-

4 min read

April 2025 Newsletter

April 2025 Newsletter

🌷April showers haven’t got us down this month - in fact the PD team has been pouring time and hard work into another round of updates and features for our tools!

Read on for this month’s run down of community news, highlights from social, and a couple of exciting announcements.

🎉Our major highlight this month - we’ve just won Most Innovative Startup in RSAC’s Innovation Sandbox!

📢 We're also excited to announce the addition of templates for Google Cloud Platform (GCP) configurations to our Nuclei Templates roster, crafted with a whole host of GCP service checks in mind.

👀 Don't forget to explore the latest blog posts over on ProjectDiscovery’s website for even more insights and updates.

As always, catch up with us on GitHub or join us on Discord. See you there!

In the news

ProjectDiscovery wins Most Innovative Startup at RSAC Innovation Sandbox 2025!

🚀 Hot off the press, ProjectDiscovery scooped the award for Most Innovative Startup late this month, after presenting our pitch over at RSAC 2025.

💫 We couldn’t even dream of reaching these heights without the community by our side, helping us innovate and sharing in our belief that open-source has the power to change security. We’re sharing our joy and pride in this award with you all, and we can’t wait to see how we can keep pushing boundaries!

Events

👾 Recon Village is back for DEF CON 33 this year! The call for papers is now open, and you have until June 15th to submit!
Learn more

The call for papers for BSides Las Vegas has also reopened! If you’re interested, be sure to submit before May 9th to be considered.
Learn more

Community Videos

Check out our new video on the features of ProjectDiscovery v1.2, including our new Template Editor!
Watch the video

Missed our latest Tips and Tricks videos? You can find them right here in our playlist! 
Watch the video

Highlights

The PDNuclei Bot is now active! You can find our account over on Twitter/X, where a new update is created every time a new CVE is added to the Nuclei Templates repository - making it even easier for you to stay updated with the latest security vulnerabilities and CVEs. 
Check it out

IngressNightmare CVEs have been trending, and this month we’ve updated our own coverage. You can check out some of the newly-added vulnerabilities over on Twitter/X.
Read the post

Nuclei Templates

April stats

Two more Nuclei templates updates were released into the world this month, with both v10.1.7 and v10.2.0 bringing some exciting new highlights. To add the cherry on top, between both of these releases we’ve had a huge 332 new templates added, 10 first-time contributors, and 39 new CVEs!

Top of our list is our expansion in v10.2.0 to include templates for Google Cloud Platform (GCP) configurations. These templates are specifically crafted with a whole host of checks for GCP services, including Compute Engine, GKE clusters, Cloud Storage buckets, BigQuery datasets, and many more - allowing security teams to conduct thorough security audits of their GCP environments, uncovering critical misconfigurations and vulnerabilities.

Alongside this major upgrade are several critical new additions, including CVEs covering PHP Object Injection in UNA CMS 14.0.0-RC, Unauthorized Remote Code Execution in Langflow AI, and Authentication Bypass in Apache Pinot < 1.3.0.

Some false negatives and positives were addressed, including Improved detection in halo-tism-sqli.yaml and reduced false positives in hashicorp-consul-unauth.yaml, and we were able to fix a metadata resolution issue in ldap-metadata.yaml.

And, congratulations to our first-time contributors: @Th3l0newolf, @AyushXtha, @tuo4n8, @PareshParmar, @micktaiwan, @passkal4, @abhishekrautela, @darses, @matusso and @whattheslime.

Join our community

Our diverse community spans members from full-time bug bounty hunters to Fortune 500 security engineers. Let's go!

Thanks,
The ProjectDiscovery Team

If you have any feedback or ideas for our Community Newsletter, please share them by filling out this form. You can provide links or suggestions for content that you would like to see in the newsletter.

Subscribe to our newsletter