Find out why lower-severity vulns are the bigger pain

Author(s)
Ioana Rijnetu Content Marketer

Updated at: July 07, 2022

Article tags

We know the struggle is real and how quickly companies involved in fighting the pandemic became high-value targets for cybercriminals in the past months.

So, earlier this year, we offered them free penetration tests so they could improve their security and better cope with the growing threat of cyberattacks.

The COVID-19 free penetration tests report we did is packed with concrete findings and actionable recommendations, which are helpful to better benchmark your vulnerability information.

Learn about the riskiest security issues for companies, review key actions our security experts recommend, steal our pentesting toolstack to simplify your own workflow, and many more.

GET THE REPORT: DOWNLOAD IT FOR FREE

Get our findings from pentesting 16 companies that operate in industries such as IT&C, Information security, Education, Software, Travel, and Agriculture.

Join the conversation and tell us how your company is dealing with emerging vulnerabilities.

Get fresh security research

In your inbox. (No fluff. Actionable stuff only.)

New VPN agent formats, API methods, filters & other updates

2FA, email scan notifications & more updates

Platform updates

Announcing our managed pentesting services for web applications

Checking for vulnerabilities and how attackers could exploit them provide valuable insights on how you can improve your company’s security posture.

Author(s)

Ioana Rijnetu

Published at: 23 May 2019

Security research

cPanel - The valid, the suspect, and the 3rd party (Part 1)

Ever wondered what you can still do with 25-year-old code in a modern hosting environment? PTT-2025-021 was quite the journey! Unpack this (potentially Remote) Code Execution vulnerability we discovered and disclosed, which lets you bypass restricted environments like cPanel's jailshell. In part 1 of 3, we break down how an unsafe Perl "open" function became our ticket to a executing arbitrary system commands - and how the exploit works.

Author(s)

Matei "Mal" Badanoiu (aka CVE Jesus)

Published at: 08 Jan 2026

Security research

A comprehensive deep dive into React2Shell (CVE-2025-55182)

React2Shell (CVE-2025-55182) is a CVSS 10.0, pre-auth remote code execution flaw in the React Server Components Flight protocol. This deep dive maps affected React and Next.js versions, explains the deterministic exploit chain, summarizes in-the-wild abuse, and lays out detection, mitigation, and validation steps you can apply in real environments.