The Growing Threat: Attackers Using GitHub Repositories as Malware Staging Mechanisms
Recent attacks, including GitVenom and Lumma Stealer, underscore the threat of Attackers using GitHub repositories as malware staging mechanisms.
Discover the Art of Penetration Testing
The Exploit is Raxis’ cybersecurity blog where penetration testers and red team experts share real-world insights, attack techniques, and strategies to strengthen defenses against evolving threats. We feature expert advice, detailed breakdowns of exploits, and practical guidance to help organizations understand and respond to today’s most pressing security challenges.
CVE‑2020‑12812 and Why It’s Still an Issue Five Years Later
Principal Penetration Tester Scottie Cole explains why Fortinet released a new security advisory about CVE‑2020‑12812 and what your organization should check.
Data Theft Exploit Part 2: DNS Exfiltration Attack
Raxis’ Jason Taylor is back with a detailed tutorial on performing both manual and automated DNS exfiltration attacks for pentesting.
Why 8-Character Passwords Are No Longer Enough: Lessons from the Raxis Password Cracker
With the start of 2026, the Raxis team is already busy. A new upgrade to our password-cracking system shows how quickly 8-character passwords can be cracked.
The Future of Security: Why AI-Augmented Penetration Testing Is the Way Forward
Raxis CEO Mark Puckett looks back at a year of many changes and forward to the ways AI-augmented pentesting is changing the industry.
Cross-Site Scripting (XSS): Cookie Theft – Advanced Payloads
We reached into our vaults to bring you the final video in our cross-site scripting (XSS) series. Learn about cookie theft, website defacement, and CSRF attacks.
Data Theft Exploit Part 1: DNS Exfiltration Setup
Raxis Lead Penetration Tester Jason Taylor’s in-depth tutorial explains setting up a server for DNS exfiltration. Check back next month to run the attack.
Autonomous Supply-Chain Worm Compromises Postman, PostHog, Zapier, and 26k Others
Operating fully autonomously, this new supply-chain malware has compromised Postman, PostHog, Zapier and 26k others. Learn what your organization should do now.
The Role of AI in Penetration Testing
Bonnie Smyre shows how Raxis’ AI-augmented pentesting gives their expert pentesters more time for complex chained attacks and discovery of business-logic flaws.
CrowdStrike Fires Insider Who Shared Screens Externally
Though hacker groups claimed to have access to internal systems, CrowdStrike announced they fired an insider who shared external screens with the attackers.
Blog Categories
- AI
- Careers
- Choosing a Penetration Testing Company
- Exploits
- How To
- In The News
- Injection Attacks
- Just For Fun
- Meet Our Team
- Mobile Apps
- Networks
- Password Cracking
- Patching
- Penetration Testing
- Phishing
- PTaaS
- Raxis In The Community
- Red Team
- Security Recommendations
- Social Engineering
- Tips For Everyone
- Web Apps
- What People Are Saying
- Wireless