Emerging React and Next.js vulnerabilities (CVE-2025-55182, CVE-2025-66478): what Sprocket Security is seeing, current detection coverage, and guidance for teams.
Resources
Blog
Research
Keep up to date with the latest offensive security news, knowledge, and resources.
AI isn't creating new cyberattacks. It's making existing ones faster and more scalable. Learn what Anthropic's research really reveals about AI-enabled threats and how organizations can prepare.
What being a hacker really means—no title required. After a decade in offensive security, Nate Fair shares honest lessons on hacking.
In this series the service delivery team writes about an outstanding talk they saw at a conference and implementing those lessons at scale.
Bypass WAFs with gigaproxy: an HTTP proxy that rotates IPs using mitmproxy, AWS API Gateway, and Lambda. Read the blog to learn more.
During the past few assessments, Sprocket has encountered improperly configured instances of Lucee 5 and 4. This blog post will detail a straightforward method to execute remote code after acquiring administrative access to a Lucee login panel.
