Intruder
@intruder-io.bsky.social
Use Intruder for real-time discovery and prioritization of attack surface weaknesses. Focus on the fixes that matter. https://www.intruder.io/
CVE-2025-11371 might score 6.2 (Medium) - but it’s anything but medium risk.
It lets attackers steal machine keys & access system files, leading to RCE. Exploitation has already been seen in the wild.
Get the full analysis: cvemon.intruder.io/cves/CVE-202...
It lets attackers steal machine keys & access system files, leading to RCE. Exploitation has already been seen in the wild.
Get the full analysis: cvemon.intruder.io/cves/CVE-202...
CVE-2025-11371 - Overview, Insights & Trends
Get the latest on CVE-2025-11371, including risk score and recommendations. Vulnerability intelligence on trending CVEs from multiple sources.
cvemon.intruder.io
October 13, 2025 at 3:06 PM
CVE-2025-11371 might score 6.2 (Medium) - but it’s anything but medium risk.
It lets attackers steal machine keys & access system files, leading to RCE. Exploitation has already been seen in the wild.
Get the full analysis: cvemon.intruder.io/cves/CVE-202...
It lets attackers steal machine keys & access system files, leading to RCE. Exploitation has already been seen in the wild.
Get the full analysis: cvemon.intruder.io/cves/CVE-202...
How we’re using AI to write vulnerability checks (and where it falls short): www.intruder.io/research/the...
How We’re Using AI to Write Vulnerability Checks (and Where It Falls Short)
Intruder’s security team is experimenting with agentic AI to accelerate vulnerability checks. Discover what’s working, what isn’t, and why AI isn’t the silver bullet it’s made out to be.
www.intruder.io
September 16, 2025 at 2:49 PM
How we’re using AI to write vulnerability checks (and where it falls short): www.intruder.io/research/the...
Meet GregAI - your new #AI security analyst copilot. 🤖
With knowledge of your entire Intruder account, he helps you validate and prioritize issues, remediate with confidence, create clear stakeholder updates, and more.
Learn more: www.intruder.io/blog/greg-ai...
With knowledge of your entire Intruder account, he helps you validate and prioritize issues, remediate with confidence, create clear stakeholder updates, and more.
Learn more: www.intruder.io/blog/greg-ai...
GregAI: Your Intruder AI Security Analyst
We’re excited to introduce GregAI, your AI security analyst copilot that streamlines security workflows by prioritizing issues, validating findings, and more.
www.intruder.io
July 30, 2025 at 3:30 PM
Meet GregAI - your new #AI security analyst copilot. 🤖
With knowledge of your entire Intruder account, he helps you validate and prioritize issues, remediate with confidence, create clear stakeholder updates, and more.
Learn more: www.intruder.io/blog/greg-ai...
With knowledge of your entire Intruder account, he helps you validate and prioritize issues, remediate with confidence, create clear stakeholder updates, and more.
Learn more: www.intruder.io/blog/greg-ai...
Broken API authorization is still exposing sensitive data - so we built a free tool to find it.⚡
Available on GitHub, Autoswagger is our free, open‑source tool that finds unauthenticated #APIs leaking sensitive data like credentials or PII.
Learn more: www.intruder.io/research/bro...
#APISecurity
Available on GitHub, Autoswagger is our free, open‑source tool that finds unauthenticated #APIs leaking sensitive data like credentials or PII.
Learn more: www.intruder.io/research/bro...
#APISecurity
July 25, 2025 at 3:00 PM
Broken API authorization is still exposing sensitive data - so we built a free tool to find it.⚡
Available on GitHub, Autoswagger is our free, open‑source tool that finds unauthenticated #APIs leaking sensitive data like credentials or PII.
Learn more: www.intruder.io/research/bro...
#APISecurity
Available on GitHub, Autoswagger is our free, open‑source tool that finds unauthenticated #APIs leaking sensitive data like credentials or PII.
Learn more: www.intruder.io/research/bro...
