Rishi

@[email protected]
5 Followers
3 Following
51 Posts
Senior Security Researcher | UK OSINT Officer | OWASP Member | Project Discovery Pioneer | Purple Teamer | Privacy Advocate | Signal: @rxerium.02
Websitehttps://rxerium.com
RishiFeb 18

🚨 Mandiant have identified zero-day exploitation of a high-risk vulnerability in Dell RecoverPoint for Virtual Machines, tracked as CVE-2026-22769.

RecoverPoint can be detected using this Nuclei template:
https://github.com/projectdiscovery/nuclei-templates/pull/15377/changes

Very limited exposure to the internet.

Dell recommends upgrading to version 6.0.3.1 HF1 or later. Mitigations are also available.

Mandiant report:
https://cloud.google.com/blog/topics/threat-intelligence/unc6201-exploiting-dell-recoverpoint-zero-day

RishiFeb 5

Yet another critical vulnerability in n8n - CVE-2026-25049 (CVSS 9.4).

Vulnerability detection script here:
https://github.com/rxerium/rxerium-templates/blob/main/2026/CVE-2026-25049.yaml

Patched versions are 1.123.17 / 2.5.2 as per:
https://github.com/n8n-io/n8n/security/advisories/GHSA-6cqr-8cfr-67f8

RishiFeb 2
Dark Web Informer Feb 2

rxerium-templates: Nuclei scripts created by @rxerium for zero days / actively exploited vulnerabilities.

GitHub: https://github.com/rxerium/rxerium-templates

Vouch... I have posted a lot of his repos in the past.

RishiJan 29

🚨 2 new vulnerability scripts created for the n8n vulnerabilities disclosed today:

CVE-2026-1470:
https://github.com/rxerium/rxerium-templates/blob/main/2026/CVE-2026-1470.yaml

CVE-2026-0863:
https://github.com/rxerium/rxerium-templates/blob/main/2026/CVE-2026-0863.yaml

Happy hunting.

RishiJan 29

🚨 2 critical authentication bypass and remote command execution vulnerabilities in Solarwinds WHD have been disclosed.

Vulnerability detection scripts can be found below:
CVE-2025-40552:
https://github.com/rxerium/rxerium-templates/blob/main/2025/CVE-2025-40552.yaml

CVE-2025-40554:
https://github.com/rxerium/rxerium-templates/blob/main/2025/CVE-2025-40554.yaml

At the time of writing there are no signs of active exploitation in the wild but it is strongly recommended that you patch as per Solarwind's security advisory:
https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm

RishiJan 26

🔎 With all the recent buzz around Clawdbot, I've created a Nuclei template to fingerprint and detect this product:
https://github.com/projectdiscovery/nuclei-templates/pull/15055

Currently, there are 240 exposed instances (via Shodan) accessible on the internet at the time of posting, but I expect that number to grow:
https://www.shodan.io/search?query=clawdbot-gw

RishiJan 25
OWASP LondonJan 25

Many thanks to Rishi C (@rxerium) for presenting his talk: "DNS Based #OSINT Techniques for Product and Service Discovery"! at our meetup last Wednesday!

The video recording of the talk is now available to watch 📺 on the #OWASPLondon YouTube Channel [PLEASE SUBSCRIBE!]:
👇
https://www.youtube.com/watch?v=lGO3lGbAsKg

DNS Based OSINT Techniques for Product and Service Discovery - Rishi C

YouTube
RishiJan 21
Sam Stepanyan  🐘Jan 21

Our @OWASPLondon January meetup has just started and we have Rishi C @rxerium on stage talking about DNS based OSINT techniques!

Watch the Live-stream 📺 here:
👇
https://www.youtube.com/live/tekwkQzr_Hk?si=JpK7GOSGVoTGid_b

RishiJan 21

RE: https://infosec.exchange/@OWASPLondon/115934606319617609

It was a pleasure speaking at the OWASP London meetup today 🙏

RishiJan 14

🚨 CVE-2025-64155: Critical unauthenticated OS command injection in Fortinet FortiSIEM which may allow an unauthenticated attacker to execute unauthorised code or commands via crafted TCP requests. (CVSS 9.8)

I've created a vulnerability detection script here:
https://github.com/rxerium/rxerium-templates/blob/main/2025/CVE-2025-64155.yaml

Patches are strongly advised. If you are unable to patch it is recommended that you limit access to the phMonitor port (7900) as per Fortinet's advisory:
https://fortiguard.fortinet.com/psirt/FG-IR-25-772