Blog / Engineering / RapperBot botnet detection and mitigation with Wazuh

A botnet is a network of compromised internet-connected devices such as personal computers, servers, and Internet of Things (IoT) devices used to orchestrate cyberattacks.  Recently, in June 2022, an IoT family of malware dubbed “RapperBot” that affects Linux platforms was discovered. This malware has the potential to brute force credentials to gain access to password-protected […]

Blog / Engineering / Security observability on Linux with Wazuh and Tetragon

Security observability allows security teams to gain comprehensive visibility into the security posture of systems, applications, and networks by collecting and analyzing telemetry from various sources. These data sources, including logs, metrics, and traces, provide deep insights into diagnosing system issues and investigating security incidents. They also help to detect and respond to potential threats […]

Blog / Engineering / Docker container security monitoring with Wazuh

In this blog post, you can learn about Docker container security monitoring with Wazuh by monitoring Docker container events.

Blog / Engineering / Web shell attack detection with Wazuh

Installing a web shell on a web server is one way of achieving persistence. In our new blog post, we use Wazuh to detect web shell attacks.

Blog / Engineering / Detecting common Linux persistence techniques with Wazuh

Our new blog post shows how to detect common Linux persistence techniques with Wazuh by covering several common techniques.

Blog / Engineering / Hunting for suspicious Windows LNK files with Wazuh XDR

In this blog post we have shown how Wazuh detects the presence of suspicious and malicious LNK files in Windows endpoints.

Blog / Engineering / Building IoC files for threat intelligence with Wazuh XDR

This blog post shows how we leverage the Wazuh XDR capability to identify and store IoCs detected in an organization’s infrastructure.

Blog / Engineering / Configuration management of Wazuh endpoints using Ansible

Configuration management is the process of maintaining computer systems, servers, network devices, and software in a desired and consistent state. Configuration management tools allow you to quickly and remotely control large numbers of different endpoints in an automated way from a centralized location. There are several popular configuration management tools. These include Ansible, Chef, Puppet, […]

Blog / Engineering / Detecting Next.js CVE-2025-66478 RCE vulnerability with Wazuh

A critical severity Remote Code Execution (RCE) vulnerability affecting Next.js applications that use the App Router has been identified. This vulnerability is rated CVSS 10.0, disclosed as CVE-2025-66478 and allows remote code execution (RCE) when attacker-controlled requests are processed in unpatched environments. It stems from an upstream vulnerability in the React Server Components (RSC) protocol […]

Blog / Engineering / Detecting React CVE-2025-55182 RCE vulnerability with Wazuh

A critical severity Remote Code Execution (RCE) vulnerability disclosed as CVE-2025-55182, has been identified affecting the React Server Components (RSC) protocol. This vulnerability is rated CVSS 10.0 and allows unauthenticated attackers to execute arbitrary code on the server via insecure deserialization of malicious HTTP requests. The flaws also affect frameworks and bundlers that use the […]