Nick Berrie

Discover how a self-propagating XSS worm exploits multi-tenant widget frameworks to autonomously spread across enterprise applications using legitimate API calls, bypassing CSP, evading audit trails, and surviving password changes.

Multifunction printers silently store domain credentials, expose unauthenticated management interfaces, and sit on flat networks. Learn how attackers exploit MFPs to achieve domain admin in minutes.

Sometimes when conducting a Penetration Testing exercise or Red Team engagement, you might be interested in extracting password hashes or credentials of your target Windows user, without the use of Mimikatz to avoid detection. This is where you would resort to using an NTLM downgrade attack. In this article we shall discuss how you can be able to perform this...

A deep technical breakdown of CVE-2024-0692 and how Sprocket Security developed a working exploit for this high-severity SolarWinds SEM deserialization vulnerability, revealing real-world impact beyond scanner findings.

Explore what we know about the emerging WatchGuard CVE-2025-14733 vulnerability — unauthenticated RCE risk, active attacks, affected versions, and response steps.