Blog
Stay updated with the latest offensive security news, knowledge, and resources.
Featured
Follow a vulnerability researcher’s deep dive into FFmpeg’s LADSPA plugin loader and the discovery of CVE-2025-60616 — a logic flaw in how environment variables are trusted. Learn how this vulnerability enables code execution, why fuzzing missed it, and how proper validation and process isolation can prevent similar exploits.
Latest Resources
Comcast Business Cybersecurity Threat Report analyzed events, revealing how attackers are shifting tactics and accelerating the pace at which exposures become exploitable. We will expand on four of the threats that keep showing up in breach postmortems, how they work in reality, and what organizations should do about them.
In today's episode, Casey addresses what makes hybrid pentesting so powerful.
Preparing for a penetration test? This checklist will inform you on what to expect and what steps you should take to get the most out of your organization’s upcoming pentest.
Security teams often treat all scanning activity as malicious, but Andrew Morris, Founder & Chief Architect at GreyNoise Intelligence, warns this approach actually creates more noise than signal in threat detection.
Find the right pentesting vendor with this quick guide—key tips, questions, and a link to our full Medium resource.
Traditional security testing gives you snapshots. Expert-driven platforms give you the complete picture. In this tactical episode, Casey explains how the right approach delivers continuous visibility: