Overview A new critical vulnerability has been identified in FreePBX, the widely adopted open-source, web-based graphical user interface for managing Asterisk PBX systems. Tracked as CVE-2025-57819, this flaw affects FreePBX versions 15, 16, and 17 and enables unauthenticated attackers to bypass administrator login controls. Once inside, threat actors can perform SQL Injection attacks that lead... The post FreePBX Authentication Bypass Leading to SQL Injection and RCE (CVE-2025-57819) appeare...| IONIX
zero-day vulnerability, CVE-2025-7775, has been disclosed in Citrix NetScaler ADC and Gateway appliances. This flaw is classified as a memory overflow vulnerability| IONIX
Article Link: https://www.stpaul.gov/news/saint-paul-city-council-extends-local-state-emergency-respond-digital-security-incident| Project Hyphae
Hint: EASM by itself is a means, not an end. In the rapidly evolving landscape of cybersecurity, few innovations have shown as much early promise as External Attack Surface Management (EASM). Its core value proposition the ability to continuously discover, inventory, and monitor all internet-facing assets of an organization was compelling from the start. Yet,... The post Why Gartner Declared EASM Obsolete Before it Became Mainstream appeared first on IONIX.| IONIX
Description of CVEs 2025‑54253 and 2025‑54254 Adobe Experience Manager (AEM) Forms on Java Enterprise Edition (JEE) has suffered two critical vulnerabilities CVE‑2025‑54253 and CVE‑2025‑54254 disclosed in early August 2025. According to Adobe, both flaws carry public proof-of-concept (PoC) exploits, though there are no known in-the-wild attacks as of today. Exploit Methods CVE‑2025‑54253 – Misconfiguration leading... The post CVE‑2025‑54253 & CVE‑2025‑54254 in Adobe ...| IONIX
Our threat-hunting team just uncovered a mass-produced remote DNS-manipulation campaign that hijacked an entire nameserver (NS) delegation belonging to a Fortune 500 company. Within hours, the attacker used that foothold to create over 9,500 brand-new subdomains, all resolving to the same criminal infrastructure serving illicit gambling pages. Reverse-IP analysis shows the same host is already... The post Remote DNS Manipulation at Scale: How IONIX Uncovered 20,000 Malicious Subdomains from a...| IONIX
How DevOps Teams Can Use IONIX for Zero-Fuss Daily Ops| IONIX
The cybersecurity industry has long been caught in the pendulum swing between platform consolidation and best-of-breed solutions. According to a recent Team8 CISO Village survey, it seems that pendulum may be swinging from recent years where consolidated platforms led the market back to best-of-breed. The survey reveals that 60% of CISOs now favor best-of-breed technologies over... The post Are “Best-of-Breed” Cyber Security Products Reclaiming the Spotlight? appeared first on IONIX.| IONIX
By Marc Gaffan, CEO of IONIX Gartner has officially declared it: External Attack Surface Management (EASM) is obsolete. To many, this announcement may come as a surprise. For us at IONIX, it’s confirmation of what we’ve known and been advocating for over the past two years. We’ve spoken with hundreds of enterprises. We’ve watched how... The post RIP EASM – Gartner Declared EASM Obsolete, Now What? appeared first on IONIX.| IONIX
Discover how IONIX and Cloudflare team up to uncover every internet-facing asset, validate WAF coverage, and close exposure gaps—so your web attack surface stays secure.| IONIX
We are thrilled to announce that IONIX has joined the Wiz Integration Network (WIN) Platform, strengthening our commitment to delivering exceptional security solutions to our customers. This integration brings together Wiz’s industry-leading cloud security platform with IONIX’s Cloud Exposure Validator, creating a powerful integration that addresses one of the most pressing challenges in cloud security...| IONIX
Escape launches the first Asset Inventory and Attack Surface Management solution for GraphQL APIs with its new API Catalog feature.| Escape DAST - Application Security Blog
Discover the importance of API catalogs, their differences from API portals & gateways, and how to ensure optimal API management and security.| Escape DAST - Application Security Blog
Attack Surface Management (ASM) is the process of continuously detecting, discovering, analyzing, remediating, and monitoring the cybersecurity| CIP Blog
Exposed admin panels using threat-hunting tools, and importance of monitoring with attack surface management (ASM) solutions.| CIP Blog
Explore essential CTEM metrics to evaluate your Continuous Threat Exposure Management program and strengthen your cybersecurity defenses.| Strobes Security