The Security blog

Vulnerability Cybersecurity Hack Advisories CVE Security research

CVE-2025-54309: From Authentication Bypass to Remote Command Execution in CrushFTP

Introduction Following the recent release of a proof-of-concept (PoC) by watchTowr Labs, derived from honeypot observations, we have elected to disclose our own independent research into this ...

Keith Lee 12min

LEARN MORE

Penetration Testing Vulnerability Cybersecurity advisory

Why Pentesting Still Matters: Exploiting CVE-2024-36991 in Splunk Enterprise

During one of our recent penetration tests, we discovered a critical vulnerability in Splunk Enterprise that automated security scanners like Nessus missed. This article underscores why manual ...

Keith Lee 10min

LEARN MORE

Vulnerability advisory

SQL Injection in Oracle WebCenter Content Server CVE-2022-21552

FGX2022-001: Foregenix OrionX Security Advisory CVE: CVE-2022-21552 CVSSv3.1 Base Score: 7.2 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N Version: 1.0 Vendor: Oracle Product: WebCenter ...

Zacharias Pigadas 4min

LEARN MORE

Penetration Testing Vulnerability Cybersecurity

Dude! It's just a printer!

A few months ago, during an internal infrastructure penetration test, the network printers played a very important role in the assessment. What initially looked like a not-so-important low severity ...

Giuliano Fasto 19min

LEARN MORE

Join our community, subscribe to our blog

Advanced Offensive Operations

Recent cybersecurity breaches demonstrate that solely relying on Penetration Testing when evaluating an organisation's cybersecurity posture is a thing of the past. OrionX offers the most comprehensive security services to stop adversaries disrupting your business.

DOWNLOAD BROCHURE

Join our Community

Subscribe to our blog and discover more about offensive tactics, techniques and procedures.