Featured Stories

The Coverage Lie: Why Current Vulnerability Scanners Fail to Stop Breaches

First-generation scanners drown teams in noise. Only 6% of CVEs are ever exploited, yet attackers weaponize them in hours. ProjectDiscovery, the RSA Sandbox winner, delivers runtime validation and detections within hours so you can act fast, cut false positives, and close real risk.

Authentication Bypass to RCE in Versa Concerto

Introduction Versa Concerto is a widely used network security and SD-WAN orchestration platform, designed to provide seamless policy management, analytics, and automation for enterprises. With a growing customer base that includes large enterprises, service providers, and government entities, the security of this platform is critical. Given its extensive adoption and potential exposure to external threats, we initiated research to assess its security posture and uncover possible vulnerabilities

Vulnerability Research

CVE-2025-4427/4428 : Ivanti EPMM Remote Code Execution - Technical Analysis

Introduction As security researchers, we all know that familiar dance when blackbox testing web apps and APIs. You poke an endpoint, get hit with "blah parameter is missing" or "blah is of the wrong type," and after satisfying every requirement, you're often met with the frustrating 401 or 403. That feeling of being so close, yet so far, is something we've all experienced. However, in a recent analysis of Ivanti EPMM's CVE-2025-4427 and CVE-2025-4428 , this very flow of execution – validation

Vulnerability Research

Solving Vulnerability Management: ProjectDiscovery’s RSA Innovation Sandbox Win

Last week, ProjectDiscovery took home the title of Most Innovative Startup at the 2025 RSA Innovation Sandbox, the biggest stage in the world for security innovation. While much of this year’s buzz centered on securing AI, our win was a powerful signal: even as new frontiers emerge, foundational problems like vulnerability management remain unsolved. Security leaders are still spending millions on tools that generate noise instead of insight, and the industry is ready for a better way. Our COO,

Announcements

Vulnerability Research

Related stories

View all

Authentication Bypass to RCE in Versa Concerto

Vulnerability Research

CVE-2025-4427/4428 : Ivanti EPMM Remote Code Execution - Technical Analysis

Vulnerability Research

CrushFTP Authentication Bypass - CVE-2025-2825

Update (April 21, 2025): The CVE originally referenced in this blog post CVE-2025-2825 has been rejected by NIST. The vulnerability is now officially tracked as CVE-2025-31161. All technical details and the impact discussed in this post remain accurate and apply to the updated CVE. This change is also reflected in the corresponding Nuclei template update. Enterprise file transfer solutions are critical infrastructure for many organizations, facilitating secure data exchange between systems and

Vulnerability Research

Nuclei & Nuclei Template

Related stories

View all

Nuclei Templates Monthly - May 2025

Discover the highlights from Nuclei Templates v10.2.1 and v10.2.2 releases: 106 new templates, 57 CVEs covered (including 10 actively exploited KEVs), first-time contributions, a new template bounty program, and key improvements to reduce false positives and negatives.

Nuclei & Templates

GCP Cloud Configuration Review Templates - Nuclei Templates v10.2.0 🎉

We’re excited to tell you about Nuclei Templates release v10.2.0! This new version includes newly added GCP Config Review templates. In this blog post, we’ll discuss automating Google Cloud misconfiguration review, creating custom GCP checks, and sharing results on the PDCP Cloud for review. Following our last release on Azure Cloud Security Config Review and Kubernetes Cluster Security, we decided to expand our coverage to include GCP as well. GCP is well-known for its powerful features and v

Nuclei & Templates

Effortless Passive Detection Using Global Matchers in Nuclei

If you've ever found yourself repeatedly setting up the same matchers in multiple Nuclei templates, it's time to break free from that cycle. Meet global matchers, a killer feature in Nuclei that simplifies your detection workflow. Imagine having a single template that automatically hunts for specific patterns (like private keys, sensitive tokens, or webhooks) across every HTTP response from all your other templates. That's what global matchers do — and they do it effortlessly. In this post, we

