template here to check if you're vulnerable:
github.com/rxerium/free...
#freepbx #zeroday #cybersecurity
- No patches are available at the time of this post.
- Workarounds are to limit access to your FreePBX instance
- I've created a detection template here to check if you're vulnerable:
github.com/rxerium/free...
#freepbx #zeroday #cybersecurity
GitHub - rxerium/freepbx-zeroday-detection: Zero day detection script for recent zero day affecting FreePBX instances - August 2025
Zero day detection script for recent zero day affecting FreePBX instances - August 2025 - GitHub - rxerium/freepbx-zeroday-detection: Zero day detection script for recent zero day affecting FreePB...
github.com
August 28, 2025 at 10:36 AM
🚨 Undiscolsed zero day affecting FreePBX servers:
- No patches are available at the time of this post.
- Workarounds are to limit access to your FreePBX instance
- I've created a detection template here to check if you're vulnerable:
github.com/rxerium/free...
#freepbx #zeroday #cybersecurity
- No patches are available at the time of this post.
- Workarounds are to limit access to your FreePBX instance
- I've created a detection template here to check if you're vulnerable:
github.com/rxerium/free...
#freepbx #zeroday #cybersecurity
I've created a vulnerability script for CVE-2025-8875 and CVE-2025-8876 - both currently being actively exploited in the wild as reported by @cisacyber.
Detection script:
github.com/rxerium/CVE-...
Patches are available:
status.n-able.com/2025/08/13/a...
Detection script:
github.com/rxerium/CVE-...
Patches are available:
status.n-able.com/2025/08/13/a...
August 17, 2025 at 6:29 PM
I've created a vulnerability script for CVE-2025-8875 and CVE-2025-8876 - both currently being actively exploited in the wild as reported by @cisacyber.
Detection script:
github.com/rxerium/CVE-...
Patches are available:
status.n-able.com/2025/08/13/a...
Detection script:
github.com/rxerium/CVE-...
Patches are available:
status.n-able.com/2025/08/13/a...
Catch me at #BSidesVegas or #DEFCON - I’ll be handing out exclusive UK OSINT swag. Come say hi and snag some before its all gone! 👋
August 1, 2025 at 2:47 PM
Catch me at #BSidesVegas or #DEFCON - I’ll be handing out exclusive UK OSINT swag. Come say hi and snag some before its all gone! 👋
Detection script for Micollab SQL injection vulnerability, tagged CVE-2025-52914 (high severity):
github.com/rxerium/CVE-...
www.mitel.com/support/secu...
github.com/rxerium/CVE-...
www.mitel.com/support/secu...
July 25, 2025 at 10:48 AM
Detection script for Micollab SQL injection vulnerability, tagged CVE-2025-52914 (high severity):
github.com/rxerium/CVE-...
www.mitel.com/support/secu...
github.com/rxerium/CVE-...
www.mitel.com/support/secu...
I’m thrilled to be speaking at DEFCON in Las Vegas this year!
I’ll be sharing insights from my recent contributions to the OWASP Amass project and Project Discovery’s Nuclei, focusing on DNS-based techniques for Product and Service Discovery. More details below:
I’ll be sharing insights from my recent contributions to the OWASP Amass project and Project Discovery’s Nuclei, focusing on DNS-based techniques for Product and Service Discovery. More details below:
July 21, 2025 at 2:55 PM
I’m thrilled to be speaking at DEFCON in Las Vegas this year!
I’ll be sharing insights from my recent contributions to the OWASP Amass project and Project Discovery’s Nuclei, focusing on DNS-based techniques for Product and Service Discovery. More details below:
I’ll be sharing insights from my recent contributions to the OWASP Amass project and Project Discovery’s Nuclei, focusing on DNS-based techniques for Product and Service Discovery. More details below:
🚨 new zero day affecting crushFTP instances (CVE-2025-54309) being exploited in the wild:
~291,903 exposed devices running crushFTP (as of 19.07.25) according to @shodanhq:
`http.html:"crushftp"`
Patch now:
www.crushftp.com/crush11wiki/...
~291,903 exposed devices running crushFTP (as of 19.07.25) according to @shodanhq:
`http.html:"crushftp"`
Patch now:
www.crushftp.com/crush11wiki/...
July 19, 2025 at 7:12 AM
🚨 new zero day affecting crushFTP instances (CVE-2025-54309) being exploited in the wild:
~291,903 exposed devices running crushFTP (as of 19.07.25) according to @shodanhq:
`http.html:"crushftp"`
Patch now:
www.crushftp.com/crush11wiki/...
~291,903 exposed devices running crushFTP (as of 19.07.25) according to @shodanhq:
`http.html:"crushftp"`
Patch now:
www.crushftp.com/crush11wiki/...
I've created a passive detection script to detect instances that are vulnerable to critical RCE tagged as CVE-2025-47812:
github.com/rxerium/CVE-...
Around ~4000 instances exposed to the internet as of 25.07.16
`http.favicon.hash:963565804`
github.com/rxerium/CVE-...
Around ~4000 instances exposed to the internet as of 25.07.16
`http.favicon.hash:963565804`
July 16, 2025 at 6:56 AM
I've created a passive detection script to detect instances that are vulnerable to critical RCE tagged as CVE-2025-47812:
github.com/rxerium/CVE-...
Around ~4000 instances exposed to the internet as of 25.07.16
`http.favicon.hash:963565804`
github.com/rxerium/CVE-...
Around ~4000 instances exposed to the internet as of 25.07.16
`http.favicon.hash:963565804`
Want to detect the internal security posture of an organisation without contacting them or installing agents on their local network?
I created a detection script in my spare time which takes advantage of exposed Safebase portals
github.com/rxerium/inte...
#osint #nuclei
I created a detection script in my spare time which takes advantage of exposed Safebase portals
github.com/rxerium/inte...
#osint #nuclei
GitHub - rxerium/internal-security-detect: The detection of internal security controls at a company
The detection of internal security controls at a company - rxerium/internal-security-detect
github.com
June 23, 2025 at 8:33 PM
Want to detect the internal security posture of an organisation without contacting them or installing agents on their local network?
I created a detection script in my spare time which takes advantage of exposed Safebase portals
github.com/rxerium/inte...
#osint #nuclei
I created a detection script in my spare time which takes advantage of exposed Safebase portals
github.com/rxerium/inte...
#osint #nuclei
I've created a passive detection script for this Wazuh vulnerability. It is currently being exploited in the wild (as reported by CISA). The script can be found here:
github.com/rxerium/CVE-...
Original article:
thehackernews.com/2025/06/botn...
github.com/rxerium/CVE-...
Original article:
thehackernews.com/2025/06/botn...
GitHub - rxerium/CVE-2025-24016: Deserialization of Untrusted Data Vulnerability in the Wazuh software
Deserialization of Untrusted Data Vulnerability in the Wazuh software - rxerium/CVE-2025-24016
t.co
June 10, 2025 at 7:03 PM
I've created a passive detection script for this Wazuh vulnerability. It is currently being exploited in the wild (as reported by CISA). The script can be found here:
github.com/rxerium/CVE-...
Original article:
thehackernews.com/2025/06/botn...
github.com/rxerium/CVE-...
Original article:
thehackernews.com/2025/06/botn...
Hey Bluesky! I’m less active here but more engaged on Twitter and GitHub. My socials can be found on my website: rxerium.com 🤝
Rishi
rxerium.com
June 9, 2025 at 6:42 PM
Hey Bluesky! I’m less active here but more engaged on Twitter and GitHub. My socials can be found on my website: rxerium.com 🤝
I've created a script to detect CVE-2025-49113 based on versions exposed in the html body:
github.com/rxerium/CVE-...
Use at your own risk.
github.com/rxerium/CVE-...
Use at your own risk.
June 3, 2025 at 7:14 PM
I've created a script to detect CVE-2025-49113 based on versions exposed in the html body:
github.com/rxerium/CVE-...
Use at your own risk.
github.com/rxerium/CVE-...
Use at your own risk.
Reposted by Rishi
🔍 Swipe a stranger’s selfie—are you already over the ethical line?
In the latest article from the UK OSINT Community, Rishi Chudasama shows why “public” doesn’t mean “permissible,” urging OSINT pros to match technical skill with empathy and respect for privacy.
📖 Read: www.osint.uk/content/ethi...
In the latest article from the UK OSINT Community, Rishi Chudasama shows why “public” doesn’t mean “permissible,” urging OSINT pros to match technical skill with empathy and respect for privacy.
📖 Read: www.osint.uk/content/ethi...
Ethical Implications of OSINT in Personal Data Collection
Exploring the ethical limits of collecting personal data during investigations.
www.osint.uk
April 28, 2025 at 9:30 AM
🔍 Swipe a stranger’s selfie—are you already over the ethical line?
In the latest article from the UK OSINT Community, Rishi Chudasama shows why “public” doesn’t mean “permissible,” urging OSINT pros to match technical skill with empathy and respect for privacy.
📖 Read: www.osint.uk/content/ethi...
In the latest article from the UK OSINT Community, Rishi Chudasama shows why “public” doesn’t mean “permissible,” urging OSINT pros to match technical skill with empathy and respect for privacy.
📖 Read: www.osint.uk/content/ethi...
🚨 New Zero-Day Vulnerability (CVE-2025-31324) Exploited in the wild CVSS10.0
NetWeaver VCM Uploader lacks proper authorization, allowing unauthenticated users to upload malicious executable binaries, potentially harming the host system and affecting all components of the CIA triad
Detection in 🧵
NetWeaver VCM Uploader lacks proper authorization, allowing unauthenticated users to upload malicious executable binaries, potentially harming the host system and affecting all components of the CIA triad
Detection in 🧵
April 26, 2025 at 7:13 AM
🚨 New Zero-Day Vulnerability (CVE-2025-31324) Exploited in the wild CVSS10.0
NetWeaver VCM Uploader lacks proper authorization, allowing unauthenticated users to upload malicious executable binaries, potentially harming the host system and affecting all components of the CIA triad
Detection in 🧵
NetWeaver VCM Uploader lacks proper authorization, allowing unauthenticated users to upload malicious executable binaries, potentially harming the host system and affecting all components of the CIA triad
Detection in 🧵
🚨Critical remote code execution zero-day (CVSS 10.0) vulnerability CVE-2025-32433 affecting the Erlang/OTP SSH service allows an attacker with network access to an Erlang/OTP SSH server to execute arbitrary code without prior authentication
April 17, 2025 at 7:02 PM
🚨Critical remote code execution zero-day (CVSS 10.0) vulnerability CVE-2025-32433 affecting the Erlang/OTP SSH service allows an attacker with network access to an Erlang/OTP SSH server to execute arbitrary code without prior authentication
Scan infrastructure for websites that support the .onion service with Nuclei:
.onion Service Availability by rxerium · Pull Request #11873 · projectdiscovery/nuclei-templates
Checks if any given site has the .onion service available: I've validated this template locally? YES NO Additional Details (leave it blank if not applicable) Additional References: Nu...
github.com
April 10, 2025 at 6:27 AM
Scan infrastructure for websites that support the .onion service with Nuclei:
i've created 2 detection scripts to check if websites have been seized by the #fbi - the first looks at the html body for common phrases and the other looks at nameservers.
nameserver detection:
github.com/projectdisco...
word matching:
github.com/projectdisco...
#security #CyberSecurity
nameserver detection:
github.com/projectdisco...
word matching:
github.com/projectdisco...
#security #CyberSecurity
April 2, 2025 at 6:58 PM
i've created 2 detection scripts to check if websites have been seized by the #fbi - the first looks at the html body for common phrases and the other looks at nameservers.
nameserver detection:
github.com/projectdisco...
word matching:
github.com/projectdisco...
#security #CyberSecurity
nameserver detection:
github.com/projectdisco...
word matching:
github.com/projectdisco...
#security #CyberSecurity
The tj-actions supply chain attack (CVE-2025-30066) currently affects ~14.5 public repos running a vulnerable version.
Custom GitHub query to detect exposure for this vulnerability:
github.com/search?q=pat...
www.sweet.security/blog/cve-202...
Custom GitHub query to detect exposure for this vulnerability:
github.com/search?q=pat...
www.sweet.security/blog/cve-202...
Build software better, together
GitHub is where people build software. More than 150 million people use GitHub to discover, fork, and contribute to over 420 million projects.
github.com
March 17, 2025 at 6:49 PM
The tj-actions supply chain attack (CVE-2025-30066) currently affects ~14.5 public repos running a vulnerable version.
Custom GitHub query to detect exposure for this vulnerability:
github.com/search?q=pat...
www.sweet.security/blog/cve-202...
Custom GitHub query to detect exposure for this vulnerability:
github.com/search?q=pat...
www.sweet.security/blog/cve-202...
CISA reports 3 actively exploited vulnerabilities in Ivanti products:
- CVE-2024-10811
- CVE-2024-13161
- CVE-2024-13160
- CVE-2024-13159
Horizon3AI PoC:
github.com/horizon3ai/I...
- CVE-2024-10811
- CVE-2024-13161
- CVE-2024-13160
- CVE-2024-13159
Horizon3AI PoC:
github.com/horizon3ai/I...
GitHub - horizon3ai/Ivanti-EPM-Coercion-Vulnerabilities: Proof of concept exploit for Ivanti EPM CVE-2024-13159 and others
Proof of concept exploit for Ivanti EPM CVE-2024-13159 and others - horizon3ai/Ivanti-EPM-Coercion-Vulnerabilities
github.com
March 11, 2025 at 7:01 PM
CISA reports 3 actively exploited vulnerabilities in Ivanti products:
- CVE-2024-10811
- CVE-2024-13161
- CVE-2024-13160
- CVE-2024-13159
Horizon3AI PoC:
github.com/horizon3ai/I...
- CVE-2024-10811
- CVE-2024-13161
- CVE-2024-13160
- CVE-2024-13159
Horizon3AI PoC:
github.com/horizon3ai/I...