Netlas v1.6 is out
π Private Scanner now supports βScan all portsβ β non-intrusive scans across 65,536 TCP ports.
π Added CWMP protocol support.
β οΈ Breaking change: updated Discovery API response format for groups.
Details at https://docs.netlas.io/changelog/
π Private Scanner now supports βScan all portsβ β non-intrusive scans across 65,536 TCP ports.
π Added CWMP protocol support.
β οΈ Breaking change: updated Discovery API response format for groups.
Details at https://docs.netlas.io/changelog/
docs.netlas.io
Changelog - Netlas Docs
Explore the latest updates, enhancements, and fixes on the Netlas platform. Stay informed with our Changelog for all product and feature developments.
1π₯5β€4π3
Netlas Legal Update
Weβve revised the Netlas Terms & Conditions and API & Data License Agreement.
The updated terms take effect on March 6, 2026.
Details: https://netlas.io/blog/terms_updated/
Weβve revised the Netlas Terms & Conditions and API & Data License Agreement.
The updated terms take effect on March 6, 2026.
Details: https://netlas.io/blog/terms_updated/
netlas.io
Netlas Updates Terms and API & Data License Agreement - Netlas Blog
Netlas has updated its Terms & Conditions and API & Data License Agreement, with the changes taking effect on March 6, 2026.
π3π₯°2β€1β1π1
π Netlas and Uncover
The article has been updated. All commands were reviewed and tested.
ππΌ Read the guide:
https://netlas.io/blog/netlas_and_uncover/
The article has been updated. All commands were reviewed and tested.
ππΌ Read the guide:
https://netlas.io/blog/netlas_and_uncover/
netlas.io
Using Uncover with Netlas.io module - Netlas Blog
Instructions for using the Netlas module integrated into Uncover from ProjectDiscovery
π5π₯4β€3
βοΈ Ever wondered how professional threat intelligence feeds are actually built?
Our partners at RST Cloud pull back the curtain on their approach to threat hunting β revealing how they identify, track, and expand command-and-control (C2) infrastructure at scale.
π Inside the post:
β’ How RST Cloud discovers malicious infrastructure in the wild
β’ Techniques for linking isolated IoCs into meaningful threat clusters
β’ The methodology behind building reliable, high-quality threat intelligence feeds
β’ How Netlas data helps enrich and accelerate investigations
This is a rare look into the real workflows behind modern threat intelligence β straight from a team doing it every day.
π 5 min read
π https://netlas.io/blog/Ρ2_hunting_by_rst_cloud/
Our partners at RST Cloud pull back the curtain on their approach to threat hunting β revealing how they identify, track, and expand command-and-control (C2) infrastructure at scale.
π Inside the post:
β’ How RST Cloud discovers malicious infrastructure in the wild
β’ Techniques for linking isolated IoCs into meaningful threat clusters
β’ The methodology behind building reliable, high-quality threat intelligence feeds
β’ How Netlas data helps enrich and accelerate investigations
This is a rare look into the real workflows behind modern threat intelligence β straight from a team doing it every day.
π 5 min read
π https://netlas.io/blog/Ρ2_hunting_by_rst_cloud/
netlas.io
How we hunt C2 infrastructure at RST Cloud using Netlas - Netlas Blog
RST Cloud's C2 hunting workflow with Netlas: use JARM, HTTP headers, certificates, and domain pivots to detect active malicious infrastructure early.
π3β€2π₯2
CVE-2026-3429, CVE-2026-4636 and others in Keycloak.
Several vulnerabilities in Keycloak allow attackers to bypass MFA, steal access tokens, and access confidential user data.
Search at Netlas.io:
π Link: https://nt.ls/Ooqi1
π Dork: http.favicon.hash_sha256:47dcf1f1a8f1afd68297a294a263849069a7a62b2e86550241416c2cc56c5676
Vendor's advisory: https://www.keycloak.org/2026/04/keycloak-2657-released
Several vulnerabilities in Keycloak allow attackers to bypass MFA, steal access tokens, and access confidential user data.
Search at Netlas.io:
π Link: https://nt.ls/Ooqi1
π Dork: http.favicon.hash_sha256:47dcf1f1a8f1afd68297a294a263849069a7a62b2e86550241416c2cc56c5676
Vendor's advisory: https://www.keycloak.org/2026/04/keycloak-2657-released
π₯7
CVE-2026-0740: Vulnerability in Ninja Forms WordPress plugin, 9.8 rating
The vulnerability allows unauthenticated attackers to upload arbitrary files to a vulnerable site and achieve remote code execution.
