Jed Security

🔐 Weekly #SecurityAlert: [HIGH] CVE-2024-39338 — #Axios SSRF via Path‑to‑Protocol Relative URL Handling • What vulnerability was discovered? A #vulnerability in Axios (v1.3.2–1.7.3) causes path-relative URLs (like /…) to be misinterpreted as protocol-relative, ignoring the baseURL and enabling requests to attacker-controlled domains. • Is it exploitable? Yes - no auth, no interaction, no complex setup needed. Attackers can trick the server into making SSRF requests to internal or external services. • Should I ignore it? Definitely not. Upgrade to Axios 1.7.4+ ASAP. Can't upgrade right away? Enforce strict URL input validation to block protocol-relative and malformed paths. 📌 Learn more including: • How this bug bypasses baseURL • Real-world scenarios for silent SSRF • Temporary mitigations you can apply today 🦎 Adapt to every threat, and stay safe! #cybersecurity #SSRF #infosec More in our website: https://lnkd.in/exgvAuf9

You don’t want to spend your time constantly adapting to every change in your cyber landscape - and hackers are counting on you to forget. That’s why we’re introducing Jillian the Chameleon, our Agentic Pen Testing Mascot. She blends into your ever-changing environment, staying one step ahead of predators and helping your team by exposing bugs quietly hiding in your space. At Jed Security, we turn pen tests into continuous, adaptive protection. From snapshots to full situational awareness. Automatically test with every change. Adapt to every threat. Just like Jillian.

𝗪𝗲𝗲𝗸𝗹𝘆 #𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆𝗔𝗹𝗲𝗿𝘁: [CRITICAL] CVE-2025-24813 - #Apache Tomcat Default Servlet Path Equivalence RCE & Info Disclosure • 𝗪𝗵𝗮𝘁 𝗩𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝘆 𝘄𝗮𝘀 𝗗𝗶𝘀𝗰𝗼𝘃𝗲𝗿𝗲𝗱? A #vulnerability in Apache Tomcat’s Default Servlet allows attackers to exploit path equivalence via the internal dot in file.Name. • 𝗜𝘀 𝗶𝘁 𝗘𝘅𝗽𝗹𝗼𝗶𝘁𝗮𝗯𝗹𝗲? Yes! Exploitation may allow a remote attacker to access and overwrite sensitive files. Remote code execution is also possible. • 𝗦𝗵𝗼𝘂𝗹𝗱 𝗜 𝗜𝗴𝗻𝗼𝗿𝗲 𝗶𝘁? No! It is highly recommended to upgrade to Apache Tomcat versions 11.0.3, 10.1.35, or 9.0.99. 𝗟𝗲𝗮𝗿𝗻 𝗺𝗼𝗿𝗲, 𝗶𝗻𝗰𝗹𝘂𝗱𝗶𝗻𝗴:  • When the vulnerability presents  • Configurations where remote code execution is possible  • Immediate risk reduction tactics  https://lnkd.in/eykNxAFv

In just 10 days, the Jed Security team touches down in Vegas. ☀️ Sunblock: packed. 📍 Booth 6519: secured. 👾 Exploit demos: ready. ❔ Cool mystery swag: purchased. Swing by and learn more about how we are revolutionizing the pen testing game (and maybe grab some of our cool mystery swag on your way). #BlackHat2025 #AgenticAI #PenTesting #ContinuousSecurity #DevSecOps #POCExploit #Cybersecurity #VulnerabilityManagement

Heading to BlackHat 2025? Stop at Booth 6519 - you’ll want to. Traditional pen testing is broken. Reports are outdated before you even get them. At Jed Security, we’ve built something different: 👾 Continuous pen tests triggered automatically by code/app changes and emerging threats 👾 90/10 model - AI does the heavy lifting, humans review the edge cases There's a lot more to the platform, so come get a demo and say hi to CEO and CTO, Ian Roncoroni and Itamar Lavender at Booth 6519!

You’re absolutely right. Today’s threat landscape isn’t just fast; it’s relentless. That’s exactly why we built Jed Security around exploitability-first defense. Instead of drowning in alerts, we use AI to pinpoint what is actually exploitable and generate Proof of Concept Exploit Code so teams can act on real threats, not just theoretical ones. Too many tools still operate in silos, so we integrate directly into your tech stack to provide unified telemetry and orchestrate incident response workflows more efficiently.

The cybersecurity game is changing. Headed to 𝗕𝗹𝗮𝗰𝗸 𝗛𝗮𝘁 𝗟𝗮𝘀 𝗩𝗲𝗴𝗮𝘀? There’s a new tech you’ll want on your radar. • Traditional, point-in-time pen testing? It's outdated.  • 𝗝𝗲𝗱’𝘀 𝗖𝗼𝗻𝘁𝗶𝗻𝘂𝗼𝘂𝘀 𝗣𝗲𝗻 𝗧𝗲𝘀𝘁𝗶𝗻𝗴 gives you real-time visibility into what’s actually exploitable. No guessing. No noise. Just proof with 𝗣𝗢𝗖 𝗘𝘅𝗽𝗹𝗼𝗶𝘁 𝗖𝗼𝗱𝗲 your devs can’t ignore. What this means for your team:   -> Less alert fatigue (finally)   -> Prioritize what’s 𝘳𝘦𝘢𝘭𝘭𝘺 a threat   -> Simplify your stack, no more 7 tools doing the job of 1 If you’ll be at Black Hat, grab coffee with our CEO (or something stronger because it’s Vegas, after all). He’ll show you how Jed is helping security teams like WeightWatchers get ahead of real threats.  Grab a time here: https://lnkd.in/eWzaPjvz #BlackHat2025 #CyberSecurity #CTEM #LasVegas

𝗪𝗵𝗮𝘁 𝗕𝗲𝗹𝗼𝗻𝗴𝘀 𝗶𝗻 𝗬𝗼𝘂𝗿 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗙𝗶𝗻𝗱𝗶𝗻𝗴𝘀 𝗗𝘂𝗺𝗽𝘀𝘁𝗲𝗿? Jed filters out noise to differentiate findings and show actionable alerts, while tossing the rest into a “Findings Dumpster.” This allows your team to focus on what truly matters. Give Jed a try. Get set up quickly with a free trial and see how many issues your #SecOps team should be tossing in your Findings Dumpster. #ThreatDetection #Cybersecurity https://lnkd.in/eGexdFgk

Is your #SecOps team 𝘀𝘁𝗿𝘂𝗴𝗴𝗹𝗶𝗻𝗴 𝘁𝗼 𝗿𝗲𝗺𝗲𝗱𝗶𝗮𝘁𝗲 𝗵𝗮𝗹𝗳 𝗮 𝗺𝗶𝗹𝗹𝗶𝗼𝗻 𝗳𝗶𝗻𝗱𝗶𝗻𝗴𝘀 daily? A stressful, impossible task.  Jed filters out noise to differentiate findings and show actionable alerts, while tossing the rest into our “Findings Dumpster.” This allows your team to focus on what truly matters. The result is:  • Less stress  • Less work  • More #SecurePosture https://lnkd.in/eGexdFgk