See what we're thinking about, working on, & blogging about.

Explore the latest insights, ideas, & opinions from our talented team of experts & researchers.

One Asset, Many Risks: Prioritizing the Stack Instead of the CVEs runZero Insights

runZero surfaces stacked, asset-level risks—like misconfigurations, EOL software, and weak segmentation—that traditional vulnerability scanners overlook when prioritizing by CVE score alone.

Subscribe Now

Get our latest Rapid Responses, insights, and blogs delivered directly to your inbox.

Welcome to the club! Your subscription to our newsletter is successful.

Rapid Response
How to find Craft CMS on your network
April 28, 2025
Two zero-day vulnerabilities impacting Craft CMS are being actively exploited. Here's how to find Craft CMS on your networks with runZero.
runZero Insights
Only Four Shopping Days Left Until RSAC!
April 24, 2025
In which Tod assures his fellow nerds that RSA Conference isn’t just for marketing hypesters.
Rapid Response
How to find ASUS AiCloud routers on your network
April 21, 2025
ASUS has disclosed a 'highly critical' vulnerability in several of its router models using its "AiCloud" functionality. Here's how to find impacted...
Rapid Response
How to find Erlang/OTP SSH servers on your network
April 17, 2025
Some versions of the Erlang/OTP embedded SSH server contain a highly critical vulnerability (CVE-2025-32433) in their handling of SSH protocol...
runZero Insights
CVE Marches On
April 16, 2025
On April 15, 2025, the CVE program faced sudden shutdown fears — but CISA stepped in with last-minute funding. Crisis averted, for now.
Rapid Response
How to find Lantronix Xport devices on your network
April 16, 2025
On April 15, 2025, CISA published an advisory announcing that certain versions of the Lantronix Xport products are vulnerable to an authentication...
Rapid Response
How to find CrushFTP services
April 14, 2025
CrushFTP disclosed that a vulnerability in their file transfer product allows an unauthenticated remote attacker to bypass authentication on some...
runZero Insights
VulnCon 2025 Wrapup
April 14, 2025
Last week, I got to see friends, enjoy Carolina barbecue, and hang out with super smart, fun people. VulnCon has turned out to be one of the most...
Rapid Response
How to find Gladinet CentreStack installations in your network
April 10, 2025
A vulnerability in Gladinet's CentreStack collaboration product could allow an attacker to execute arbitrary code on vulnerable systems. Here's how...
Rapid Response
How to find Adobe ColdFusion installations on your network
April 8, 2025
Adobe disclosed multiple vulnerabilities in their ColdFusion rapid application development product that could allow an attacker to execute...
Rapid Response
How to find Fortinet FortiSwitch assets on your network
April 8, 2025
Fortinet has issued an advisory for its Fortinet FortiSwitch product. This vuln has been assigned CVSS score of 9.3 (extremely critical).
runZero Insights
Sound & Fury: Revisiting Apache Tomcat & next.js
April 4, 2025
A reflection on recent high-profile vulnerabilities in next.js and Apache Tomcat just before VulnCon 2025, and why even with high scores and PoCs,...

Discover the new era of exposure management!