#APISecurity
Reposted by Intruder
Autoswagger: Open-source tool to expose hidden API authorization flaws
📖 Read more: www.helpnetsecurity.com/2025/07/24/a...
#cybersecurity #cybersecuritynews #opensource #APIsecurity @intruder-io.bsky.social
📖 Read more: www.helpnetsecurity.com/2025/07/24/a...
#cybersecurity #cybersecuritynews #opensource #APIsecurity @intruder-io.bsky.social
Autoswagger: Open-source tool to expose hidden API authorization flaws - Help Net Security
Autoswagger is a free, open-source tool that scans OpenAPI-documented APIs for broken authorization vulnerabilities.
www.helpnetsecurity.com
July 24, 2025 at 12:37 PM
Autoswagger: Open-source tool to expose hidden API authorization flaws
📖 Read more: www.helpnetsecurity.com/2025/07/24/a...
#cybersecurity #cybersecuritynews #opensource #APIsecurity @intruder-io.bsky.social
📖 Read more: www.helpnetsecurity.com/2025/07/24/a...
#cybersecurity #cybersecuritynews #opensource #APIsecurity @intruder-io.bsky.social
A critical RCE vulnerability in on-prem #Microsoft #SharePoint (CVE-2025-53770) is being actively exploited.
Intruder is the first VM solution we’re aware of to release an active check.
👉 Start a free trial to detect vulnerable SharePoint instances: portal.intruder.io/free_trial
Intruder is the first VM solution we’re aware of to release an active check.
👉 Start a free trial to detect vulnerable SharePoint instances: portal.intruder.io/free_trial
July 22, 2025 at 2:02 PM
A critical RCE vulnerability in on-prem #Microsoft #SharePoint (CVE-2025-53770) is being actively exploited.
Intruder is the first VM solution we’re aware of to release an active check.
👉 Start a free trial to detect vulnerable SharePoint instances: portal.intruder.io/free_trial
Intruder is the first VM solution we’re aware of to release an active check.
👉 Start a free trial to detect vulnerable SharePoint instances: portal.intruder.io/free_trial
🚨 CVE-2025-53770 is critical RCE in on-prem #MicrosoftSharePoint that is being actively exploited.
Get our latest guidance: cvemon.intruder.io/cves/CVE-202...
Get our latest guidance: cvemon.intruder.io/cves/CVE-202...
CVE-2025-53770 - Overview, Insights & Trends
Get the latest on CVE-2025-53770, including risk score and recommendations. Vulnerability intelligence on trending CVEs from multiple sources.
cvemon.intruder.io
July 21, 2025 at 10:35 AM
🚨 CVE-2025-53770 is critical RCE in on-prem #MicrosoftSharePoint that is being actively exploited.
Get our latest guidance: cvemon.intruder.io/cves/CVE-202...
Get our latest guidance: cvemon.intruder.io/cves/CVE-202...
#GladinetCentreStack users - you can now check for CVE-2025-30406 with Intruder ✔️
Our active check is live, so you can find out fast if you're at risk.
👉 Sign up for free to scan your environment today: portal.intruder.io/free_trial
Our active check is live, so you can find out fast if you're at risk.
👉 Sign up for free to scan your environment today: portal.intruder.io/free_trial
April 15, 2025 at 5:02 PM
#GladinetCentreStack users - you can now check for CVE-2025-30406 with Intruder ✔️
Our active check is live, so you can find out fast if you're at risk.
👉 Sign up for free to scan your environment today: portal.intruder.io/free_trial
Our active check is live, so you can find out fast if you're at risk.
👉 Sign up for free to scan your environment today: portal.intruder.io/free_trial
CVE-2025-30406 is a critical (CVSS 9.8) #vulnerability in #GladinetCentreStack.
The issue is caused by the installer using hardcoded values for the validation and decryption key.
Get the latest from our security team: intel.intruder.io/cves/CVE-202...
The issue is caused by the installer using hardcoded values for the validation and decryption key.
Get the latest from our security team: intel.intruder.io/cves/CVE-202...
April 14, 2025 at 3:38 PM
CVE-2025-30406 is a critical (CVSS 9.8) #vulnerability in #GladinetCentreStack.
