Exploits

Discover expert insights on the latest exploits, penetration testing tactics, and real-world vulnerabilities to strengthen your cybersecurity defenses.

the exploit blog logo
The Exploit: Penetration Testing Insights From The Frontlines

Articles Categorized as Exploits

  • Bypassing a WAF and a CSP with Google Tag Manager: An Attacker’s Perspective and Remediation Advice
    Bypassing a WAF and a CSP with Google Tag Manager: An Attacker’s Perspective and Remediation Advice
    Ryan Chaplin takes an in-depth look at how attackers can use unsafe directives to bypass CSP, notably in Google Tag Manager, and how to remediate the issue.
    Read More
  • CVE-2025-59886 Eaton Exploit Code Published
    CVE-2025-59886 Eaton Exploit Code Published
    With exploit code available for the vulnerabilities in Eaton’s xComfort Ethernet Communication Interface, Jason Taylor recommends replacing or isolating.
    Read More
  • Publicly Accessible Database Discovered Hosting 149 Million Credentials
    Publicly Accessible Database Discovered Hosting 149 Million Credentials
    Andrew Trexler looks at a recently discovered public database of stolen usernames and passwords and what you can do now to protect your access and information.
    Read More
  • The Growing Threat: Attackers Using GitHub Repositories as Malware Staging Mechanisms
    The Growing Threat: Attackers Using GitHub Repositories as Malware Staging Mechanisms
    Recent attacks, including GitVenom and Lumma Stealer, underscore the threat of Attackers using GitHub repositories as malware staging mechanisms.
    Read More
  • CVE‑2020‑12812 and Why It’s Still an Issue Five Years Later
    CVE‑2020‑12812 and Why It’s Still an Issue Five Years Later
    Principal Penetration Tester Scottie Cole explains why Fortinet released a new security advisory about CVE‑2020‑12812 and what your organization should check.
    Read More
  • Data Theft Exploit: DNS Exfiltration Attack
    Data Theft Exploit Part 2: DNS Exfiltration Attack
    Raxis’ Jason Taylor is back with a detailed tutorial on performing both manual and automated DNS exfiltration attacks for pentesting.
    Read More