Blog
News and updates from OffSec
May 12, 2025
April 2025 Content & Platform Update
Explore OffSec’s April 2025 Update with new PEN-300 and WEB-300 challenge labs, fresh IR-200 videos, and expanded Offensive & Defensive Cyber Range content.
Categories
Research & Tutorials
CVE-2025-23211: Tandoor Recipes Jinja2 SSTI to Remote Code Execution
A critical SSTI vulnerability was discovered in the open-source meal planning application Tandoor Recipes leading to a full system compromise.
May 8, 2025
2 min read
Research & Tutorials
CVE-2025-29927: Next.js Middleware Authorization Bypass
In this CVE blog, we explore a vulnerability in Next.js stemming from the improper trust of the x-middleware-subrequest header.
May 1, 2025
3 min read
Enterprise Security
When AI Becomes the Weak Link: Rethinking Supply Chain Security
AI is becoming a hidden entry point in supply chain attacks. Here’s why it matters and what organizations must do to stay protected.
Apr 30, 2025
7 min read
Research & Tutorials
CVE-2025-32433: Vulnerability in Erlang/OTP SSH Implementation
Read about a critical vulnerability found in the SSH implementation of Erlang/OTP arising from improper handling of SSH protocol messages.
Apr 23, 2025
3 min read
Research & Tutorials
CVE-2024-13059: Exploiting Path Traversal in AnythingLLM for Remote Code Execution
Discover CVE-2024-13059, a critical vulnerability flat that affects AnythingLLM’s handling of ASCII filenames in the multer library.
Apr 17, 2025
2 min read
Enterprise Security
How OSCP Holders Can Lead Their Teams to Greater Cybersecurity Resilience
Champion OSCP training in your organization to build a unified, resilient security team.
Apr 11, 2025
6 min read
Research & Tutorials
CVE-2024-57727: Path Traversal Vulnerability in SimpleHelp Web Application
CVE-2024-57727 lets attackers read sensitive files via path traversal in SimpleHelp. Learn more about how attackers exploit this flaw.
Apr 10, 2025
3 min read
Penetration Testing
AI Penetration Testing: How to Secure LLM Systems
Explore how AI penetration testing enhances LLM security, addressing unique vulnerabilities and improving cyber defenses.
Apr 3, 2025
8 min read
Product Updates
March 2025 Content & Platform Update
Discover OffSec’s March 2025 Update with new SJD-100 course, enhanced Achievements page, 14 new labs across ranges, and a fresh WEB-300 challenge lab.
Mar 27, 2025
Research & Tutorials
CVE-2024-9956: Critical WebAuthentication Vulnerability in Google Chrome on Android
Discover CVE-2024-9956, a critical Chrome flaw on Android allowing Bluetooth-based PassKey theft, and learn key mitigation strategies.
Mar 26, 2025
3 min read
OffSec News
Learn Secure Java Development with OffSec’s New Course
Master secure Java coding with OffSec’s SJD-100 course. Enhance app security and gain hands-on experience to secure your coding practices.
Mar 18, 2025
4 min read
Insights
Creating an Inclusive Cybersecurity Culture
Transform your cybersecurity culture by strategically improving women’s representation and cultivating meaningful inclusion.
Mar 17, 2025
4 min read
Join the OffSec Community!
Our community members connect, communicate and collaborate on all things cybersecurity.