The issue is caused by the installer using hardcoded values for the validation and decryption key.
Get the latest from our security team: intel.intruder.io/cves/CVE-202...
The issue is caused by the installer using hardcoded values for the validation and decryption key.
Get the latest from our security team: intel.intruder.io/cves/CVE-202...
🚨 Next.js Vulnerability (CVE-2025-29927)
🔴 CVSS: Critical (9.1)
📈 intel.intruder.io hype score: 99 ("it's getting all log4shell")
The advice? Patch now. Get the latest commentary from Intruder’s security team: intel.intruder.io/cves/CVE-202...
🔴 CVSS: Critical (9.1)
📈 intel.intruder.io hype score: 99 ("it's getting all log4shell")
The advice? Patch now. Get the latest commentary from Intruder’s security team: intel.intruder.io/cves/CVE-202...
March 24, 2025 at 11:01 AM
🚨 Next.js Vulnerability (CVE-2025-29927)
🔴 CVSS: Critical (9.1)
📈 intel.intruder.io hype score: 99 ("it's getting all log4shell")
The advice? Patch now. Get the latest commentary from Intruder’s security team: intel.intruder.io/cves/CVE-202...
🔴 CVSS: Critical (9.1)
📈 intel.intruder.io hype score: 99 ("it's getting all log4shell")
The advice? Patch now. Get the latest commentary from Intruder’s security team: intel.intruder.io/cves/CVE-202...
Another day, another expiring SSL certificate…
With SSL certificate expirations making headlines, it’s a reminder of how important it is to have a reliable way to track renewals.
Want to see how easy it is with Intruder? Try it for free:
portal.intruder.io/free_trial
With SSL certificate expirations making headlines, it’s a reminder of how important it is to have a reliable way to track renewals.
Want to see how easy it is with Intruder? Try it for free:
portal.intruder.io/free_trial
March 12, 2025 at 6:16 PM
Another day, another expiring SSL certificate…
With SSL certificate expirations making headlines, it’s a reminder of how important it is to have a reliable way to track renewals.
Want to see how easy it is with Intruder? Try it for free:
portal.intruder.io/free_trial
With SSL certificate expirations making headlines, it’s a reminder of how important it is to have a reliable way to track renewals.
Want to see how easy it is with Intruder? Try it for free:
portal.intruder.io/free_trial
We discovered CVE-2025-0589 in Octopus Deploy - a vulnerability that exposes sensitive Active Directory user details.
Our research shows broken authentication issues in APIs are far more common than you’d think, with some bugs going undetected for years.
Read more: www.intruder.io/research/oct...
Our research shows broken authentication issues in APIs are far more common than you’d think, with some bugs going undetected for years.
Read more: www.intruder.io/research/oct...
March 11, 2025 at 2:02 PM
We discovered CVE-2025-0589 in Octopus Deploy - a vulnerability that exposes sensitive Active Directory user details.
Our research shows broken authentication issues in APIs are far more common than you’d think, with some bugs going undetected for years.
Read more: www.intruder.io/research/oct...
Our research shows broken authentication issues in APIs are far more common than you’d think, with some bugs going undetected for years.
Read more: www.intruder.io/research/oct...
☁️ Cloud security is coming soon to Intruder...
But how will this compare to #AWS security services like GuardDuty, Inspector, and Config?
Learn more and signup to be the first to know when cloud security launches: www.intruder.io/blog/aws-sec...
But how will this compare to #AWS security services like GuardDuty, Inspector, and Config?
Learn more and signup to be the first to know when cloud security launches: www.intruder.io/blog/aws-sec...
AWS Security Services: What They Do and Don’t Do
AWS security services help protect your cloud, but they don’t secure everything. See what’s missing and how Intruder goes further to simplify cloud security.
www.intruder.io
March 7, 2025 at 9:16 AM
☁️ Cloud security is coming soon to Intruder...
But how will this compare to #AWS security services like GuardDuty, Inspector, and Config?
