• Backdooring Your Backdoors – Another $20 Domain, More Governments https://labs.watchtowr.com/more-governments-backdoors-in-your-backdoors/ 73 comments 12/1/2025
• Backdooring your backdoors – Another $20 domain, more governments https://labs.watchtowr.com/more-governments-backdoors-in-your-backdoors/ 2 comments 8/1/2025
• Pots and Pans, a.k.a. an Sslvpn Palo Alto Pan-OS CVE-2024-0012 and CVE-2024-9474 https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/ 2 comments 19/11/2024
• We spent $20 to achieve RCE and accidentally became the admins of .mobi https://labs.watchtowr.com/we-spent-20-to-achieve-rce-and-accidentally-became-the-admins-of-mobi/ 367 comments 11/9/2024
• Palo Alto – Putting the Protecc in GlobalProtect (CVE-2024-3400) https://labs.watchtowr.com/palo-alto-putting-the-protecc-in-globalprotect-cve-2024-3400/ 32 comments 16/4/2024

• Backdooring Your Backdoors - Another $20 Domain, More Governments https://labs.watchtowr.com/more-governments-backdoors-in-your-backdoors/ 7 comments 13/1/2025 security
• We spent $20 to achieve RCE and accidentally became the admins of .MOBI https://labs.watchtowr.com/we-spent-20-to-achieve-rce-and-accidentally-became-the-admins-of-mobi/ 8 comments 11/9/2024 security

• XSS To RCE By Abusing Custom File Handlers - Kentico Xperience CMS (CVE-2025-2748) - watchTowr Labs https://labs.watchtowr.com/xss-to-rce-by-abusing-custom-file-handlers-kentico-xperience-cms-cve-2025-2748/ 0 comments 1/4/2025 netsec
• By Executive Order, We Are Banning Blacklists - Domain-Level RCE in Veeam Backup & Replication (CVE-2025-23120) - watchTowr Labs https://labs.watchtowr.com/by-executive-order-we-are-banning-blacklists-domain-level-rce-in-veeam-backup-replication-cve-2025-23120/ 6 comments 20/3/2025 netsec
• The Best Security Is When We All Agree To Keep Everything Secret (Except The Secrets) - NAKIVO Backup & Replication (CVE-2024-48248) - watchTowr Labs https://labs.watchtowr.com/the-best-security-is-when-we-all-agree-to-keep-everything-secret-except-the-secrets-nakivo-backup-replication-cve-2024-48248/ 2 comments 26/2/2025 netsec
• 8 Million Requests Later, We Made The SolarWinds Supply Chain Attack Look Amateur - watchTowr Labs https://labs.watchtowr.com/8-million-requests-later-we-made-the-solarwinds-supply-chain-attack-look-amateur/ 10 comments 4/2/2025 netsec
• Get FortiRekt, I am the Super_Admin Now - FortiOS Authentication Bypass CVE-2024-55591 - watchTowr Labs https://labs.watchtowr.com/get-fortirekt-i-am-the-super_admin-now-fortios-authentication-bypass-cve-2024-55591/ 2 comments 27/1/2025 netsec
• Exploitation Walkthrough and Techniques - Ivanti Connect Secure RCE (CVE-2025-0282) - watchTowr Labs https://labs.watchtowr.com/exploitation-walkthrough-and-techniques-ivanti-connect-secure-rce-cve-2025-0282/ 2 comments 12/1/2025 netsec
• Do Secure-By-Design Pledges Come With Stickers? - Ivanti Connect Secure RCE (CVE-2025-0282) - watchTowr Labs https://labs.watchtowr.com/do-secure-by-design-pledges-come-with-stickers-ivanti-connect-secure-rce-cve-2025-0282/ 2 comments 10/1/2025 netsec
• Backdooring Your Backdoors - Another $20 Domain, More Governments - watchTowr Labs https://labs.watchtowr.com/more-governments-backdoors-in-your-backdoors/ 5 comments 8/1/2025 netsec
• Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474 - watchTowr Labs https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/ 3 comments 19/11/2024 netsec
• Citrix Virtual Apps and Desktops (XEN) Unauthenticated Remote Code execution https://labs.watchtowr.com/visionaries-at-citrix-have-democratised-remote-network-access-citrix-virtual-apps-and-desktops-cve-unknown/ 2 comments 12/11/2024 netsec
• Fortinet FortiGate CVE-2024-23113 - A Super Complex Vulnerability In A Super Secure Appliance In 2024 - watchTowr Labs https://labs.watchtowr.com/fortinet-fortigate-cve-2024-23113-a-super-complex-vulnerability-in-a-super-secure-appliance-in-2024/ 2 comments 14/10/2024 netsec
• We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI - watchTowr Labs https://labs.watchtowr.com/we-spent-20-to-achieve-rce-and-accidentally-became-the-admins-of-mobi/ 2 comments 11/9/2024 netsec
• No Way, PHP Strikes Again! (CVE-2024-4577) - watchTowr Labs https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/ 16 comments 7/6/2024 netsec
• Check Point - Wrong Check Point (CVE-2024-24919) - watchTowr Labs https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/ 3 comments 30/5/2024 netsec
• QNAP QTS - QNAPping At The Wheel (CVE-2024-27130 and friends) - watchTowr Labs https://labs.watchtowr.com/qnap-qts-qnapping-at-the-wheel-cve-2024-27130-and-friends/ 4 comments 17/5/2024 netsec
• Palo Alto - Putting The Protecc In GlobalProtect (CVE-2024-3400) - watchTowr Labs https://labs.watchtowr.com/palo-alto-putting-the-protecc-in-globalprotect-cve-2024-3400/ 11 comments 16/4/2024 netsec
• Yet More Unauth Remote Command Execution Vulns in Firewalls - Sangfor Edition https://labs.watchtowr.com/yet-more-unauth-remote-command-execution-vulns-in-firewalls-sangfor-edition/ 2 comments 5/10/2023 netsec