Search at Netlas.io:
π Link: https://nt.ls/rkM7h
π Dork: http.body:"plugins/ninja-forms"
Read more: https://www.wordfence.com/blog/2026/04/50000-wordpress-sites-affected-by-arbitrary-file-upload-vulnerability-in-ninja-forms-file-upload-wordpress-plugin/
The vulnerability allows unauthenticated attackers to upload arbitrary files to a vulnerable site and achieve remote code execution.
Search at Netlas.io:
π Link: https://nt.ls/rkM7h
π Dork: http.body:"plugins/ninja-forms"
Read more: https://www.wordfence.com/blog/2026/04/50000-wordpress-sites-affected-by-arbitrary-file-upload-vulnerability-in-ninja-forms-file-upload-wordpress-plugin/
π₯8
π How to Find Unprotected Databases β Chapter 2
A Netlas beginnerβs guide β now republished on our blog (moved from Medium). Reviewed and updated.
π 5 min read
π https://netlas.io/blog/how_to_find_unprotected_databases_chapter_2/
A Netlas beginnerβs guide β now republished on our blog (moved from Medium). Reviewed and updated.
π 5 min read
π https://netlas.io/blog/how_to_find_unprotected_databases_chapter_2/
netlas.io
How to find unprotected databases with Netlas.io: Chapter 2 - Netlas Blog
Continue to study the importance of database security using the examples of Netlas searches. This time youβll even see hacked databases!
π5β€3
CVE-2026-4112 and other: SQL injection and TOTP vulnerabilities in SonicWall SMA 1000 Series, up to 7.2 rating βοΈ
The most severe vulnerability (SQL injection) allows remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator.
Search at Netlas.io:
π Link: https://nt.ls/mzseI
π Dork: http.favicon.hash_sha256:6bb6f64adaa6a7ed4da10a2fe4edf4cb4d9914aa742c7ad607ca4ca678dcd3f1 OR certificate.subject_dn:"HTTPS Management Certificate for SonicWALL (self-signed)"
Vendor's advisory: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0003
The most severe vulnerability (SQL injection) allows remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator.
Search at Netlas.io:
π Link: https://nt.ls/mzseI
π Dork: http.favicon.hash_sha256:6bb6f64adaa6a7ed4da10a2fe4edf4cb4d9914aa742c7ad607ca4ca678dcd3f1 OR certificate.subject_dn:"HTTPS Management Certificate for SonicWALL (self-signed)"
Vendor's advisory: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0003
β€4π₯4
CVE-2026-5173, CVE-2026-1092, CVE-2025-12664 and other: Vulnerabilities in GitLab CE and EE, up to 8.5 rating π₯
Several vulnerabilities in GitLab could compromise code integrity and allow an unauthenticated user to cause denial of service.
Search at Netlas.io:
π Link: https://nt.ls/QGxUF
π Dork: http.title:"GitLab" OR http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef
Vendor's advisory: https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/
Several vulnerabilities in GitLab could compromise code integrity and allow an unauthenticated user to cause denial of service.
Search at Netlas.io:
π Link: https://nt.ls/QGxUF
π Dork: http.title:"GitLab" OR http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef
Vendor's advisory: https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/
β€2π2π₯2
CVE-2026-40175: Unrestricted Cloud Metadata Exfiltration in Axios, 10.0 rating π±
A critical security vulnerability in Axios allows prototype pollution in any third-party dependency to be escalated into RCE or Full Cloud Compromise. PoC is now available!
Search at Netlas.io:
π Link: https://nt.ls/i7rT8
π Dork: tag.name:"axios"
Read more:
https://github.com/axios/axios/security/advisories/GHSA-fvcv-3m26-pcqx
A critical security vulnerability in Axios allows prototype pollution in any third-party dependency to be escalated into RCE or Full Cloud Compromise. PoC is now available!
Search at Netlas.io:
π Link: https://nt.ls/i7rT8
π Dork: tag.name:"axios"
Read more:
https://github.com/axios/axios/security/advisories/GHSA-fvcv-3m26-pcqx
π₯5β€3
CVE-2026-32201: Microsoft SharePoint Server Spoofing Vulnerability, 6.5 rating βοΈ
Improper input validation in Microsoft SharePoint Server allows an unauthorized attacker to perform spoofing over a network and view sensitive internal data or make unauthorized changes. This vulnerability is already being actively exploited in the wild!
Search at Netlas.io:
π Link: https://nt.ls/DjQpd
π Dork: http.headers.microsoftsharepointteamservices:*
π Dork (MS subdomains filtered): http.headers.microsoftsharepointteamservices:* !host:*.sharepoint.com
Vendor's advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201
Improper input validation in Microsoft SharePoint Server allows an unauthorized attacker to perform spoofing over a network and view sensitive internal data or make unauthorized changes. This vulnerability is already being actively exploited in the wild!