Learn more and signup to be the first to know when cloud security launches: www.intruder.io/blog/aws-sec...
But how will this compare to #AWS security services like GuardDuty, Inspector, and Config?
Learn more and signup to be the first to know when cloud security launches: www.intruder.io/blog/aws-sec...
Most bug hunters skip or under-test SAML flows, but that’s exactly where Cale Anderson, Intruder Security Engineer, found a serious security issue in #Oracle Commerce Cloud 👀
Read the full breakdown:
intruder.io/research/sim...
Read the full breakdown:
intruder.io/research/sim...
Simple Bugs in SAML Apps - Oracle Commerce Cloud
In July 2023, while spending time hacking a US shipping vendor’s environment, I discovered an XXE (XML External Entity) vulnerability in the Oracle Commerce Cloud SAML login flow which allowed an atta...
intruder.io
March 4, 2025 at 11:18 AM
Most bug hunters skip or under-test SAML flows, but that’s exactly where Cale Anderson, Intruder Security Engineer, found a serious security issue in #Oracle Commerce Cloud 👀
Read the full breakdown:
intruder.io/research/sim...
Read the full breakdown:
intruder.io/research/sim...
🚨 CVE-2025-0108 is a high-severity (CVSS 8.8) vulnerability affecting Palo Alto Networks’ PAN-OS, allowing attackers to bypass authentication and execute certain PHP scripts.
👉 See our latest analysis on Intel: hubs.li/Q036zXVf0
👉 See our latest analysis on Intel: hubs.li/Q036zXVf0
CVE-2025-0108 - Overview, Insights & Trends
Get the latest on CVE-2025-0108, including risk score and recommendations. Intel provides vulnerability intelligence on trending CVEs from multiple sources.
hubs.li
February 13, 2025 at 4:12 PM
🚨 CVE-2025-0108 is a high-severity (CVSS 8.8) vulnerability affecting Palo Alto Networks’ PAN-OS, allowing attackers to bypass authentication and execute certain PHP scripts.
👉 See our latest analysis on Intel: hubs.li/Q036zXVf0
👉 See our latest analysis on Intel: hubs.li/Q036zXVf0
Ever wished NVD descriptions actually explained the vuln? Meet Intruder’s new AI Summaries—turning often lacking CVE jargon into plain English so you can focus on patching, not parsing.
Check it out👉 intel.intruder.io
#VulnerabilityIntelligence #CVE #CyberSecurity
Check it out👉 intel.intruder.io
#VulnerabilityIntelligence #CVE #CyberSecurity
February 4, 2025 at 10:10 AM
Ever wished NVD descriptions actually explained the vuln? Meet Intruder’s new AI Summaries—turning often lacking CVE jargon into plain English so you can focus on patching, not parsing.
Check it out👉 intel.intruder.io
#VulnerabilityIntelligence #CVE #CyberSecurity
Check it out👉 intel.intruder.io
#VulnerabilityIntelligence #CVE #CyberSecurity
More details are emerging on #CVE-2024-55591 today - our customers are already ahead of the curve 🚀
We quickly assessed the threat and developed an active check - before one was available from our underlying scanners.
Stay ahead of the latest developments: intel.intruder.io/cves/CVE-202...
We quickly assessed the threat and developed an active check - before one was available from our underlying scanners.
Stay ahead of the latest developments: intel.intruder.io/cves/CVE-202...
CVE-2024-55591 - Overview, Insights & Trends
Get the latest on CVE-2024-55591, including risk score and recommendations. Intel provides vulnerability intelligence on trending CVEs from multiple sources.
intel.intruder.io
January 16, 2025 at 12:22 PM
More details are emerging on #CVE-2024-55591 today - our customers are already ahead of the curve 🚀
We quickly assessed the threat and developed an active check - before one was available from our underlying scanners.
Stay ahead of the latest developments: intel.intruder.io/cves/CVE-202...
We quickly assessed the threat and developed an active check - before one was available from our underlying scanners.
Stay ahead of the latest developments: intel.intruder.io/cves/CVE-202...
