Talent Finder connects certified cybersecurity professionals with companies that value proven skill. It’s a smarter way to hire and get hired. The post Talent Finder: The Smarter Way to Hire and Get Hired appeared first on OffSec. This article has…
Tag: OffSec
Get Noticed: 5 Cybersecurity Job Hunt Tips
If you’ve already set your heart on your chosen career path, you might understand that getting noticed by the right employer isn’t always straightforward. When we speak with OffSec learners, many will say that getting the first job is the…
CVE-2025-30208 – Vite Arbitrary File Read via @fs Path Traversal Bypass
Discover CVE-2025-30208, a critical arbitrary file read vulnerability in the Vite development server. Learn how remote attackers exploit @fs URL handling to access sensitive files. The post CVE-2025-30208 – Vite Arbitrary File Read via @fs Path Traversal Bypass appeared first…
CVE-2025-27136 – LocalS3 CreateBucketConfiguration Endpoint XXE Injection
Discover how CVE-2025-27136, a critical XXE vulnerability in LocalS3’s CreateBucketConfiguration endpoint, can be exploited to access sensitive files. Learn how the flaw works and how to mitigate it. The post CVE-2025-27136 – LocalS3 CreateBucketConfiguration Endpoint XXE Injection appeared first on…
How OffSec Certifications Help You Hire With Confidence
Hire cyber talent with confidence: OffSec certifications prove candidates can perform under pressure, not just talk the talk. The post How OffSec Certifications Help You Hire With Confidence appeared first on OffSec. This article has been indexed from OffSec Read…
CVE-2024-12029 – InvokeAI Deserialization of Untrusted Data vulnerability
CVE-2024-12029: A critical deserialization vulnerability in InvokeAI’s /api/v2/models/install endpoint allows remote code execution via malicious model files. Exploit risk for AI art servers. The post CVE-2024-12029 – InvokeAI Deserialization of Untrusted Data vulnerability appeared first on OffSec. This article has…
What is Phishing? Introduction to Phishing Demo (for Beginners)
Learn how phishing attacks work and how to spot them. Watch OffSec’s animated video to protect yourself from scams, spoofed sites, and social engineering. The post What is Phishing? Introduction to Phishing Demo (for Beginners) appeared first on OffSec. This…
CVE-2025-27636 – Remote Code Execution in Apache Camel via Case-Sensitive Header Filtering Bypass
Discover the critical Apache Camel vulnerability (CVE-2025-27636) that allows remote code execution via case-sensitive HTTP header manipulation in the exec component. Learn how attackers exploit this flaw and how to mitigate it. The post CVE-2025-27636 – Remote Code Execution in…
CVE-2024-39914 – Unauthenticated Command Injection in FOG Project’s export.php
Discover details about CVE-2024-39914, a critical unauthenticated command injection vulnerability in FOG Project ≤ 1.5.10.34. Learn how attackers can exploit export.php to execute system commands or deploy persistent webshells. The post CVE-2024-39914 – Unauthenticated Command Injection in FOG Project’s export.php…
What It Really Means to “Try Harder”
Discover how OffSec’s “Try Harder” mantra evolved into a mindset, and how it helps learners build grit, creativity, and real-world problem-solving skills. The post What It Really Means to “Try Harder” appeared first on OffSec. This article has been indexed…