Search at Netlas.io:
π Link: https://nt.ls/DjQpd
π Dork: http.headers.microsoftsharepointteamservices:*
π Dork (MS subdomains filtered): http.headers.microsoftsharepointteamservices:* !host:*.sharepoint.com
Vendor's advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201
π5π₯4β€3
π€ Abuse of Telegram Bot API
Exploring how attackers misuse Telegram bots in real-world campaigns.
β’ Learn how attackers use Telegram for C2, telemetry, and data exfiltration
β’ See detailed case studies with real IOCs
β’ Understand stable detection patterns that work beyond hashes and domains
β±οΈ 15 min read
ππΌ Read the post:
https://netlas.io/blog/abuse_of_telegram_bot_api/
Exploring how attackers misuse Telegram bots in real-world campaigns.
β’ Learn how attackers use Telegram for C2, telemetry, and data exfiltration
β’ See detailed case studies with real IOCs
β’ Understand stable detection patterns that work beyond hashes and domains
β±οΈ 15 min read
ππΌ Read the post:
https://netlas.io/blog/abuse_of_telegram_bot_api/
netlas.io
Telegram Bot API Abuse - Netlas Blog
How threat actors abuse Telegram Bot API for phishing, telemetry, and malware delivery. Hunting techniques and case studies.
β€5π₯5
CVE-2026-40530, CVE-2026-4036, and others: Vulnerabilities in Synology DSM, up to 8.0 rating π₯
Several vulnerabilities in Synology DiskStation Manager (DSM) allow remote authenticated attacker to read or write files, conduct denial-of-service attacks, and obtain information, including arbitrary sharing files.
Search at Netlas.io:
π Link: https://nt.ls/Ap4pz
π Dork: http.favicon.hash_sha256:b8f4bb2e2ba81cb86875fb89db4571278d6e23fd888313d0f4152b1adbc8bd08
Vendor's advisory: https://www.synology.com/en-us/security/advisory/Synology_SA_26_06
Several vulnerabilities in Synology DiskStation Manager (DSM) allow remote authenticated attacker to read or write files, conduct denial-of-service attacks, and obtain information, including arbitrary sharing files.
Search at Netlas.io:
π Link: https://nt.ls/Ap4pz
π Dork: http.favicon.hash_sha256:b8f4bb2e2ba81cb86875fb89db4571278d6e23fd888313d0f4152b1adbc8bd08
Vendor's advisory: https://www.synology.com/en-us/security/advisory/Synology_SA_26_06
π₯5β€3π2
Netlas v1.7 is out
π Private Scanner Reports β summarized scan results for quick review and comparison.
𧩠Datasets now use NDJSON/JSONL format β easier to stream from archives.
π Improved discovery & mapping UI, mobile experience, and host view.
Details at https://docs.netlas.io/changelog/
π Private Scanner Reports β summarized scan results for quick review and comparison.
𧩠Datasets now use NDJSON/JSONL format β easier to stream from archives.
π Improved discovery & mapping UI, mobile experience, and host view.
Details at https://docs.netlas.io/changelog/
docs.netlas.io
Changelog - Netlas Docs
Explore the latest updates, enhancements, and fixes on the Netlas platform. Stay informed with our Changelog for all product and feature developments.
π₯4β€2
CVE-2026-33557, and CVE-2026-33558: Vulnerabilities in Apache Kafka, up to 9.1 rating π₯
Two new vulnerabilities in Apache Kafka: the first allows attacker to generate their own JWT from any issuer, the second flow is the sensitive information disclosure, if the NetworkClient component is set to the DEBUG log level.
Search at Netlas.io:
π Link: https://nt.ls/M6oTa
π Dork: http.title:βkafkaβ OR http.title:βApache Kafkaβ OR http.body:βkafkaβ OR http.body:βApache Kafkaβ
Read more: https://kafka.apache.org/community/cve-list/
Two new vulnerabilities in Apache Kafka: the first allows attacker to generate their own JWT from any issuer, the second flow is the sensitive information disclosure, if the NetworkClient component is set to the DEBUG log level.
Search at Netlas.io:
π Link: https://nt.ls/M6oTa
π Dork: http.title:βkafkaβ OR http.title:βApache Kafkaβ OR http.body:βkafkaβ OR http.body:βApache Kafkaβ
Read more: https://kafka.apache.org/community/cve-list/
π₯4π3β€2
CVE-2026-21571: OS Command Injection in Atlassian Bamboo Data Center, 9.4 rating π₯
RCE vulnerability in Atlassian Bamboo Data Center allows an authenticated attacker to execute commands on affected servers. It may cause to full server compromise.
