Category: OffSec

A recap of our mental health OffSec LIVE session, with tips on ensuring intentional change, self-awareness, and digital resilience in cybersecurity. The post Recompiling Your “Self”: A Cybersecurity-Inspired Guide to Resilience appeared first on OffSec. This article has been indexed…

Read more →

A vulnerability was discovered in Camaleon CMS authenticating attackers to write files on the file system which enabled them to execut remote code under certain conditions. The post CVE-2024-46986 – Arbitrary File Write in Camaleon CMS Leading to RCE appeared…

Read more →

Read about an LFI vulnerability disclosed in MLflow which allowed unauthenticated remote attackers to read arbitrary files by exploiting URI fragments containing directory traversal sequences. The post CVE-2024-2928: MLflow Local File Inclusion via URI Fragment Manipulation appeared first on OffSec.…

Read more →

A criticial SSTI vulnerability was discovered in the open-source meal planning application Tandoor Recipes leading to a full system compromise. The post CVE-2025-23211: Tandoor Recipes Jinja2 SSTI to Remote Code Execution appeared first on OffSec. This article has been indexed…

Read more →

In this CVE blog, we explore a vulnerability in Next.js stemming from the improper trust of the x-middleware-subrequest header. The post CVE-2025-29927: Next.js Middleware Authorization Bypass appeared first on OffSec. This article has been indexed from OffSec Read the original…

Read more →

AI is becoming a hidden entry point in supply chain attacks. Here’s why it matters and what organizations must do to stay protected. The post When AI Becomes the Weak Link: Rethinking Supply Chain Security appeared first on OffSec. This…

Read more →

Read about a critical vulnerability found in the SSH implementation of Erlang/OTP arising from improper handling of SSH protocol messages. The post CVE-2025-32433: Vulnerability in Erlang/OTP SSH Implementation appeared first on OffSec. This article has been indexed from OffSec Read…

Read more →

Read about a critical vulnerability found in the SSH implementation of Erlang/OTP arising from improper handling of SSH protocol messages. The post CVE-2025-32433: Vulnerability in Erlang/OTP SSH Implementation appeared first on OffSec. This article has been indexed from OffSec Read…

Read more →

Discover CVE-2024-13059, a critical vulnerability flat that affects AnythingLLM’s handling of ASCII filenames in the multer library. The post CVE-2024-13059: Exploiting Path Traversal in AnythingLLM for Remote Code Execution appeared first on OffSec. This article has been indexed from OffSec…

Read more →

Champion OSCP training in your organization to build a unified, resilient security team. The post How OSCP Holders Can Lead Their Teams to Greater Cybersecurity Resilience appeared first on OffSec. This article has been indexed from OffSec Read the original…

Read more →

CVE-2024-57727 lets attackers read sensitive files via path traversal in SimpleHelp. Learn more about how attackers exploit this flaw. The post CVE-2024-57727: Path Traversal Vulnerability in SimpleHelp Web Application appeared first on OffSec. This article has been indexed from OffSec…

Read more →

Explore how AI penetration testing enhances LLM security, addressing unique vulnerabilities and improving cyber defenses. The post AI Penetration Testing: How to Secure LLM Systems appeared first on OffSec. This article has been indexed from OffSec Read the original article:…

Read more →

Discover CVE-2024-9956, a critical Chrome flaw on Android allowing Bluetooth-based PassKey theft, and learn key mitigation strategies. The post CVE-2024-9956: Critical WebAuthentication Vulnerability in Google Chrome on Android appeared first on OffSec. This article has been indexed from OffSec Read…

Read more →

Master secure Java coding with OffSec’s SJD-100 course. Enhance app security and gain hands-on experience to secure your coding practices. The post Learn Secure Java Development with OffSec’s New Course appeared first on OffSec. This article has been indexed from…

Read more →

Transform your cybersecurity culture by strategically improving women’s representation and cultivating meaningful inclusion. The post Creating an Inclusive Cybersecurity Culture appeared first on OffSec. This article has been indexed from OffSec Read the original article: Creating an Inclusive Cybersecurity Culture

Read more →

Sharpen your hacking skills! Learn from our walkthrough of a PostgreSQL exploit in the Nibbles machine on PG Practice. The post PostgreSQL Exploit appeared first on OffSec. This article has been indexed from OffSec Read the original article: PostgreSQL Exploit

Read more →

While women represent only 24% of the cybersecurity workforce, hands-on training is changing the game. The post Empowering Women in Cybersecurity: How Education and Training Are Key appeared first on OffSec. This article has been indexed from OffSec Read the…

Read more →

Throughout history, women have been at the forefront of solving problems and driving innovation, especially in STEM. From Ada Lovelace creating the first computer algorithm to Katherine Goble Johnson who calculated and analyzed the flight paths of spacecraft, women have…

Read more →

Explore the unique cybersecurity challenges government agencies face and how tailored strategies can protect national security and public trust. The post Addressing the Unique Cybersecurity Challenges Faced by Government Agencies appeared first on OffSec. This article has been indexed from…

Read more →

Learn how hands-on cybersecurity training equips public sector teams to protect critical infrastructure, featuring real-world cases from Atlanta, Oldsmar, and Texas that demonstrate why practical experience trumps theoretical knowledge alone. Discover why agencies are moving beyond certifications to combat-ready security…

Read more →