The Security blog

Vulnerability Cybersecurity Hack Advisories CVE Security research

CVE-2025-54309: From Authentication Bypass to Remote Command Execution in CrushFTP

Introduction Following the recent release of a proof-of-concept (PoC) by watchTowr Labs, derived from honeypot observations, we have elected to disclose our own independent research into this ...

Keith Lee 12min

Securing JFrog Artifactory: Addressing INFO-Level Vulnerabilities

INFO-Level Findings from Vulnerability Scanners Can Still Pose Real Risks Introduction JFrog Artifactory is a universal artifact repository manager that stores and manages binary artifacts used in ...

Keith Lee 9min

Why Pentesting Still Matters: Exploiting CVE-2024-36991 in Splunk Enterprise

During one of our recent penetration tests, we discovered a critical vulnerability in Splunk Enterprise that automated security scanners like Nessus missed. This article underscores why manual ...

Keith Lee 10min

Penelope, powerful and simple to use shell handler

We are proud to announce Penelope, a powerful and user-friendly shell handler tool created by Christodoulos Lamprinos. Penelope is designed to streamline the process of handling reverse shells and ...

Carlos Marquez 4min
Subscribe

Join our community, subscribe to our blog

SUBSCRIBE

Dude! It's just a printer!

A few months ago, during an internal infrastructure penetration test, the network printers played a very important role in the assessment. What initially looked like a not-so-important low severity ...

Giuliano Fasto 19min

Advanced Offensive Operations

Recent cybersecurity breaches demonstrate that solely relying on Penetration Testing when evaluating an organisation's cybersecurity posture is a thing of the past. OrionX offers the most comprehensive security services to stop adversaries disrupting your business. 

Join our Community

Subscribe to our blog and discover more about offensive tactics, techniques and procedures.