CVE-2025-52493: When Password FieldsAren’t Enough – Client-Side SecretExposure in PagerDuty Cloud Runbook
By Mario Bartolome & Carter Ross During a recent Red Team engagement, our team at Praetorian discovered a vulnerability in PagerDuty Cloud Runbook that highlights a fundamental security principle: never trust the client with secrets. In this blog, we share details about CVE-2025-52493, a medium-severity vulnerability that exposed stored secrets to authenticated administrators through simple […]
How I Found the Worst ASP.NET Vulnerability — A $10K Bug (CVE-2025-55315)
Introduction Earlier this year, I earned a $10,000 bounty from Microsoft after discovering a critical HTTP request smuggling vulnerability in ASP.NET Core’s Kestrel server (CVE-2025-55315). The vulnerability garnered significant media attention after Microsoft assigned it a CVSS score of 9.9, the highest severity rating ever assigned to an ASP.NET Core vulnerability. This post walks through […]
Your Vulnerability Scanner Might Be Your Weakest Link
Overview Vulnerability scanners are a cornerstone of modern security programs, helping teams identify weaknesses before attackers do. But when these tools are configured with privileged credentials, they can themselves become high-value targets. In one case, while running continuous testing through our Chariot platform for a Fortune 500 financial services company, we compromised a server and […]
Domain Fronting is Dead. Long Live Domain Fronting!
Overview At Black Hat and DEF CON, we demonstrated how red teams could tunnel traffic through everyday collaboration platforms like Zoom and Microsoft Teams, effectively transforming them into covert communication channels for command-and-control. That research highlighted a critical blind spot: defenders rarely block traffic to core business services because doing so would disrupt legitimate operations. […]
OAuthSeeker: Leveraging OAuth Phishing for Initial Access and Lateral Movement on Red Team Engagements
Overview The Praetorian Labs team recently conducted research into potential initial access vectors for red team engagements, focusing on attack techniques leveraging malicious applications distributed through platforms like the Microsoft Store. This included OAuth applications, malicious Outlook extensions, and other types of applications that could be delivered via the Windows Store. As part of this […]
ELFDICOM: PoC Malware Polyglot Exploiting Linux-Based Medical Devices
A high severity vulnerability in DICOM, the healthcare industry’s standard file protocol for medical imaging, has remained exploitable years after its initial disclosure. The flaw enables attackers to embed malicious code within legitimate medical image files. While previous research demonstrated this vulnerability’s impact on Windows-based medical systems, Praetorian’s new proof of concept, ELFDICOM, extends the […]
An Improved Detection Signature for the Kubernetes IngressNightmare Vulnerability
Wiz recently published a detailed analysis of a critical vulnerability in the NGINX Ingress admission controller—what they’ve dubbed IngressNightmare (CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24514). The vulnerability stems from insufficient input validation during configuration file processing, allowing an attacker to inject arbitrary code into the NGINX process. Wiz’s writeup is excellent and covers the technical nuances thoroughly, […]
CodeQLEAKED – Public Secrets Exposure Leads to Supply Chain Attack on GitHub CodeQL
A potential supply chain attack on GitHub CodeQL started simply: a publicly exposed secret, valid for 1.022 seconds at a time. In that second, an attacker could take a series of steps that would allow them to execute code within a GitHub Actions workflow in most repositories using CodeQL, GitHub’s code analysis engine trusted by […]
Tarbomb Denial of Service via Path Traversal
Praetorian recently uncovered a denial-of-service vulnerability by chaining together path traversal and legacy file upload features in a CI/CD web application; highlighting the risks of undocumented features and the importance of input validation in web security.
RF Fortune Telling: Frequency Hopping Predictability
In the world of wireless communications, security vulnerabilities in implemented protocols canremain hidden behind layers of complexity. What appears secure due to the intricate nature ofRF communications may harbor fundamental weaknesses. Let’s dive into a fascinating casethat reveals how a seemingly minor cryptographic weakness in frequency hopping algorithmscan compromise an entire wireless communication stream. Understanding […]