The Exploit Blog | Penetration Testing & Cybersecurity Insights by Raxis

Discover the Art of Penetration Testing

The Exploit is Raxis’ cybersecurity blog where our penetration testers and red team experts share real-world insights, attack techniques, and strategies to strengthen defenses against evolving threats. We feature expert advice, detailed breakdowns of exploits, and practical guidance to help organizations understand and respond to today’s most pressing security challenges.

AI | Exploits | In The News | Patching | Security Recommendations

BeyondTrust RCE Vulnerability Exploited: Critical 9.9 CVSS Flaw Under Active Attack

By Ryan Chaplin

Posted in AI, Exploits, In The News, Patching, Security Recommendations

While BeyondTrust patched cloud-hosted Remote Support customers earlier this month, on-premises deployments of BeyondTrust must manually patch to remediate.

How To | Injection Attacks | Security Recommendations | Web Apps

Bypassing a WAF and a CSP with Google Tag Manager: An Attacker’s Perspective and Remediation Advice

By Ryan Chaplin

Posted in How To, Injection Attacks, Security Recommendations, Web Apps

Ryan Chaplin takes an in-depth look at how attackers can use unsafe directives to bypass CSP, notably in Google Tag Manager, and how to remediate the issue.

Exploits | In The News | Patching | Security Recommendations

CVE-2025-59886 Eaton Exploit Code Published

By Jason Taylor

Posted in Exploits, In The News, Patching, Security Recommendations

With exploit code available for the vulnerabilities in Eaton’s xComfort Ethernet Communication Interface, Jason Taylor recommends replacing or isolating.

In The News | Password Cracking | Security Recommendations

Publicly Accessible Database Discovered Hosting 149 Million Credentials

By Andrew Trexler

Posted in In The News, Password Cracking, Security Recommendations

Andrew Trexler looks at a recently discovered public database of stolen usernames and passwords and what you can do now to protect your access and information.

How To | Red Team |

PSE & Red Team Series: Social Engineering

By Nathan Anderson

Posted in How To, Red Team,

Lead Penetration Tester Nathan Anderson is back with more PSE and red team tips, including tailgating, impersonating, and pretexts to gain onsite access.

Search The Exploit

Stay up to date with the latest in penetration testing

Name(Required)

First Last

Email(Required)

Newsletter(Required)

Do you wish to join our newsletter? We send out emails once a month that cover the latest in cybersecurity news. We do not sell your information to other parties.

Yes! Please send me Popped Culture, the Raxis Newsletter.

Cybersecurity Insights From The Frontlines