CVE-2023-36884 – Nation-State RCE Targets Government Agencies with Malicious Microsoft Office Documents
Updated on 27/07/2023 On July 11th, Microsoft announced they had uncovered a zero-day bug found in numerous Windows and Office products with a criticality…
CVE-2023-23397 – Outlook vulnerability
On March 14, Microsoft released the regular Patch tuesday. During this patch Tuesday, Microsoft released 74 new patches addressing CVEs within Microsoft products. Exploiting…
CVE 2023-21716- Microsoft Word RCE
Overview On March 5, a security researcher named Joshua J.Drake shared details about CVE-2023-21716, a Microsoft Word vulnerability that was patched during February 2023…
Extracting Encrypted Credentials from Common Tools
Overview During our day to day research, we face the question of what can be extracted from a compromised machine in order to move…
CVE-2022-42475 – Critical RCE Fortinet Vulnerability
On December 12th, Fortinet, one of the foremost players in the firewall, AV, intrusion prevention systems, and endpoint security ecosystem, announced the discovery of…
XM Cyber Advisory – OpenSSL Critical Vulnerability
Overview According to the OpenSSL team, on November 1st, 2022, a new version, number 3.0.7 will be released (https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html). It’s interesting to note that…
XM Cyber Advisory – Follina, CVE-2022-30190, Zero Day
On May 27, a new zero day critical vulnerability called Follina was discovered by the nao_sec security research team. The vulnerability resides in malicious…
Prevent cyber attacks in Azure before they happen
Misconfigurations within Azure environments are more common than you think. It’s important to learn and understand how attackers can exploit these misconfigurations and, more…
Decrypting VMware Workstation Passwords for Fun
Overview At XM Cyber, we have been hard at work on the techniques that attackers use against your VMware environments. What you’re about to…
XM Cyber Advisory – Spring4Shell, Zero Day
Overview On March 30, A new zero day critical vulnerability was leaked in another open source software library. The vulnerability affects Spring Framework which…
New Privilege Escalation Techniques are Compromising your Google Cloud Platform
In this research you’ll discover some of the common attack techniques used in Google Cloud Platform (GCP) to better understand how an attacker exploits…
Go beyond Log4Shell and see the entire attack path with XM Cyber
We know you’re working tirelessly to get ahead of the log4j vulnerability. Here at XM Cyber, we can help you prioritize your remediation efforts…

Find and fix the exposures that put your critical assets at risk with ultra-efficient remediation.