OWASP Top 10 for 2025: What’s New in Web Application Security
The OWASP Top 10 2025 for web applications release candidate was released last week. Take a look at which categories have moved as well as one new category.
Discover the Art of Penetration Testing
The Exploit is Raxis’ cybersecurity blog where penetration testers and red team experts share real-world insights, attack techniques, and strategies to strengthen defenses against evolving threats. We feature expert advice, detailed breakdowns of exploits, and practical guidance to help organizations understand and respond to today’s most pressing security challenges.
Wireless Encryption: WPA3 and the Gotchas Every Company Should Know About
Brian Tant takes a look at WPA3. While offering much deeper security than WPA2, it is still vulnerable to transition Mode and side-channel attacks.
AI-Augmented Series: LLM-Aided Enumeration for Dormant WordPress Account Discovery
Ryan Chaplin leads off our Augmented-AI series with a scenario from a recent pentest using AI to write a script to discover an account to gain system access.
The @ctrl/tinycolor NPM Attack: The Brutal Anatomy of a Cascading Supply Chain Breach
Over 40 major packages were exploited in this malware campaign. Learn what happened and what your organization should do if you have been affected.
Why We Don’t Change Risk Ratings on Pentest Findings (Even When You Ask Nicely)
Raxis’ Tim Semchenko explains why we can’t lower risk ratings for your penetration test findings just because you ask and why that’s a good thing.
PSE & Red Team Series: Badge Cloning
Lead Penetration Tester Nathan Anderson is back with more PSE and red team advice, this time looking into three tools he uses to clone badges and gain access.
Windows Kills Common Offline/Account-less Install Method
Microsoft Windows recently announced the removal of local-only installs on Windows 11. Raxis’ Ryan Chaplin looks at concerns and possible options.
Salesforce Compromise: What You Need to Know
The FBI has released information to help organizations that are affected by recent attacks against Salesforce. Raxis’ Jason Taylor sums up next steps here.
SpamGPT: Protecting Your Company From Large-Scale Phishing
SpamGPT, a complex phishing and social engineering suite has made the news recently. Learn what it is and how organizations can protect their employees.
Cool Tools Series: Kerbrute
Raxis Principal Penetration Tester Andrew Trexler walks through the many uses of Kerbrute from user enumeration to brute-forcing and password spraying.
Microsoft Copilot Coming Soon to a Desktop Near You
With Microsoft automatically installing Copilot on Windows systems with Microsoft 365 desktop apps installed, organizations will want to set up AI policies.
Blog Categories
- AI
- Blog
- Careers
- Choosing a Penetration Testing Company
- Exploits
- How To
- In The News
- Injection Attacks
- Just For Fun
- Meet Our Team
- Mobile Apps
- Networks
- Password Cracking
- Patching
- Penetration Testing
- Phishing
- PTaaS
- Raxis In The Community
- Red Team
- Security Recommendations
- Social Engineering
- Tips For Everyone
- Web Apps
- What People Are Saying
- Wireless