Horus Secure Analyst
All articles
Operations

Unpatched software

Attacking known vulnerabilities in outdated dependencies.

What it is

Most breaches are not 0-days — they're old CVEs in dependencies you forgot to update.

How attackers exploit it

Attackers scan the internet for fingerprints (versions in headers, generator meta, JS bundles) and exploit matches.

How to protect against it

  • Subscribe to security advisories for your stack.
  • Use `npm audit` / `bun audit` / Dependabot / Renovate to keep deps current.
  • Remove version disclosure from headers and metadata.
  • Run Horus Secure Analyst monthly and fix anything in the High/Critical lane.

Platform-specific tips

  • WordPress: Delete unused plugins and themes; auto-update minor releases; remove `/readme.html`.
  • Shopify: Keep theme dependencies current; review installed apps for unused permissions.
Reference videos
Why most breaches are unpatched CVEs
SANS
Further reading

Want to see if your site is at risk?

Run a free scan and get a Hackability Score for your site.