Introduction to Cross-Site Scripting
Introduction to Cross-Site Scripting

This video covers the basics of cross-site scripting, including reflected, stored, and DOM-based XSS as[…]

Nagios XI Stored Cross-Site Scripting (XSS): CVE-2021-38156
Nagios XI Stored Cross-Site Scripting (XSS): CVE-2021-38156

Nagios is open-source network and system monitoring software. Raxis’ Matt Dunn has discovered a cross-site[…]

Cookie Jar
Keep Your Cookies in the Cookie Jar: HttpOnly and Secure Flags

How can cookies be used against you? And how do you keep that from happening?[…]

Scottie in 2004 on Navarre Beach in the wake of the Hurricane Ivan
Hurricane Ida: Limiting the Damage

Lead penetration tester Scottie Cole is a Gulf Coast resident and former first responder. Read[…]

PRTG Network Monitor Stored Cross-Site Scripting Vulnerability (CVE-2021-29643)
PRTG Network Monitor Stored Cross-Site Scripting Vulnerability (CVE-2021-29643)

Raxis lead penetration tester Matt Dunn uncovers a new vulnerability in the PRTG Network Monitor[…]

Screaming person with smartphone
Don’t Take the Smishbait

Unwanted text messages are annoying, but some also hide malicious links. Here are some ways[…]

JavaScript Execution to Display User's Cookie in an Alert Box
ManageEngine Applications Manager Stored Cross-Site Scripting Vulnerability (CVE-2021-31813)

Raxis’ lead penetration tester Matt Dunn has discovered another ManangeEngine cross-site scripting (XSS) vulnerability, this[…]

Two people at laptops sending data at each other
Why Mutual Assured Destruction is an Incomplete Cyber Defense Strategy

Is the threat of full-scale retaliation enough to prevent large-scale cyberattacks? Raxis’ COO Bonnie Smyre,[…]

.be .wa .re .sc .am .me .rs
A High-Tech Take on an Old-Time Scam

Don’t fall prey to scammers trying to convince you that your domain name is about[…]

SonicWall
SonicWall Patches Three Zero-Day Vulnerabilities

Cybersecurity company SonicWall has released patches for three zero-day vulnerabilities that are currently being exploited.

Emblem of the Foreign Intelligence Service of the Russian Federation
NSA, FBI, CISA Statement on Russian SVR Activity

The US government is warning businesses to beware of vulnerabilities being exploited by the Russian[…]

Remediating Account Enumeration Vulnerabilities
Remediating Account Enumeration Vulnerabilities

Account enumeration reveals to an attacker whether or not he or she has valid user[…]