🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

From shadow IT to real-world vulnerabilities: Our Surfacing Security podcast dives deep into modern security challenges. Learn about the limitations of common assessment tools and the importance of proactive measures. 🎧 Listen to Surfacing Security: Apple Podcasts:

🔍 For 6 years, we've pioneered a different approach: Integrating security research directly into our platform to find exposures beyond CVEs. Security isn't just about CVE numbers - it's about understanding and discovering real exposures. 🎧 Listen to learn more: Spotify:

Our security research team dived into CVE-2024-8534, a memory safety vulnerability leading to memory corruption and Denial of Service affecting Citrix NetScaler. Customers of our True Attack Surface Management platform have already rapidly responded: assetnote.io/resources/rese…

🔐 Modern cloud platforms like Akamai, Vercel & Heroku create complex security landscapes. Traditional IP scanning can't see through WAFs & wildcard certificates creating blind spots. Discover how passive DNS reveals the full picture in our Surfacing Security podcast: Spotify:

Security isn't just a data problem. Bigger wordlists and faster tools aren't the answer. The real value? Turning data into actionable intelligence that protects your business. That's where offensive security instinct meets ASM. Ready to move beyond data overload to actual

Last month, our Security Research team discovered and disclosed a critical pre-authentication RCE in CraftCMS (CVE-2024-56145). You can read our blog post on the issue here: assetnote.io/resources/rese…

🏃‍♂️ Speed matters in security. With proper ASM, you can identify vulnerabilities before they become costly bounty payouts. Learn how to optimise your bug bounty program: Spotify: buff.ly/4eUrhxy Apple Podcasts: buff.ly/3YUymJF YouTube: buff.ly/3XUaCDC

In our Surfacing Security Podcast, we redefine #AttackSurfaceManagement. It's not just asset discovery - it's about integrating real-time asset awareness into core security processes. Learn how this approach elevates threat intel, incident response, and overall security posture.

🛡️ Finding vulnerabilities is just the first step. The untold story: Our teams often spend weeks developing effective mitigations, working to have solutions ready before vendor patches. Because security isn't just about discovery - it's about protection. Learn more 🎧 Spotify:

🔍 The origin story of true ASM: 'We need to capture everything - new ports, changes, technologies - anything that could lead to exploitation.' But monitoring isn't enough. Real ASM combines: - Real-time asset awareness - Scalable coverage - True exploitability assessment Listen

What looks like a niche vulnerability in one attack surface becomes a pattern when you look across thousands. That's the power of automated depth in modern ASM. Listen to our full discussion: Spotify: buff.ly/3YN4H3D Apple Podcasts: buff.ly/3TuyLzg YouTube:

🔒 The automation challenge in security: Many orgs struggle to automate vulnerability detection safely. Our solution? Finding the sweet spot: - Automated discovery - Proven exploitability - Zero disruption - Safe execution Learn how we make it work 🎧 Spotify:

Modern enterprise infrastructure isn't just cloud-centric - it's protected by WAFs and CDNs. This architectural shift creates new challenges for traditional asset discovery approaches. Understanding your entire attack surface requires adapting to these architectural realities.

🛠️ Building attack surface visibility from scratch taught us a crucial lesson: DNS wildcard detection requires more than open-source tools. Dive into our engineering journey: Spotify: buff.ly/3MO7jZu Apple Podcasts: buff.ly/4gTsgzQ YouTube:

We are thrilled to announce that Assetnote has been acquired by Searchlight Cyber! This is an exciting new chapter for our team as we continue our mission of providing our customers with a market-leading ASM solution. Joining forces with Searchlight Cyber means that we will be

Our security research team discovered an authentication bypass in Palo Alto's PAN-OS management interface. Our discoveries come shortly after exploit chains were released at the end of 2024 after a deeper investigation. You can read our research here: slcyber.io/blog/nginx-apa…

Our security research team discovered a pre-auth RCE (CVE-2025-27218) in Sitecore XP 10.4. You can read our research here: slcyber.io/blog/sitecore-…

Our security research team recently analyzed the authentication bypass vulnerability in Next.js (CVE-2025-29927). Our blog post details how to detect this vulnerability with more reliability. Read more here: slcyber.io/assetnote-secu…

Our security research team discovered a critical pre-authentication SQL injection vulnerability in Halo ITSM, a popular IT support software, often externally exposed and sensitive: Read more here: slcyber.io/assetnote-secu…

Our team recently used a novel technique to increase the impact of what seemed to be only a blind SSRF. This novel technique involving HTTP redirect loops and incremental status codes led to full HTTP response leakage. Read more on Searchlight Cyber blog here: slcyber.io/assetnote-secu…