#CVE-2024-55591 is a critical vulnerability in FortiOS and FortiProxy under active exploitation. 🚨
The #vulnerability allows unauthenticated attackers to create administrative accounts. #Fortinet has released IoCs to help identify suspicious activity.
intel.intruder.io/cves/CVE-202...
The #vulnerability allows unauthenticated attackers to create administrative accounts. #Fortinet has released IoCs to help identify suspicious activity.
intel.intruder.io/cves/CVE-202...
CVE-2024-55591 - Overview, Insights & Trends
Get the latest on CVE-2024-55591, including risk score and recommendations. Intel provides vulnerability intelligence on trending CVEs from multiple sources.
intel.intruder.io
January 15, 2025 at 10:24 AM
#CVE-2024-55591 is a critical vulnerability in FortiOS and FortiProxy under active exploitation. 🚨
The #vulnerability allows unauthenticated attackers to create administrative accounts. #Fortinet has released IoCs to help identify suspicious activity.
intel.intruder.io/cves/CVE-202...
The #vulnerability allows unauthenticated attackers to create administrative accounts. #Fortinet has released IoCs to help identify suspicious activity.
intel.intruder.io/cves/CVE-202...
CVE-2025-0282 is a critical buffer overflow vulnerability in #Ivanti Connect Secure.
We recommend prioritizing it over other criticals, but due to its complexity, don't expect widespread exploitation.
Get the latest from our Security Team: intel.intruder.io/cves/CVE-202...
#CyberSecurity #InfoSec
We recommend prioritizing it over other criticals, but due to its complexity, don't expect widespread exploitation.
Get the latest from our Security Team: intel.intruder.io/cves/CVE-202...
#CyberSecurity #InfoSec
CVE-2025-0282 - Overview, Insights & Trends
Get the latest on CVE-2025-0282, including risk score and recommendations. Intel provides vulnerability intelligence on trending CVEs from multiple sources.
intel.intruder.io
January 9, 2025 at 3:05 PM
CVE-2025-0282 is a critical buffer overflow vulnerability in #Ivanti Connect Secure.
We recommend prioritizing it over other criticals, but due to its complexity, don't expect widespread exploitation.
Get the latest from our Security Team: intel.intruder.io/cves/CVE-202...
#CyberSecurity #InfoSec
We recommend prioritizing it over other criticals, but due to its complexity, don't expect widespread exploitation.
Get the latest from our Security Team: intel.intruder.io/cves/CVE-202...
#CyberSecurity #InfoSec
SafeBreach released a writeup on Jan 1st linking CVE-2024-49112 to a DoS exploit. However, the original researcher who reported the bug to Microsoft disagrees.
Find out more: intel.intruder.io/cves/CVE-202...
#CyberSecurity #CVE202449112 #InfoSec #Microsoft
Find out more: intel.intruder.io/cves/CVE-202...
#CyberSecurity #CVE202449112 #InfoSec #Microsoft
CVE-2024-49112 - Overview, Insights & Trends
Get the latest on CVE-2024-49112, including risk score and recommendations. Intel provides vulnerability intelligence on trending CVEs from multiple sources.
intel.intruder.io
January 3, 2025 at 2:08 PM
SafeBreach released a writeup on Jan 1st linking CVE-2024-49112 to a DoS exploit. However, the original researcher who reported the bug to Microsoft disagrees.
Find out more: intel.intruder.io/cves/CVE-202...
#CyberSecurity #CVE202449112 #InfoSec #Microsoft
Find out more: intel.intruder.io/cves/CVE-202...
