Skip to content

2025.11

Features & Enhancements

High Value Targeting (HVT) & Advanced Data Pilfering (ADP)

  • Enriched Business Risk Explanations: Pentest results now provide clearer context on why a High Value Target (HVT) leads to a Business Risk. This includes a brief explanation and additional real-world examples based on the LLM-inferred categories associated with the HVT.

    • This enriched data is also included in the pentest summary in the portal.

  • AI-Enriched Items: A genAI badge has been added to the credentials table to highlight items that have been enriched with AI/LLM data.

  • The attack graph display for Business Risk has been updated for clearer prioritization.

Vulnerability Risk Intelligence (VRI)

  • Early Access Release: Initial release of the Vulnerability Risk Intelligence solution is available, offering enhanced weakness details and reporting.
  • Scanner File Handling: Improved support for Nessus file types, hardened parsing logic, and clearer user-facing error messages during scanner file uploads.
    • Users can now change the scanner file name after upload.
    • The main table now includes a hostnames column, and the classification CSV export includes host, mitigations, and references.
  • Added CISA filters to the weaknesses table to support CISA-focused workflows.
  • Updated one-click-verify (1cv) behavior to allow 1cv in the single-select menu for relevant operations.

Platform & Usability Enhancements

  • Pentest Compare: Added new filters to the pentest comparison view to streamline analysis.
  • Cloud Connections: Added text search and pagination capabilities for cloud connections within the pentest configuration process.
  • Vulnerability Management Hub (VMH): The Notes column is now sortable, and filters have been added for first and last seen dates.
  • Pentest Template Management: The pentest templates page now sorts templates by date and displays the created date.
  • Cloud Cracking: Cloud cracking is now used for all production cracking operations in both the US and EU regions.
  • New Event Type: Added a new internal event type: PRIVILEGE_ESCALATION.

New Attack Content

  • Windows Server Update Services (WSUS): Updated Rapid Response test card for WSUS misconfigurations.
  • N-able N-central: Released a Rapid Response test card and targeted test for recent zero-day vulnerabilities.
    • CVE-2025-9316: N-able N-central vulnerability that allows unauthenticated attackers to bypass authentication, potentially gaining unauthorized access to privileged APIs.
    • CVE-2025-11700:N-able N-central vulnerability that allows unauthenticated attackers to read sensitive files via XML External Entity (XXE) injection.
  • SCCM Takeover 2: New weakness added for SCCM-related misconfiguration leading to takeover.
  • LAPS Password Exposure: New weakness added for misconfigurations leading to exposure of Local Administrator Password Solution (LAPS) passwords.
  • First Windows Privilege Escalation: New attack path focusing on initial Windows privilege escalation.
  • Fortiweb (CVE-2025-64446): A zero-day vulnerability that allows unauthenticated attackers to execute arbitrary code on affected appliances due to improper input validation, enabling full system compromise.
  • Gladinet Triofox (CVE-2025-12480): An Improper Access Control vulnerability that allows unauthorized users to access or modify restricted files and settings, potentially leading to data exposure or system misuse.
  • Monsta (CVE-2025-34299): A zero-day vulnerability that can allow unauthenticated attackers to exploit the system, potentially leading to partial data exposure or targeted compromise.

Platform Performance & Stability

  • External Asset Discovery Optimization Asset discovery calculations have been moved to the database layer, leading to an 85% reduction in result set size and significantly faster query times for clients with large asset groups.
  • ETL Configuration Implemented automatic massive ETL triggering for asset jobs when size estimates exceed defined thresholds, which prevents workflow failures during large-scale operations.
  • PDF Reporting Timeout: Resolved a critical issue that caused PDF pentest reports to time out during generation.

Bug Fixes

  • Double Dash Domain Support: Fixed a bug to allow support for domains containing double dashes (e.g., client--corp.com).
  • Asset Matching: Fixed a bug where hosts with the same primary IP but different ephemeral secondary IPs failed to match across operations.
  • White Labeling: Resolved a cascading bug that prevented MSP parent accounts from properly applying feature toggles (Tripwires, Rapid Response, Insights) to subclients, and fixed a bug preventing white label logos from displaying correctly on the dashboard.
  • Read Only User Banner: Fixed an issue where the Read Only banner was missing for users with read-only roles.
  • Scheduled Actions: Fixed a bug to enable pause/resume capabilities for automating pentest schedules.
  • H3 Sample Account: Fixed security and usability issues by hiding the Grant Access and Revoke Access buttons, preventing users from inadvertently revoking their own access.