Select Page

Ideas, Answers, and Perspectives

The Hillstone Blog

Threat Research Featured Article

June 19, 2024

Breaking the Mold: Halting a Hacker’s Code ep. 22 – China Telecom Gateway Configuration Management Backend ipping.php Remote Code Execution Vulnerability

China Telecom Group Limited is a large telecommunications company in China. In May 2024, a critical security vulnerability was discovered in the China Telecom Gateway Configuration Management Backend, which allows malicious actors to...
Threat Research

Previous Articles

March 8, 2024

Breaking the Mold: Halting a Hacker’s Code ep. 21 – RCE CVEs 2023
Technology + Industry Threat Research
November 29, 2023

Breaking the Mold: Halting a Hacker’s Code ep. 20 – Apache ActiveMQ Remote Code Execution Vulnerability
Threat Research
November 22, 2023

Breaking the Mold: Halting a Hacker’s Code ep. 19 – A New Ransomware Variant Named ‘Retch’
Threat Research
October 26, 2023

Breaking the Mold: Halting a Hacker’s Code ep. 18 – Cacti Unauthenticated SQL Injection Vulnerability
Threat Research
September 5, 2023

Breaking the Mold: Halting a Hacker’s Code ep. 17 – Apache RocketMQ 5.1.0 Remote Code Execution Vulnerability
Threat Research
August 7, 2023

Breaking the Mold: Halting a Hacker’s Code ep. 16 – Microsoft SharePoint Server Elevation of Privilege Vulnerability
Threat Research
July 9, 2023

Breaking the Mold: Halting a Hacker’s Code ep. 15 – Weaver E-cology9 ofsLogin.jsp Arbitrary User Login
Threat Research
June 8, 2023

Breaking the Mold: Halting a Hacker’s Code ep. 14 – BlackBit
Threat Research
May 29, 2023

Breaking the Mold: Halting a Hacker’s Code ep. 13 – Cinoshi Stealer
Threat Research
April 24, 2023

How Our New National Strategy Impacts Application Protection
Technology + Industry Threat Research
April 2, 2023

Breaking the Mold: Halting a Hacker’s Code ep. 12 – Alibaba Nacos Authentication Bypass
Threat Research
March 16, 2023

Breaking the Mold: Halting a Hacker’s Code ep. 11 – Kafka Connect JNDI Injection
Threat Research
February 19, 2023

Breaking the Mold: Halting a Hacker’s Code ep. 10 – Massive ESXiArgs Ransomware Attacks
Threat Research
February 8, 2023

Breaking the Mold: Halting a Hacker’s Code ep. 9 – XStream Stack Overflow Denial of Service Vulnerability
Threat Research
December 5, 2022

Breaking the Mold: Halting a Hacker’s Code ep. 8 – Temp Stealer
Threat Research
October 31, 2022

Breaking the Mold: Halting a Hacker’s Code ep. 7 – Text4shell
Threat Research
October 20, 2022

Breaking the Mold: Halting a Hacker’s Code ep. 6 – Worok
Threat Research
September 6, 2022

Breaking the Mold Halting a Hacker’s Code ep. 5 –Apache Spark Shell Command Injection Vulnerability
Threat Research
August 5, 2022

Breaking the Mold: Halting a Hacker’s Code ep. 4 – Black Basta
Threat Research
July 31, 2022

Breaking the Mold: Halting a Hacker’s Code ep. 3
Threat Research
July 17, 2022

Breaking the Mold: Halting a Hacker’s Code ep. 2 – F5 BIG-IP
Threat Research
April 19, 2022

Breaking the Mold: Halting a Hacker’s Code ep. 1
Threat Research
April 6, 2022

Hillstone Offers Protection for Spring Framework RCE Vulnerability
Threat Research
February 14, 2022

Hillstone Networks Included on MSRC Global Security Researcher List
Threat Research
Large-scale intrusion caused by Log4j2 vulnerability.
December 13, 2021

Large-scale intrusion caused by Log4j2 vulnerability
Threat Research
Microsoft acknowledges Hillstone Security Research Team
October 20, 2021