Search at Netlas.io:
π https://nt.ls/KqPWl
Vendor's advisory: https://jira.atlassian.com/browse/BAM-26364
RCE vulnerability in Atlassian Bamboo Data Center allows an authenticated attacker to execute commands on affected servers. It may cause to full server compromise.
Search at Netlas.io:
π https://nt.ls/KqPWl
Vendor's advisory: https://jira.atlassian.com/browse/BAM-26364
π₯5π3π3
Netlas Python SDK & CLI v0.8.2 is now available via
This release adds SDK and CLI support for the new Private Scanner Reports feature introduced in Netlas v1.7.
Details at https://docs.netlas.io/changelog/
pip and brew.This release adds SDK and CLI support for the new Private Scanner Reports feature introduced in Netlas v1.7.
Details at https://docs.netlas.io/changelog/
docs.netlas.io
Changelog - Netlas Docs
Explore the latest updates, enhancements, and fixes on the Netlas platform. Stay informed with our Changelog for all product and feature developments.
π₯8
π§ Planned Maintenance
Netlas will be unavailable for up to two hours on the weekend of April 26, 2026, starting at 08:00 UTC.
We will be reconfiguring our network. We expect the downtime to be no longer than two hours and will work to complete it as quickly as possible.
Thank you for your understanding and patience. We are sorry for any inconvenience this may cause.
Netlas will be unavailable for up to two hours on the weekend of April 26, 2026, starting at 08:00 UTC.
We will be reconfiguring our network. We expect the downtime to be no longer than two hours and will work to complete it as quickly as possible.
Thank you for your understanding and patience. We are sorry for any inconvenience this may cause.
π’2β€1π1π₯°1
CVE-2026-3844: Unrestricted Arbitrary File Upload in Breeze WordPress plugin, 9.8 rating π₯
Unrestricted Arbitrary File Upload in Breeze WordPress plugin allows an unauthenticated attacker to upload web shell and execute it remotely. This vulnerability is already being actively exploited in the wild!
Search at Netlas.io:
π https://nt.ls/61VeQ
π Dork: http.body:"plugins/breeze"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/breeze/breeze-cache-244-unauthenticated-arbitrary-file-upload-via-fetch-gravatar-from-remote
Unrestricted Arbitrary File Upload in Breeze WordPress plugin allows an unauthenticated attacker to upload web shell and execute it remotely. This vulnerability is already being actively exploited in the wild!
Search at Netlas.io:
π https://nt.ls/61VeQ
π Dork: http.body:"plugins/breeze"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/breeze/breeze-cache-244-unauthenticated-arbitrary-file-upload-via-fetch-gravatar-from-remote
π₯4π2β€1
CVE-2026-42231 and CVE-2026-42232: Two Prototype Pollution vulnerabilities in n8n, 9.4 & 10.0 rating π₯π₯
Two recently disclosed Prototype Pollution vulnerabilities in n8n allow an authenticated attacker to execute arbitrary code on the server.
Search at Netlas.io:
π https://nt.ls/beZWa
π Dork: http.title:"n8n.io - Workflow Automation"
Read more: https://github.com/n8n-io/n8n/security
Two recently disclosed Prototype Pollution vulnerabilities in n8n allow an authenticated attacker to execute arbitrary code on the server.
Search at Netlas.io:
π https://nt.ls/beZWa
π Dork: http.title:"n8n.io - Workflow Automation"
Read more: https://github.com/n8n-io/n8n/security
β€4π2π₯2
CVE-2026-42208: SQL Injection in LiteLLM, 9.3 rating π₯
Pre-authentication SQL Injection in LiteLLM allows an attacker to read data from the proxy's database and modify it. This vulnerability is already being actively exploited in the wild!
Search at Netlas.io:
π https://nt.ls/4MNkt
π Dork: http.title:LiteLLM OR http.favicon.hash_sha256:26e3e882e76c2dc171b1bda49455641e812b3524f1692729b1fde849b7d52a6f
Read more: https://webflow.sysdig.com/blog/cve-2026-42208-targeted-sql-injection-against-litellms-authentication-path-discovered-36-hours-following-vulnerability-disclosure
Pre-authentication SQL Injection in LiteLLM allows an attacker to read data from the proxy's database and modify it. This vulnerability is already being actively exploited in the wild!
Search at Netlas.io:
π https://nt.ls/4MNkt
π Dork: http.title:LiteLLM OR http.favicon.hash_sha256:26e3e882e76c2dc171b1bda49455641e812b3524f1692729b1fde849b7d52a6f
Read more: https://webflow.sysdig.com/blog/cve-2026-42208-targeted-sql-injection-against-litellms-authentication-path-discovered-36-hours-following-vulnerability-disclosure
β€2π2π₯°2π₯1