Raxis Research Team

The Raxis Research Team is dedicated to staying ahead of the threat landscape. Our experts dig into emerging exploits, uncover hidden vulnerabilities, and develop resources that power our penetration testing engagements. By combining curiosity with technical precision, the team equips Raxis testers with cutting-edge intelligence to simulate real-world attacks and strengthen client defenses.

the exploit blog logo
The Exploit: Penetration Testing Insights From The Frontlines

The Exploit articles written by Raxis Research Team

  • Cross-Site Scripting (XSS): Cookie Theft - Advanced Payloads
    , ,

    Cross-Site Scripting (XSS): Cookie Theft – Advanced Payloads

     By Raxis Research Team We reached into our vaults to bring you the final video in our cross-site scripting (XSS) series. Learn about cookie theft, website defacement, and CSRF attacks. December 18, 2025
  • OWASP Top 10
    ,

    OWASP Top 10 for 2025: What’s New in Web Application Security

     By Raxis Research Team The OWASP Top 10 2025 for web applications release candidate was released last week. Take a look at which categories have moved as well as one new category. November 20, 2025
  • CVE-2022-35739: PRTG Network Monitor Cascading Style Sheets (CSS) Injection

    CVE-2022-35739: PRTG Network Monitor Cascading Style Sheets (CSS) Injection

     By Raxis Research Team This CSS vulnerability, discovered by Raxis’ Matt Mathur, lies in a device’s properties and how they are verified and displayed within PRTG Network Monitor. October 21, 2022
  • CVE-2022-26653 & CVE-2022-26777: ManageEngine Remote Access Plus Guest User Insecure Direct Object References

    CVE-2022-26653 & CVE-2022-26777: ManageEngine Remote Access Plus Guest User Insecure Direct Object References

     By Raxis Research Team Raxis lead penetration tester Matt Dunn uncovers two more ManageEngine vulnerabilities (CVE-2022-26653 & CVE-2022-26777). July 21, 2022
  • CVE-2022-25373: ManageEngine Support Center Plus Stored Cross-Site Scripting (XSS)

    CVE-2022-25373: ManageEngine Support Center Plus Stored Cross-Site Scripting (XSS)

     By Raxis Research Team Matt Dunn discovers another ManageEngine Cross-Site Scripting vulnerability, this one in the Support Center Plus application. July 6, 2022
  • Members of the Pensacola Catholic High School “Crubotics” team with their ROV.

    Raxis Supports Pensacola ROV Team

     By Raxis Research Team Raxis is proud to sponsor the Pensacola Catholic High School “Crubotics” robotics team. Its members will compete in June 2022’s World Championships in Long Beach, California. The event is part the MATE ROV competioton June 16, 2022