CVE‑2020‑12812 and Why It’s Still an Issue Five Years Later
Principal Penetration Tester Scottie Cole explains why Fortinet released a new security advisory about CVE‑2020‑12812 and what your organization should check.
-
-
Why 8-Character Passwords Are No Longer Enough: Lessons from the Raxis Password Cracker
With the start of 2026, the Raxis team is already busy. A new upgrade to our password-cracking system shows how quickly 8-character passwords can be cracked.
-
Autonomous Supply-Chain Worm Compromises Postman, PostHog, Zapier, and 26k Others
Operating fully autonomously, this new supply-chain malware has compromised Postman, PostHog, Zapier and 26k others. Learn what your organization should do now.
-
CrowdStrike Fires Insider Who Shared Screens Externally
Though hacker groups claimed to have access to internal systems, CrowdStrike announced they fired an insider who shared external screens with the attackers.
-
Raxis Chief Penetration Testing Officer Brian Tant Featured on WSB-TV Atlanta
When WSB-TV Atlanta reached out to for help warning about a scam targeting Atlanta residents in DeKalb County, Raxis CPTO Brian Tant jumped to help.
-
OWASP Top 10 for 2025: What’s New in Web Application Security
The OWASP Top 10 2025 for web applications release candidate was released last week. Take a look at which categories have moved as well as one new category.
-
The @ctrl/tinycolor NPM Attack: The Brutal Anatomy of a Cascading Supply Chain Breach
Over 40 major packages were exploited in this malware campaign. Learn what happened and what your organization should do if you have been affected.
-
Windows Kills Common Offline/Account-less Install Method
Microsoft Windows recently announced the removal of local-only installs on Windows 11. Raxis’ Ryan Chaplin looks at concerns and possible options.
-
Salesforce Compromise: What You Need to Know
The FBI has released information to help organizations that are affected by recent attacks against Salesforce. Raxis’ Jason Taylor sums up next steps here.
-
SpamGPT: Protecting Your Company From Large-Scale Phishing
SpamGPT, a complex phishing and social engineering suite has made the news recently. Learn what it is and how organizations can protect their employees.
-
Microsoft Copilot Coming Soon to a Desktop Near You
With Microsoft automatically installing Copilot on Windows systems with Microsoft 365 desktop apps installed, organizations will want to set up AI policies.
-
Lessons from the DaVita Healthcare Ransomware Attack
The DaVita ransomware attack is one of the most impactful recent healthcare breaches. Learn what happened and what could have been done to limit the impact.
