Detectify

🚨Security Update on CVE-2025-64446 - FortiWeb authentication bypass that leads to complete WAF control. Learn how the impersonation flaw works and what steps to take now. https://t.co/uiUH7KbjZU

We're now integrating real-world threat data into our AI Researcher Alfred to prioritize and generate protection against the most active CVEs, boosting security speed and relevance for all Detectify customers: https://t.co/Wi95MidM8W

With the new API Scanner, customers gain access to dynamic payloads that make every scan different. Instead of relying on static methods, the scanner uses ML to randomize and rotate payloads for each run, ensuring fresh attack simulations every time:

Methods and tools (from DNS records and IP addresses to HTTP analysis and HTML content) that practitioners can use to classify every web app and asset in their attack surface. https://t.co/8Qi7HIgUyR

We know it is hard to ensure all essential web apps are covered with deep DAST. Which of your dozens or hundreds of web apps actually need deep testing? Which are processing user data or even have many components that attackers would target? https://t.co/02UEVgLYyB

Detectify Surface Monitoring customers can test whether they have exposed ingress NGINX admission, which enables the exploit chain for IngressNightmare (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, CVE-2025-1974) https://t.co/1x9dwVVSdN

DNS is a critical attack surface very often overlooked. Security risks exist at every level (Root, TLDs, Registrars, Providers, Zones, Software Queries). Are you protecting all levels? https://t.co/hn3tgXPU5K

Detectify launches Alfred to automate CVE security testing with AI https://t.co/niezC88crm