Blog
News and updates from OffSec
Jun 3, 2025
May 2025 Content & Platform Update
Discover OffSec’s May 2025 update: opt-in Talent Finder profiles and a wealth of new labs—including Cyber Range, Proving Grounds, Defensive, and Challenge Labs.
Categories
Insights
OffSec’s Take on the Global Generative AI Adoption Index
Discover OffSec’s take on the latest Global Generative AI Adoption Index report released by AWS.
May 30, 2025
3 min read
Research & Tutorials
CVE-2025-0655 – Remote Code Execution in D-Tale via Unprotected Custom Filters
A critical remote code execution (RCE) vulnerability in the D-Tale data visualization tool was identified which allowed attackers to execute arbitrary system exams, abusing an exposed API endpoint.
May 29, 2025
2 min read
Insights
Recompiling Your “Self”: A Cybersecurity-Inspired Guide to Resilience
A recap of our mental health OffSec LIVE session, with tips on ensuring intentional change, self-awareness, and digital resilience in cybersecurity.
May 28, 2025
8 min read
Research & Tutorials
CVE-2024-46986 – Arbitrary File Write in Camaleon CMS Leading to RCE
A vulnerability was discovered in Camaleon CMS authenticating attackers to write files on the file system which enabled them to execut remote code under certain conditions.
May 22, 2025
2 min read
Research & Tutorials
CVE-2024-2928: MLflow Local File Inclusion via URI Fragment Manipulation
Read about an LFI vulnerability disclosed in MLflow which allowed unauthenticated remote attackers to read arbitrary files by exploiting URI fragments containing directory traversal sequences.
May 15, 2025
3 min read
Product Updates
April 2025 Content & Platform Update
Explore OffSec’s April 2025 Update with new PEN-300 and WEB-300 challenge labs, fresh IR-200 videos, and expanded Offensive & Defensive Cyber Range content.
May 12, 2025
Research & Tutorials
CVE-2025-23211: Tandoor Recipes Jinja2 SSTI to Remote Code Execution
A critical SSTI vulnerability was discovered in the open-source meal planning application Tandoor Recipes leading to a full system compromise.
May 8, 2025
2 min read
Research & Tutorials
CVE-2025-29927: Next.js Middleware Authorization Bypass
In this CVE blog, we explore a vulnerability in Next.js stemming from the improper trust of the x-middleware-subrequest header.
May 1, 2025
3 min read
Enterprise Security
When AI Becomes the Weak Link: Rethinking Supply Chain Security
AI is becoming a hidden entry point in supply chain attacks. Here’s why it matters and what organizations must do to stay protected.
Apr 30, 2025
7 min read
Research & Tutorials
CVE-2025-32433: Vulnerability in Erlang/OTP SSH Implementation
Read about a critical vulnerability found in the SSH implementation of Erlang/OTP arising from improper handling of SSH protocol messages.
Apr 23, 2025
3 min read
Research & Tutorials
CVE-2024-13059: Exploiting Path Traversal in AnythingLLM for Remote Code Execution
Discover CVE-2024-13059, a critical vulnerability flat that affects AnythingLLM’s handling of ASCII filenames in the multer library.
Apr 17, 2025
2 min read
Enterprise Security
How OSCP Holders Can Lead Their Teams to Greater Cybersecurity Resilience
Champion OSCP training in your organization to build a unified, resilient security team.
Apr 11, 2025
6 min read
Join the OffSec Community!
Our community members connect, communicate and collaborate on all things cybersecurity.