Fortra Intelligence and Research Experts (FIRE) have conducted a detailed analysis of RedSun, the latest proof-of-concept by "Chaotic Eclipse", the same researcher responsible for disclosing BlueHammer. Published in April 2026, RedSun is related to BlueHammer both in origin and technique, abusing Microsoft Defender logic and filesystem timing/path confusion to achieve privilege escalation...

Fortra Intelligence and Research Experts (FIRE) have conducted a deep technical analysis of BlueHammer, a highly sophisticated Windows zero-day exploit chain that achieves Local Privilege Escalation (LPE) to NT AUTHORITY\SYSTEM. To help security teams better navigate the advanced threat landscape, we are sharing this technical deep dive into how the exploit operates and how to defend against it...

Today’s cybercriminals prefer an easy entrance just as much as a sophisticated exploit. And most often, that’s where they start. Here is a list of seven overlooked attack vectors in which a serious threat could pop up, enter the network, and do serious damage. Remember: While many enterprise cybersecurity approaches are shooting high, a larger number of cybercriminals are “looking low.”1. Printers...

For anyone who’s been in cybersecurity for even the past five years, the trends are as unprecedented as they are obvious; attacks are now more sophisticated, subtle, and scalable than ever before. Cybercriminals use AI to automatically find vulnerabilities, the mean time-to-exploit has now dropped to only 5 days (down from 32), and there is little to stop spray-and-pray campaigners from...

Technical debt can have cybersecurity consequences. Even teams that feel they know exactly what needs fixing are often surprised at what a team of outside hackers can do – as they so often are during a breach.So how can you determine what’s emergency-worthy technical debt? Your backlog might not show it, but your pen test will.Technical Debt as Attack SurfaceIt’s difficult, if not impossible, to...

Empty grocery shelves can be caused by natural disasters, wars, and trade embargoes, as we’ve seen in recent years. But they can also be the result of successful cyberattacks, which could be more preventable than the other three agents of chaos. Whether a company sells computer chips or potato chips, if the logistics of production, distribution, or sale are disrupted, shelves will remain empty...

With the U.S. Securities and Exchange Commission’s (SEC) new cybersecurity disclosure rules in full effect as of December 2023, public companies — and even the vendors that support them — are now under unprecedented pressure to not only report material cyber incidents within four business days but also demonstrate robust, actionable cybersecurity plans. This is pushing offensive security (OffSec)...

On March 6, 2024, Zach Hanley from Horizon3.ai wrote a blog post about reproducing CVE-2024-1403 using an authentication bypass in Progress OpenEdge.In the blog post, he explained the architecture behind OpenEdge and all the technical information related to the CVE-2024-1403 vulnerability. In the same blog post, he also posted a proof of concept (POC) to exploit the vulnerability. However, as this...