Blog | OffSec

Blog

News and updates from OffSec

Research & Tutorials

Apr 17, 2025

2 min read

CVE-2024-13059: Exploiting Path Traversal in AnythingLLM for Remote Code Execution

Discover CVE-2024-13059, a critical vulnerability flat that affects AnythingLLM’s handling of ASCII filenames in the multer library.

Read more

Enterprise Security

How OSCP Holders Can Lead Their Teams to Greater Cybersecurity Resilience

Champion OSCP training in your organization to build a unified, resilient security team.

Apr 11, 2025

6 min read

Research & Tutorials

CVE-2024-57727: Path Traversal Vulnerability in SimpleHelp Web Application

CVE-2024-57727 lets attackers read sensitive files via path traversal in SimpleHelp. Learn more about how attackers exploit this flaw.

Apr 10, 2025

3 min read

Penetration Testing

AI Penetration Testing: How to Secure LLM Systems

Explore how AI penetration testing enhances LLM security, addressing unique vulnerabilities and improving cyber defenses.

Apr 3, 2025

8 min read

Research & Tutorials

CVE-2024-9956: Critical WebAuthentication Vulnerability in Google Chrome on Android

Discover CVE-2024-9956, a critical Chrome flaw on Android allowing Bluetooth-based PassKey theft, and learn key mitigation strategies.

Mar 26, 2025

3 min read

OffSec News

Learn Secure Java Development with OffSec’s New Course

Master secure Java coding with OffSec’s SJD-100 course. Enhance app security and gain hands-on experience to secure your coding practices.

Mar 18, 2025

4 min read

Insights

Creating an Inclusive Cybersecurity Culture

Transform your cybersecurity culture by strategically improving women’s representation and cultivating meaningful inclusion.

Mar 17, 2025

4 min read

Research & Tutorials

PostgreSQL Exploit

Sharpen your hacking skills! Learn from our walkthrough of a PostgreSQL exploit in the Nibbles machine on PG Practice.

Mar 12, 2025

4 min read

Insights

Empowering Women in Cybersecurity: How Education and Training Are Key

While women represent only 24% of the cybersecurity workforce, hands-on training is changing the game.

Feb 28, 2025

5 min read

Insights

Women in Cybersecurity Leadership: Inspiring Role Models at the Top

Celebrate Women’s History Month by recognizing the women shaping cybersecurity and driving innovation in the industry.

Feb 24, 2025

11 min read

Federal

Addressing the Unique Cybersecurity Challenges Faced by Government Agencies

Explore the unique cybersecurity challenges government agencies face and how tailored strategies can protect national security and public trust.

Feb 12, 2025

8 min read

Enterprise Security

Building a Cyber-Resilient Public Sector Through Hands-on Security Training

Learn how hands-on cybersecurity training equips public sector teams to protect critical infrastructure, featuring real-world cases from Atlanta, Oldsmar, and Texas that demonstrate why practical experience trumps theoretical knowledge alone. Discover why agencies are moving beyond certifications to combat-ready security training.

Feb 5, 2025

4 min read

Research & Tutorials

CVE-2025-21298: A Critical Windows OLE Zero-Click Vulnerability

Explore CVE-2025-21298, a critical Windows OLE zero-click flaw enabling RCE via email. Learn its risks, impact, and how to defend against attacks.

Feb 3, 2025

3 min read

Showing 1 - 13 of 376 entries