watchTowr
@watchtowrcyber
watchTowr enables organizations to get ahead of in-the-wild exploitation with Preemptive Exposure Management technology.
We've evolved. The watchTowr Platform now delivers Preemptive Exposure Management – built on our own vuln. research and real attacker telemetry. Proactive threat intel + EASM + continuous validation. Faster reaction. More time to respond. buff.ly/5ip8buj
We’re thrilled to welcome @ethicalhack3r (Ryan Dewhurst) to the @watchTowr team as Head of Threat Intelligence! 🚀 Ryan will lead the evolution of our Proactive Threat Intel capabilities - helping clients stay ahead of inevitable breaches and emerging threats.

Coming soon: the “HTTP request header” pledge, where every signer of the pledge secretly promises to put trivial vuln in an HTTP request header
Continually proud to do our part in collaboration with @Shadowserver and @eyesecurity_ 🫡🙏🏼
Alert: SharePoint CVE-2025-53770 incidents! In collaboration with @eyesecurity & @watchtowrcyber we are notifying compromised parties. Read: research.eye.security/sharepoint-und… ~9300 Sharepoint IPs seen exposed daily (just population, no vulnerability assessment): dashboard.shadowserver.org/statistics/iot…
🚨A SharePoint zero-day (CVE-2025-53770) is under active exploitation, with attackers stealing MachineKey secrets to forge __VIEWSTATE and maintain RCE. No patch exists. If you expose SharePoint to the Internet, assume breach. Reach out to via our website if you need support.

well, here's CVE-2025-6771 - a post-auth (admin only, exploitable via CSRF) RCE in Ivanti EPMM that we found while analysing CVE-2025-4427 and CVE-2025-4428 forums.ivanti.com/s/article/Secu…

Time to vote, what should we publish next week? We will once again use a compass with a magnet to decide the outcome (i.e. we may completely ignore the outcome)
Are we bleeding out? Enjoy our analysis of CitrixBleed 2, aka CVE-2025-5777 - the "new" Citrix NetScaler Memory Leak vulnerability. We've been using this mechanism to identify vulnerable systems, and hope it helps the teams that need it.. enjoy! labs.watchtowr.com/how-much-more-…
The watchTowr Platform now leverages (we believe industry-first) active exploitation-based mechanisms to identify Citrix appliances vuln to CVE-2025-6543 with 100% reliability. Blog post and analysis will come in the future when we see patch rates increase- until then, PATCH!!!!
Veeam has released patches today - veeam.com/kb4743
bees, honey, FUD(?) - hours (now called Veeam-years) after our friends at Veeam decided to announce that their patch was 'pretty close to perfect', we identified/disclosed more deserialization gadgets. The team @ @codewhitesec is great; let's see if there are collisions! 🤝
With the help of the Sesame Street gang, watchTowr Labs is back - with a pre-auth RCE chain against Sitecore Experience Platform that we discovered and reported in February this year. Enjoy..... labs.watchtowr.com/is-b-for-backd…
after 25+ years of circular debating, May 2025 is when we’ll finally settle this debate - so exciting!
