The Security blog

Vulnerability Cybersecurity Hack Advisories CVE Security research

CVE-2025-54309: From Authentication Bypass to Remote Command Execution in CrushFTP

Introduction Following the recent release of a proof-of-concept (PoC) by watchTowr Labs, derived from honeypot observations, we have elected to disclose our own independent research into this ...

Keith Lee 12min
LEARN MORE
Cybersecurity Vulnerability Android Apache Cordova Mobile Security Testing Penetration Testing WUP iOS Advisories Mobile applications Xamarin advisory mobile app CVE HTML Hack Security research
SUBSCRIBE
Cybersecurity Advisories

Securing JFrog Artifactory: Addressing INFO-Level Vulnerabilities

INFO-Level Findings from Vulnerability Scanners Can Still Pose Real Risks Introduction JFrog Artifactory is a universal artifact repository manager that stores and manages binary artifacts used in ...

Keith Lee 9min
LEARN MORE
Penetration Testing Vulnerability Cybersecurity advisory

Why Pentesting Still Matters: Exploiting CVE-2024-36991 in Splunk Enterprise

During one of our recent penetration tests, we discovered a critical vulnerability in Splunk Enterprise that automated security scanners like Nessus missed. This article underscores why manual ...

Keith Lee 10min
LEARN MORE
Penetration Testing Cybersecurity

Penelope, powerful and simple to use shell handler

We are proud to announce Penelope, a powerful and user-friendly shell handler tool created by Christodoulos Lamprinos. Penelope is designed to streamline the process of handling reverse shells and ...

Carlos Marquez 4min
LEARN MORE
Subscribe

Join our community, subscribe to our blog

SUBSCRIBE
Penetration Testing Vulnerability Cybersecurity

Dude! It's just a printer!

A few months ago, during an internal infrastructure penetration test, the network printers played a very important role in the assessment. What initially looked like a not-so-important low severity ...

Giuliano Fasto 19min
LEARN MORE

Advanced Offensive Operations

Recent cybersecurity breaches demonstrate that solely relying on Penetration Testing when evaluating an organisation's cybersecurity posture is a thing of the past. OrionX offers the most comprehensive security services to stop adversaries disrupting your business. 

DOWNLOAD BROCHURE

Join our Community

Subscribe to our blog and discover more about offensive tactics, techniques and procedures.