Authors
Happy New Year, ProjectDiscovery community - we hope you’ve had a great start to 2025 so far! 🎆 🥂
Team PD has been hard at work with releases and fixes, and as always, we aim to round up the best of the latest updates in newsletter form.
In between all of this, our AppSec Researcher Dhiyaneshwaran Balasubramaniam held an informative session at Hack The Box Mumbai’s monthly meetup this January, covering the essentials of ‘Getting Started with Nuclei DAST and Global Templates’.
Alongside our regular updates, we’re excited to announce that we’re fast approaching 100,000 GitHub ⭐ ! Thank you so much to all of our contributors, new and long-standing, for lending your knowledge and expertise to our tools and templates.
We’re also highlighting our recent live workshop with Rotem Reiss of Playtika, and our own Rishiraj Sharma, which you can now catch on-demand. If you’re curious to know their approach to agile workflows and the steps they take to get devs to care about security, be sure to check out the link later in the newsletter.
We’d love to see you on GitHub and Discord, where our team and other members are always available to answer questions or strike up discussion. Don’t hesitate to dive in, our community doors are always open!
In the news
Other exciting updates this release include CVEs addressing vulnerabilities related to remote code execution in WP Query Console, arbitrary file reading on Ivanti Avalanche SmartDeviceServer, and authentication bypass in Really Simple Security.
Events
Are you curious to learn how Playtika’s security pros stay ahead of threats and how they built their appsec program from scratch? In this on-demand workshop, Rotem Reiss (Playtika) and Rishiraj Sharma (ProjectDiscovery) share how they integrate security into agile workflows, prioritize risks over rigid DevSecOps, and get devs to care about security.
We're going to be doing more live events so be sure to stay tuned to Discord and our announcement emails.
Community Videos
We’re continuing to highlight some of the multimedia creations of our very own ProjectDiscovery community! You can find a full collection of videos in our Discord channel - but for now, here are some of the highlights.
pentestTV highlights Nuclei as a bug bounty tool for hackers
Watch the video
A quick introduction to Nuclei from Revolution InfoSec
Watch the video
Highlights
How did Gal Nagli find a critical vulnerability in DeepSeek AI? ProjectDiscovery tools, of course!
Read the post
ProjectDiscovery supports Happy Hacking Space - supporting collaboration, curiosity, and creativity.
Read more
Contributors to ProjectDiscovery receive stickers for their efforts.
Read more
One of the hackathon projects featured at Nebula Fog Prime leveraged the power of naabu!
Check it out
Coffinxp provides a great write-up on how to use Nuclei’s custom templates to find vulnerabilities and earn bounties.
Read the article
Keep up to date with our weekly tips and tricks videos over on the ProjectDiscovery YouTube channel.
Watch here
Nuclei Templates
January stats
We’ve started the new year with some amazing contributions to Nuclei templates - 52 new templates were added with the v10.1.2 release, with the help of 14 first-time contributors and 23 newly-added CVEs!
Some highlights worth noting in this release address vulnerabilities related SimpleHelp remote support software v5.5.7, that make it vulnerable to multiple path traversal. We’ve also addressed issues with Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996, where due to the improper neutralization of special elements used in an OS command, an unauthenticated attacker is able to execute arbitrary code.
False negatives were addressed with missing-sri and kong-detect missing valid kong endpoints, and we’ve included some enhancements for crxde-lite.yaml, google-client-id.yaml, mfa-console-password-disabled.yaml and more.
Huge thanks to our contributors on all of these releases - @iuliu8899, @lvyaoting, @3th1cyuk1, @securing.pl, @s4e-io, @james, @king-alexander, @denandz, @PulseSecurity.co.nz, @Splint3r7, @EunJi, @righettod, @johnk3r, @pdp, @geeknik, @hetyh, @Nadino, @Yablargo, @davidfegyver, @pathtaga, and @laluka.
And, congratulations to our first-time contributors: @p-l-, @Hazegard, @mielverkerken, @HappyStoic, @soonghee2, @hackerbuddy, @v1stra, @alas1n, @babariviere, @seqre, @jackhax, @ItshMoh, @malwarework, @JasonnnW3000, @WingBy-Fkalis, @SuperXiaoxiong, @hyni03, @kayra-s4e, @newlinesec, @bobAKAbill, @amarsct, @JohnAsbjorn, and @Mahmoud0x00.
Join our community
Our diverse community spans members from full-time bug bounty hunters to Fortune 500 security engineers. Let's go!
Thanks,
The ProjectDiscovery Team
If you have any feedback or ideas for our Community Newsletter, please share them by filling out this form. You can provide links or suggestions for content that you would like to see in the newsletter.