Blog

Get Noticed: 5 Cybersecurity Job Hunt Tips

If you’ve already set your heart on your chosen career path, you might understand that getting noticed by the right employer isn’t always straightforward.  When we speak with OffSec learners, many will say that getting the first job is the hardest part. Some candidates will spend 6–12 months job-hunting, applying to hundreds of roles with

Talent Finder: The Smarter Way to Hire and Get Hired

Talent Finder connects certified cybersecurity professionals with companies that value proven skill. It’s a smarter way to hire and get hired.

CVE-2025-27136 – LocalS3 CreateBucketConfiguration Endpoint XXE Injection

Discover how CVE-2025-27136, a critical XXE vulnerability in LocalS3’s CreateBucketConfiguration endpoint, can be exploited to access sensitive files. Learn how the flaw works and how to mitigate it.

How OffSec Certifications Help You Hire With Confidence

Hire cyber talent with confidence: OffSec certifications prove candidates can perform under pressure, not just talk the talk.

CVE-2024-12029 – InvokeAI Deserialization of Untrusted Data vulnerability

CVE-2024-12029: A critical deserialization vulnerability in InvokeAI’s /api/v2/models/install endpoint allows remote code execution via malicious model files. Exploit risk for AI art servers.

What is Phishing? Introduction to Phishing Demo (for Beginners)

Learn how phishing attacks work and how to spot them. Watch OffSec’s animated video to protect yourself from scams, spoofed sites, and social engineering.

CVE-2025-27636 – Remote Code Execution in Apache Camel via Case-Sensitive Header Filtering Bypass

Discover the critical Apache Camel vulnerability (CVE-2025-27636) that allows remote code execution via case-sensitive HTTP header manipulation in the exec component. Learn how attackers exploit this flaw and how to mitigate it.

CVE-2025-29306 – Unauthenticated Remote Code Execution in FoxCMS v1.2.5 via Unserialize Injection

Discover details about CVE-2025-29306, a critical RCE vulnerability in FoxCMS 1.2.5. Learn how unsafe use of PHP’s unserialize() function enables remote attackers to execute arbitrary system commands.

June 2025 Content & Platform Update

CVE-2024-39914 – Unauthenticated Command Injection in FOG Project’s export.php

Discover details about CVE-2024-39914, a critical unauthenticated command injection vulnerability in FOG Project ≤ 1.5.10.34. Learn how attackers can exploit export.php to execute system commands or deploy persistent webshells.

What It Really Means to “Try Harder”

Discover how OffSec’s “Try Harder” mantra evolved into a mindset, and how it helps learners build grit, creativity, and real-world problem-solving skills.

CVE-2025-3248 – Unauthenticated Remote Code Execution in Langflow via Insecure Python exec Usage

CVE-2025-3248 is a critical RCE vulnerability in Langflow that allows unauthenticated attackers to execute arbitrary Python code via unsanitized input to exec(). Learn how it works and how to protect your system.