Nuclei & Templates

Vulnerability Management

Related stories

View all

The Coverage Lie: Why Current Vulnerability Scanners Fail to Stop Breaches

Vulnerability Management

Advancing Asset Management - PDCP v0.8.9

We're excited to announce the release of version 0.8.9 of the ProjectDiscovery Cloud Platform. This update introduces significant enhancements to our asset management capabilities, focusing on asset inventory, AI-powered search, and improved user experience. Key Features in v0.8.9 Asset Inventory and Technologies The new interface for cataloging and organizing all assets along with their associated technologies in one place represents a significant advancement in asset management. Now, rega

Vulnerability Management

Enhancing Asset Discovery: ProjectDiscovery Cloud Platform (v0.8.8)

We're excited to announce the release of version 0.8.8 of the ProjectDiscovery Cloud Platform. This update brings significant enhancements to our asset discovery capabilities, introduces new features for Basic Tier (Free) users, and resolves several critical issues. Our primary focus remains on improving the visibility and analysis of discovered assets and refining the insights available to our users. Empowering Basic Tier (Free) Users Our mission at ProjectDiscovery is to make advanced secur

Vulnerability Management

Customer Stories

Related stories

View all

Securing the distributed perimeter: How Elastic scaled proactive detection with ProjectDiscovery Cloud

Before going all-in on ProjectDiscovery Cloud, Elastic had already embraced Nuclei, the open-source vulnerability scanner built for customization and speed, along with other ProjectDiscovery tools like naabu and httpx.

Case Studies

How ConnectWise streamlined vulnerability detection with ProjectDiscovery

ConnectWise chose ProjectDiscovery over Tenable Cloud to streamline vulnerability detection across 20,000+ AWS instances. By leveraging ProjectDiscovery’s automation and scalability, they achieved efficient, high-volume security monitoring without operational overhead.

Case Studies

How Paddle Strengthened Its Security Posture with ProjectDiscovery

Modern SaaS companies like Paddle face growing security challenges as their platforms expand. To gain full visibility into their attack surface and automate vulnerability detection, Paddle adopted ProjectDiscovery, an open-source security platform that streamlined their security operations.

Case Studies

Educational Stories

Related stories

View all

Bug Bounty Etiquette: Our Guide to Polite Hacking (Part Two)

This is the second part of our series on bug bounty etiquette. Part one looks at what you should be doing. Last month we talked about bug bounty etiquette and how to be a good bug bounty hunter; not in the sense of finding more bugs, but rather in how to be the kind of bug bounty hunter people want to work with. This time, we have some advice about what NOT to while bug bounty hunting. Let's get started. 1. Don’t go all out 2. Don’t ignore the rules 3. Don’t report unnecessary stuff 4. Do

Learning & Automation

Bug Bounty Etiquette: More than Ethical Hacking (part one)

This is part one of our two-part series on polite hacking, focusing on what to do. Part two talks about what not to do (link coming soon). This blog is not about techniques. It’s not about tools to use, how to find the vulnerability, or anything like that. There are plenty of those out there. It’s much more like an etiquette guide for Bug Bounty reporting, and how working within these social norms can lead to better outcomes for you in your career! Think of it like a cotillion class, or the fa

Learning & Automation

Getting Started with ProjectDiscovery in Linux and Windows

"Just for you, we’ve got this brand new blog all about getting started with ProjectDiscovery on Linux AND Windows."

Learning & Automation

Company Announcements

Related stories

View all

ProjectDiscovery v1.3: New navigation, dashboard, and improvements

We're excited to announce ProjectDiscovery v1.3.0, a significant milestone that transforms how security teams discover, analyze, and respond to vulnerabilities across their attack surface. These improvements represent months of engineering effort informed by our community's feedback and real-world deployment scenarios. We can’t wait for security teams to get their hands on v1.3.0 and put these new capabilities to work in their own environments. Redesigned for Speed and Clarity The new v1.3.0

Announcements