Home OffSec
  • Pricing
Enroll now Sign in Search Contact us
Blog | OffSec

Blog

News and updates from OffSec

May 8, 2025

2 min read

CVE-2025-23211: Tandoor Recipes Jinja2 SSTI to Remote Code Execution

A critical SSTI vulnerability was discovered in the open-source meal planning application Tandoor Recipes leading to a full system compromise.

Read more

Research & Tutorials

CVE-2025-29927: Next.js Middleware Authorization Bypass

In this CVE blog, we explore a vulnerability in Next.js stemming from the improper trust of the x-middleware-subrequest header.

May 1, 2025

3 min read

Enterprise Security

When AI Becomes the Weak Link: Rethinking Supply Chain Security

AI is becoming a hidden entry point in supply chain attacks. Here’s why it matters and what organizations must do to stay protected.

Apr 30, 2025

7 min read

Research & Tutorials

CVE-2025-32433: Vulnerability in Erlang/OTP SSH Implementation

Read about a critical vulnerability found in the SSH implementation of Erlang/OTP arising from improper handling of SSH protocol messages.

Apr 23, 2025

3 min read

Research & Tutorials

CVE-2024-13059: Exploiting Path Traversal in AnythingLLM for Remote Code Execution

Discover CVE-2024-13059, a critical vulnerability flat that affects AnythingLLM’s handling of ASCII filenames in the multer library.

Apr 17, 2025

2 min read

Enterprise Security

How OSCP Holders Can Lead Their Teams to Greater Cybersecurity Resilience

Champion OSCP training in your organization to build a unified, resilient security team.

Apr 11, 2025

6 min read

Research & Tutorials

CVE-2024-57727: Path Traversal Vulnerability in SimpleHelp Web Application

CVE-2024-57727 lets attackers read sensitive files via path traversal in SimpleHelp. Learn more about how attackers exploit this flaw.

Apr 10, 2025

3 min read

Penetration Testing

AI Penetration Testing: How to Secure LLM Systems

Explore how AI penetration testing enhances LLM security, addressing unique vulnerabilities and improving cyber defenses.

Apr 3, 2025

8 min read

Research & Tutorials

CVE-2024-9956: Critical WebAuthentication Vulnerability in Google Chrome on Android

Discover CVE-2024-9956, a critical Chrome flaw on Android allowing Bluetooth-based PassKey theft, and learn key mitigation strategies.

Mar 26, 2025

3 min read

OffSec News

Learn Secure Java Development with OffSec’s New Course

Master secure Java coding with OffSec’s SJD-100 course. Enhance app security and gain hands-on experience to secure your coding practices.

Mar 18, 2025

4 min read

Insights

Creating an Inclusive Cybersecurity Culture

Transform your cybersecurity culture by strategically improving women’s representation and cultivating meaningful inclusion.

Mar 17, 2025

4 min read

Research & Tutorials

PostgreSQL Exploit

Sharpen your hacking skills! Learn from our walkthrough of a PostgreSQL exploit in the Nibbles machine on PG Practice.

Mar 12, 2025

4 min read

Insights

Empowering Women in Cybersecurity: How Education and Training Are Key

While women represent only 24% of the cybersecurity workforce, hands-on training is changing the game.

Feb 28, 2025

5 min read

Showing 14 - 26 of 392 entries

Join the OffSec Community!

Our community members connect, communicate and collaborate on all things cybersecurity.

By submitting this form, I agree to the processing of my personal data by OffSec as described in the Privacy Policy.