Kudos to the Hillstone Security Research Team for Being Acknowledge by Microsoft for Vulnerability Discovery
Threat Research
Microsoft acknowledges Hillstone Security Research Team
July 21, 2021

Microsoft Acknowledges Hillstone Security Research Team Once More for the Discovery of an Important Vulnerability
Threat Research
protecting-exchange-servers-040421
March 24, 2021

Protecting Exchange Servers from Recent Vulnerabilities
Threat Research
hillstone-defends-fireeye-010121
December 30, 2020

Hillstone Defends Against Leaked FireEye’s Red Team Tool
Threat Research
August 6, 2020

Apple Officially Expresses Gratitude to the Hillstone Security Research Team for Detecting a Vulnerability in Apple iOS and iPadOS
Threat Research
June 10, 2020

Vulnerability: Windows Kernel Privilege Escalation Vulnerability Found by Hillstone Networks
Threat Research
vulnerability notification
March 20, 2020

Vulnerability Notification and Hillstone Networks Solution: SMBv3 Protocol Remote Code Execution
Threat Research
microsoft-directx-031120
March 11, 2020

Microsoft DirectX Elevation of Privilege Vulnerability Found by Hillstone Networks
Threat Research
February 22, 2020

Vulnerability Notification: Apache Tomcat File Inclusion Vulnerability
Threat Research
August 16, 2019

Vulnerability Notification: Windows RDP Remote Desktop Services Remote Code Execution
Threat Research
May 24, 2019

Vulnerability Notification: Remote Desktop Services Remote Code Execution
Threat Research
March 1, 2019

Vulnerability Notification: Apache Subversion mod_dav_svn Denial of Service
Threat Research
December 26, 2018

Vulnerability Notification: Microsoft Office Remote Code Execution
Threat Research
November 26, 2018

A ransomware variant is spreading – Hillstone has established a solid shield!
Threat Research
November 11, 2018

Vulnerability Notification: Oracle WebLogic Server RemoteObject Insecure Deserialization
Threat Research
October 24, 2018

Vulnerability Notification: Zoho ManageEngine OpManager oputilsServlet Authentication Bypass
Threat Research
October 8, 2018

Vulnerability Notification: Red Hat 389 Directory Server nsslapd ldapsearch Buffer Overflow
Threat Research
September 20, 2018

Vulnerability Notification: Apache Struts 2 namespace Expression Language Injection
Threat Research
September 5, 2018

Vulnerability Notification: Mining Trojans
Threat Research
August 22, 2018

Vulnerability Notification: Jenkins CI Server getOrCreate Policy Bypass
Threat Research
August 6, 2018

Vulnerability Notification: Oracle WebLogic Server Activator Insecure Deserialization
Threat Research
July 24, 2018

Vulnerability Notification: Asterisk PJSIP Endpoint Presence Disclosure
Threat Research
July 10, 2018

Vulnerability Notification: Adobe ColdFusion DataServicesCFProxy ROME Framework Insecure Deserialization
Threat Research
June 22, 2018

Vulnerability Notification: Microsoft Office Graph Chart Out-Of-Bounds Write
Threat Research
June 13, 2018

Vulnerability Notification: Oracle WebLogic Server deserialization
Threat Research
June 2, 2018

Vulnerability Notification: Apache HTTP Server Denial of Service
Threat Research
May 14, 2018

Electron Vulnerability Notification: Electron setAsDefaultProtocolClient Command Injection
Threat Research
April 25, 2018

Vulnerability Notification: Samba LDAP AD DC Privilege Escalation
Threat Research
April 9, 2018

Vulnerability Notification: Microsoft Windows Shell Zip File Remote Code Execution
Threat Research
March 26, 2018

Vulnerability Notification: Cisco Adaptive Security Appliance Webvpn XML Parser Double Free
Threat Research
February 8, 2018

Vulnerability Notification: Adobe ColdFusion Deserialization
Threat Research
January 19, 2018

Vulnerability Notification: Oracle WebLogic Server XmlAdapter Deserialization
Threat Research
January 7, 2018

Statement on Vulnerability: Hillstone Networks does not use Intel Processors in its NGFW
Threat Research