Categories
Security research
Here’s where our security researchers analyze and share insights about the latest vulnerabilities, providing details on how they work, or how to exploit them.
cPanel - The valid, the suspect, and the 3rd party (Part 1)
Ever wondered what you can still do with 25-year-old code in a modern hosting environment? PTT-2025-021 was quite the journey! Unpack this critical RCE we discovered and disclosed, which lets you bypass restricted environments like cPanel's jailshell. In part 1 of 3, we break down how an unsafe Perl "open" function became our ticket to a reverse shell - and how the exploit works.
- Author(s)
- Published at
- Updated at
A comprehensive deep dive into React2Shell (CVE-2025-55182)
React2Shell (CVE-2025-55182) is a CVSS 10.0, pre-auth remote code execution flaw in the React Server Components Flight protocol. This deep dive maps affected React and Next.js versions, explains the deterministic exploit chain, summarizes in-the-wild abuse, and lays out detection, mitigation, and validation steps you can apply in real environments.
- Author(s)
- Published at
- Updated at
How we built an exploit for SessionReaper, CVE-2025-54236 in Magento 2 & Adobe Commerce
Here's how we weaponized SessionReaper (CVE-2025-54236) against Magento 2, chaining ServiceInputProcessor quirks and a session proxy setter to forge customer sessions and hijack accounts. Our lab-tested PoC exposes attack surface, a possible preauth RCE, and an automated exploit - a practical walkthrough for researchers who like coffee strong and bugs reliable.
- Published at
- Updated at
What is CVE-2024-6387? Understand RegreSSHion, the OpenSSH vulnerability
CVE-2024-6387, aka regreSSHion, is a new critical vulnerability affecting OpenSSH which remote, unauthenticated attackers can use to execute remote code. But there's more to this CVE than meets the eye
- Author(s)
- Published at
- Updated at
How these vulnerabilities pushed offensive security forward
Not all vulnerabilities are alike. Some are true game-changers, uncovering new possibilities, and more layers of complexity to explore. Let’s look at what five of the most notorious vulnerabilities from the past decade taught us - and how they shaped the infosec community.
- Author(s)
- Published at
- Updated at
Benchmarking our Website Vulnerability Scanner and 5 others
In February 2024, we set out to compare our Website Vulnerability Scanner against some of the established names in Dynamic Web Application Security Testing, both commercial and open-source: Burp Scanner, Acunetix, Qualys, Rapid7 InsightAppSec, and ZAP.
- Author(s)
- Published at
- Updated at
Benchmarking our Network Vulnerability Scanner and 6 others
In January 2024, we decided to evaluate the most used network vulnerability scanners - Nessus Professional, Qualys, Rapid7 Nexpose, Nuclei, OpenVAS, and Nmap vulnerability scripts - including our own, which industry peers can validate independently. Here’s why we did it, what results we got, and how you can verify them (there’s a white paper you can download with access to all the results behind this benchmark).
- Author(s)
- Published at
- Updated at
