NYC, New York, January 29, 2026 - Silent Breach, a global leader in cybersecurity research and offensive security services, today disclosed the discovery of a critical zero-day vulnerability affecting a US Department of Defense (DoD) network application. The vulnerability, discovered by Silent Breach Labs' advanced research division, allowed unauthenticated attackers to read sensitive files from the server without requiring login credentials or authentication.

The security flaw was identified in a web application running on US DoD infrastructure. Researchers discovered that the application could be exploited to read protected files, ultimately exposing administrator credentials and other sensitive system information.

"This discovery underscores the critical importance of continuous security research and proactive vulnerability hunting, especially for systems protecting national security infrastructure," said Marc Castejon, CEO of Silent Breach. "Our Labs division exists precisely to identify these types of critical vulnerabilities before adversaries can weaponize them. We're proud to have worked with the Department of Defense to ensure this issue was addressed swiftly and responsibly."


Impact & Remediation
The vulnerability represented a significant security risk, as it could have allowed malicious actors to:

• Access sensitive files without authentication

• Obtain administrator password information

• Potentially retrieve database credentials, API keys, and other critical system secrets

Silent Breach responsibly disclosed the vulnerability to the US Department of Defense through the DoD Vulnerability Disclosure Program on HackerOne in 2024. Following established responsible disclosure practices, Silent Breach worked closely with the DoD security team throughout the validation and remediation process. After an extended patching and verification period, the DoD granted permission for public disclosure.


Silent Breach Labs
This discovery is the latest achievement from Silent Breach Labs, an advanced research division dedicated to zero-day discovery, exploit development, and adversarial threat intelligence. The Labs team combines red team methodologies with cutting-edge reverse engineering to identify emerging threats and strengthen global defenses before vulnerabilities can be exploited by malicious actors.

Silent Breach Labs has previously disclosed critical vulnerabilities affecting major organizations including Cloudflare, Sony, Apple iTunes, Intel, Wikipedia, and multiple government agencies worldwide. The division's mission is to understand how adversaries operate at the deepest technical level and use that knowledge to help organizations defend against tomorrow's attacks.

Organizations seeking to strengthen their security posture through advanced security research can contact Silent Breach at hello@silentbreach.com or visit www.silentbreach.com/labs to learn more about the Labs division's capabilities.


About Silent Breach: Silent Breach provides cutting-edge cybersecurity services designed to simulate, prevent, and respond to the most sophisticated cyber threats. With a client base spanning 20+ countries and multiple industries, Silent Breach empowers organizations to build resilience through offensive testing, managed detection, and continuous threat intelligence.

To learn more about the Silent Breach's Advanced 0-day Lab or request a media briefing, visit www.silentbreach.com.