THE IONIX BLOG

Billy Hoffman
October 9, 2025

Exposed, Misconfigured and Forgotten: The Triple Threat of External Risk (and how to fix with Cloudflare and IONIX) 

If popular TV and movies are to be believed, hackers break into organizations from dark rooms using flashy zero-day exploits (complete with some sort of showy animation), all while techno music blares in the background, culminating in the oh-so-cool announce of “I’m in!”   This… is not reality. The unglamorous truth is that breaches usually stem…
Read more

EDITORS PICKS

Tal Zamir
September 17, 2025

How IONIX Protects You in the AI Gold Rush

Amit Sheps
July 2, 2025

Introducing the IONIX & Cloudflare Integration: Complete External Exposure Management and Protection

Marc Gaffan
September 2, 2025

May Be Reachable, Could Be Reachable, Should Be Reachable…

Amit Sheps
June 18, 2025

Announcing IONIX + Wiz: Bridging the Gap Between Security Validation and Cloud Security

Miki Sharon
September 3, 2025

No More Blind Spots: Detecting WAF / CDN Control Bypass in IONIX Exposure Management

THE LATEST FROM IONIX >>

LATEST

  • Exploited! Warning sign indicating a vulnerability: CVE-2025-2775, SYSAID on-prem XML external entity vulnerability.
    Ohad Shushan
    May 8, 2025

    Exploited! SysAid On-Prem XML External Entity Vulnerability (CVE-2025-2775)

  • Ionix's article on asset discovery, emphasizing that it's a starting point rather than a complete security strategy. The graphic shows an ascending series of blue and orange circles.
    Ohad Shushan
    April 28, 2025

    Asset Discovery: A Starting Point, Not a Security Strategy

  • Alert: A zero-day vulnerability update announcement shows that an exploited unauthenticated file upload vulnerability (CVE-2025-31324) in SAP NetWeaver Visual Composer has been discovered.
    Ohad Shushan
    April 27, 2025

    Exploited! SAP NetWeaver Visual Composer Unauthenticated File-Upload Vulnerability (CVE-2025-31324) 

  • Alert: Zero-day vulnerability update for Erlang/OTP SSH. Unauthenticated remote code execution (CVE-2025-32433) has been exploited.
    Ohad Shushan
    April 23, 2025

    Exploited! Erlang/OTP SSH Unauthenticated Remote Code Execution Vulnerability (CVE-2025-32433)

  • Graphic with a dark blue background, a red heartbeat monitor, and white text that reads: "The CVE Program is on Life Support - What's Next?" The Ionix logo is in the upper left corner.
    Marc Gaffan
    April 16, 2025

    The CVE Program Is on Life Support – and So Is Our Outdated Approach to Vulnerability Management 

  • A doctor holds a tablet displaying a digital DNA strand, illustrating proactive cybersecurity in a reactive world. The text 'Prophylactic Cybersecurity: How to be Proactive in a Reactive World' is overlaid, along with the speaker's name and title: Billy Hoffman, Ionix Field CTO.
    Billy Hoffman
    April 15, 2025

    Prophylactic Cybersecurity for Healthcare

  • Exploited! Alert announcing a critical unauthenticated access vulnerability (CVE-2025-2825) in CrushFTP.
    Ohad Shushan
    April 2, 2025

    Exploited: Critical Unauthenticated Access Vulnerability in CrushFTP (CVE-2025-2825)

  • Security alert graphic with red color scheme and a warning symbol. Text states 'EXPLOITED! Vulnerability Update' and details the Kentico Xperience Staging Service Authentication Bypass vulnerabilities (CVE-2025-2746 and CVE-2025-2747).
    Ohad Shushan
    March 26, 2025

    Exploited! Kentico Xperience Staging Service Authentication Bypass Vulnerabilities (CVE-2025-2746 & CVE-2025-2747)

  • Alert: Multiple remote code execution vulnerabilities in Ingress Nginx Controller for Kubernetes have been exploited.
    Ohad Shushan
    March 23, 2025

    Exploited! Ingress-NGINX CONTROLLER FOR Ingress-NGINX RCE (CVE-2025-1974, 1097, 1098, 24514) – Patch Now | IONIX

  • Exploit alert for CVE-2025-24813, an Apache Tomcat path equivalence vulnerability.
    Ohad Shushan
    March 12, 2025

    Exploited! Apache Tomcat Path Equivalence Vulnerability (CVE-2025-24813)

  • LLM Agents One Days
    Fara Hain
    March 3, 2025

    Can Autonomous LLM Agents Exploit One Day Vulnerabilities?

  • Alert: Zero-day vulnerability update for CVE-2025-24893, a critical remote code execution vulnerability in XWiki.
    Ohad Shushan
    March 2, 2025

    Exploited: XWiki Remote Code Execution Vulnerability (CVE-2025-24893)