Blog | OffSec

Blog

News and updates from OffSec

Research & Tutorials

May 15, 2025

3 min read

CVE-2024-2928: MLflow Local File Inclusion via URI Fragment Manipulation

Read about an LFI vulnerability disclosed in MLflow which allowed unauthenticated remote attackers to read arbitrary files by exploiting URI fragments containing directory traversal sequences.

Read more

Research & Tutorials

CVE-2025-23211: Tandoor Recipes Jinja2 SSTI to Remote Code Execution

A critical SSTI vulnerability was discovered in the open-source meal planning application Tandoor Recipes leading to a full system compromise.

May 8, 2025

2 min read

Research & Tutorials

CVE-2025-29927: Next.js Middleware Authorization Bypass

In this CVE blog, we explore a vulnerability in Next.js stemming from the improper trust of the x-middleware-subrequest header.

May 1, 2025

3 min read

Enterprise Security

When AI Becomes the Weak Link: Rethinking Supply Chain Security

AI is becoming a hidden entry point in supply chain attacks. Here’s why it matters and what organizations must do to stay protected.

Apr 30, 2025

7 min read

Research & Tutorials

CVE-2025-32433: Vulnerability in Erlang/OTP SSH Implementation

Read about a critical vulnerability found in the SSH implementation of Erlang/OTP arising from improper handling of SSH protocol messages.

Apr 23, 2025

3 min read

Research & Tutorials

CVE-2024-13059: Exploiting Path Traversal in AnythingLLM for Remote Code Execution

Discover CVE-2024-13059, a critical vulnerability flat that affects AnythingLLM’s handling of ASCII filenames in the multer library.

Apr 17, 2025

2 min read

Enterprise Security

How OSCP Holders Can Lead Their Teams to Greater Cybersecurity Resilience

Champion OSCP training in your organization to build a unified, resilient security team.

Apr 11, 2025

6 min read

Research & Tutorials

CVE-2024-57727: Path Traversal Vulnerability in SimpleHelp Web Application

CVE-2024-57727 lets attackers read sensitive files via path traversal in SimpleHelp. Learn more about how attackers exploit this flaw.

Apr 10, 2025

3 min read

Penetration Testing

AI Penetration Testing: How to Secure LLM Systems

Explore how AI penetration testing enhances LLM security, addressing unique vulnerabilities and improving cyber defenses.

Apr 3, 2025

8 min read

Research & Tutorials

CVE-2024-9956: Critical WebAuthentication Vulnerability in Google Chrome on Android

Discover CVE-2024-9956, a critical Chrome flaw on Android allowing Bluetooth-based PassKey theft, and learn key mitigation strategies.

Mar 26, 2025

3 min read

OffSec News

Learn Secure Java Development with OffSec’s New Course

Master secure Java coding with OffSec’s SJD-100 course. Enhance app security and gain hands-on experience to secure your coding practices.

Mar 18, 2025

4 min read

Insights

Creating an Inclusive Cybersecurity Culture

Transform your cybersecurity culture by strategically improving women’s representation and cultivating meaningful inclusion.

Mar 17, 2025

4 min read

Research & Tutorials

PostgreSQL Exploit

Sharpen your hacking skills! Learn from our walkthrough of a PostgreSQL exploit in the Nibbles machine on PG Practice.

Mar 12, 2025

4 min read

Showing 1 - 13 of 381 entries