DELTA OBSCURA
We are the team behind Mission Cyber Sentinel, a mission dedicated to securing 446,000 digital assets globally.
Mission Cyber Sentinel
Mission Cyber Sentinel is a global cybersecurity initiative focused on identifying and responsibly disclosing vulnerabilities in open-source software to protect over 446,000 online assets, including websites, servers, and IoT systems worldwide.
Mission Details
Start Date: Jan 11, 2025
Status: Completed
Completion Date: Jul 17, 2025
Contributors: 4
Description
Mission Cyber Sentinel is an international cybersecurity initiative dedicated to protecting over 446,000+ digital assets, including websites, servers, and IoT devices. Our mission is to identify security vulnerabilities in widely used open-source software, report them through responsible disclosure, and obtain CVE tracking IDs to enhance global cybersecurity posture.
Originally launched as a Canadian initiative by Hamed Kohi, the mission quickly evolved into a global effort. This transformation began when I partnered with Luke Smith and Alasdair Gorniak from the United Kingdom. A few weeks later, we welcomed Alexandru Ionuț Răducu from Romania to the team.
What started as a local initiative has grown into a global movement with over 10 CVEs assigned to date.
CVEs Assigned Under Mission Cyber Sentinel
| ID | Researcher(s) | CVE ID | Affected Assets | Software Name |
|---|---|---|---|---|
| 1 | Hamed Kohi | CVE-2024-57601 | 1,184 | EasyAppointments |
| 2 | Hamed Kohi | CVE-2024-57603 | 100 | ezBookkeeping |
| 3 | Hamed Kohi | CVE-2024-57605 | 100 | ezBookkeeping |
| 4 | Hamed Kohi | CVE-2025-47939 | 198,333 | Typo3 CMS |
| 5 | Hamed Kohi | CVE-2025-24854 | 1 | Apache JSPWiki |
| 6 | Alasdair Gorniak | CVE-2025-25497 | 27,200 | NetSweeper Firewall |
| 7 | Alasdair Gorniak & Hamed Kohi | CVE-2025-45892 | 214,793 | OpenCart eCommerce |
| 8 | Alasdair Gorniak & Hamed Kohi | CVE-2025-45893 | 214,793 | OpenCart eCommerce |
| 9 | Luke Smith & Hamed Kohi | CVE-2025-29868 | 1,200 | Apache Answer |
| 10 | Alexandru Ionuț Răducu | CVE-2025-32390 | 3,798 | Espo CRM |
| 11 | Alexandru Ionuț Răducu | CVE-2025-47781 | 345 | Rally CMS |
Conclusion
Mission Cyber Sentinel began with a bold vision: to identify and remediate vulnerabilities in critical open-source systems, and in doing so, protect 250,000 digital assets worldwide. Through international collaboration, technical excellence, and a steadfast commitment to responsible disclosure, the initiative not only met that goal but nearly doubled it.
With over 446,000 assets secured and 11 CVEs assigned, the mission stands as clear evidence that meaningful cybersecurity impact doesn't require large institutions, it requires passion, integrity, and collective effort.
Although the project officially concluded on July 17, 2025, its legacy endures in the software we've helped secure, the researchers we've empowered, and the global cybersecurity community we've strengthened.
Assuming even a modest estimate of 100 users or visitors per asset, we may have helped protect more than 44.6 million people from potential cyberattacks stemming from the vulnerabilities we uncovered.
Mission complete, impact ongoing.
Milestones
Contributors
| Name | Date Joined |
|---|---|
| Hamed Kohi | Jan 11, 2025 |
| Luke Smith | Jan 31, 2025 |
| Alasdair Gorniak | Jan 31, 2025 |
| Alexandru Ionut Raducu | Mar 28, 2025 |
Timeline of Events
Oct 18, 2024
Alasdair Gorniak identified a privilege escalation vulnerability in NetSweeper Firewall. Credited with CVE-2025-25497 on March 16th 2025.
Dec 22, 2024
Hamed Kohi identified & reported a cross-site scripting (XSS) & bruteforce vulnerability on EasyAppointments. Credited with CVE-2024-57601 & CVE-2024-57601 on Feb 3rd 2025.
Dec 27, 2024
Hamed Kohi identified 2 login bruteforce vulnerabilities in ezBookkeeping. Credited with CVE-2024-57603 & CVE-2024-57603 on Feb 3rd 2025.
Jan 01, 2025
Hamed Kohi identified cross-site scripting (XSS) vulnerability on Apache JSPWiki. Credited with CVE-2025-24854 on April 9th 2025.
Jan 03, 2025
Hamed Kohi identified [Bruteforce, XSS, SSRF, Privilege Escalation, Internal File read, RCE] on Vvveb CMS. Vendor acknowledged on GitHub; CVEs not yet assigned.
Feb 02, 2025
Hamed Kohi & Luke Smith identified CWE-495 (browser info leak) vulnerability on Apache Answer. Credited with CVE-2025-29868 on April 10th 2025.
Feb 19, 2025
Hamed Kohi identified unrestricted file upload misconfiguration in Typo3 CMS. Credited with CVE-2025-47939 on May 20th 2025; researcher was rewards with 150 Eur in bug bounties.
Apr 09, 2025
Alexandru Ionuț Răducu identified a HTML injection vulnerability on Espo CRM. Credited with CVE-2025-32390 on April 10th 2025.
Apr 19, 2025
Alasdair Gorniak & Hamed Kohi identified two XSS vulnerabilities on OpenCart CMS. Credited with CVE-2025-45892 & CVE-2025-45893 on June 2nd 2025.
May 13, 2025
Alexandru Ionuț Răducu identified an account takeover vulnerability on Rally CMS. Credited with CVE-2025-47781 on May 14th 2025.