#CyberSecurity #CVE202449112 #InfoSec #Microsoft
When PoC exploit code for Mitel MiCollab vulns dropped, Intruder helped a customer reduce exposure within 24hrs:
☁️ Auto-discovered the system via our cloud connector
✅ Deployed a check before our underlying scanners
🚨 Notified the customer so they could fix the issue
Learn more: shorturl.at/lf8wW
☁️ Auto-discovered the system via our cloud connector
✅ Deployed a check before our underlying scanners
🚨 Notified the customer so they could fix the issue
Learn more: shorturl.at/lf8wW
December 12, 2024 at 3:57 PM
When PoC exploit code for Mitel MiCollab vulns dropped, Intruder helped a customer reduce exposure within 24hrs:
☁️ Auto-discovered the system via our cloud connector
✅ Deployed a check before our underlying scanners
🚨 Notified the customer so they could fix the issue
Learn more: shorturl.at/lf8wW
☁️ Auto-discovered the system via our cloud connector
✅ Deployed a check before our underlying scanners
🚨 Notified the customer so they could fix the issue
Learn more: shorturl.at/lf8wW
Attackers are actively exploiting CVE-2024-50623 to gain remote code execution (RCE) on affected #Cleo servers.
It was initially thought that the patch was insufficient due to ongoing exploitation, but it turns out there is a second unauthenticated RCE.
More info: intel.intruder.io/cves/CVE-202...
It was initially thought that the patch was insufficient due to ongoing exploitation, but it turns out there is a second unauthenticated RCE.
More info: intel.intruder.io/cves/CVE-202...
December 11, 2024 at 4:21 PM
Attackers are actively exploiting CVE-2024-50623 to gain remote code execution (RCE) on affected #Cleo servers.
It was initially thought that the patch was insufficient due to ongoing exploitation, but it turns out there is a second unauthenticated RCE.
More info: intel.intruder.io/cves/CVE-202...
It was initially thought that the patch was insufficient due to ongoing exploitation, but it turns out there is a second unauthenticated RCE.
More info: intel.intruder.io/cves/CVE-202...
Today's hype score: Colder than a datacentre floor ❄️
CVE-2024-42327, a critical vulnerability in #Zabbix, has received the most buzz in the last 24hrs. But with a hype score of 9/100, it's looking like a calm day in the threat landscape so far.
Check it out: intel.intruder.io
#CVE #CyberSecurity
CVE-2024-42327, a critical vulnerability in #Zabbix, has received the most buzz in the last 24hrs. But with a hype score of 9/100, it's looking like a calm day in the threat landscape so far.
Check it out: intel.intruder.io
#CVE #CyberSecurity
November 29, 2024 at 10:06 AM
Today's hype score: Colder than a datacentre floor ❄️
CVE-2024-42327, a critical vulnerability in #Zabbix, has received the most buzz in the last 24hrs. But with a hype score of 9/100, it's looking like a calm day in the threat landscape so far.
Check it out: intel.intruder.io
#CVE #CyberSecurity
CVE-2024-42327, a critical vulnerability in #Zabbix, has received the most buzz in the last 24hrs. But with a hype score of 9/100, it's looking like a calm day in the threat landscape so far.
Check it out: intel.intruder.io
#CVE #CyberSecurity
What's the threat landscape like today?
CVE-2024-5921, a high-severity flaw in the #PaloAlto Networks GlobalProtect app, has received the most buzz in the last 24hrs. But with a hype score of 5 / 100, it's pretty quiet out there.
Stay ahead with Intel: intel.intruder.io/trends
#CVE #CyberSecurity
CVE-2024-5921, a high-severity flaw in the #PaloAlto Networks GlobalProtect app, has received the most buzz in the last 24hrs. But with a hype score of 5 / 100, it's pretty quiet out there.
Stay ahead with Intel: intel.intruder.io/trends
#CVE #CyberSecurity
November 27, 2024 at 4:27 PM
What's the threat landscape like today?
CVE-2024-5921, a high-severity flaw in the #PaloAlto Networks GlobalProtect app, has received the most buzz in the last 24hrs. But with a hype score of 5 / 100, it's pretty quiet out there.
Stay ahead with Intel: intel.intruder.io/trends
#CVE #CyberSecurity
CVE-2024-5921, a high-severity flaw in the #PaloAlto Networks GlobalProtect app, has received the most buzz in the last 24hrs. But with a hype score of 5 / 100, it's pretty quiet out there.
Stay ahead with Intel: intel.intruder.io/trends
#CVE #CyberSecurity