Vulnerability Briefings training courses
Networking, Systems & Security

Vulnerability Briefings

Deep dives into real-world CVEs and exploits — impact analysis, technical walkthroughs and remediation guidance.

30 courses Advanced

Advanced

30 courses

Apache Commons Text Vulnerability: What You Should Know

Because the library is freely available, widely trusted, and saves developers from writing boilerplate text-processing code, it has been incorporated into a very large number of Java-base...

Advanced

Atlassian Vulnerability: What You Should Know

This document covers a group of critical advisories describing a series of Remote Code Execution (RCE) vulnerabilities in Atlassian products. The vulnerabilities span multiple products —...

Advanced

Authentication Bypass at the Security Edge: What You Should Know

Once all required configuration changes were made, attackers established SSL VPN tunnels to the affected devices using the newly created or hijacked accounts.

Advanced

Next.js Authentication Bypass Vulnerability: What You Should Know

Next.js is a React-based web development framework created and maintained by Vercel. It is widely used to build fast, scalable, and SEO-friendly web applications.

Advanced

Breaking! React & Next.js Hit by CVSS 10.0 Bug

Every so often, a vulnerability drops that cuts through the noise — not because of the hype, but because it touches a large part of the modern web stack. CVE-2025-55182 is one of those.

Advanced

ConnectWise ScreenConnect Vulnerability - What You Should Know

Critical security advisory covering CVE-2024-1709 (CVSS 10.0) and CVE-2024-1708 (CVSS 8.4) — authentication bypass and path traversal vulnerabilities in ConnectWise ScreenConnect.

Advanced

Critical Code Injection in Ivanti EPMM: Breaking News

CVE-2026-1281 (and its close relative, CVE-2026-1340) demonstrate how a single unauthenticated code injection flaw in a mobile device management platform can translate into full-server co...

Advanced

CVE-2025-32711: Microsoft 365 Copilot EchoLeak Zero-Click AI Vulnerability

EchoLeak (CVE-2025-32711) demonstrates a new class of vulnerability unique to AI assistants deeply integrated with organizational data: indirect prompt injection combined with a scope-val...

Advanced

Ivanti Avalanche Vulnerability: What You Should Know

The December 20th Ivanti Avalanche advisory disclosed 22 CVEs, 12 of them rated 9.8 (Critical) and the remainder rated High, all rooted in stack-based buffer overflow vulnerabilities capa...

Advanced

Ivanti Connect Secure VPN CVE

Two vulnerabilities disclosed together for Ivanti Connect Secure and Ivanti Policy Secure — CVE-2023-46805 (authentication bypass, CVSS 8.2) and CVE-2024-21887 (command injection, CVSS 9....

Advanced

Kubernetes on Windows Vulnerability: What You Should Know

This vulnerability is an insufficient input sanitization flaw in how the kubelet service validates the volume.subPath field when processing pod configuration on Windows nodes in a Kuberne...

Advanced

Log4j Exploit: A Technical Deep Dive

Log4Shell (rooted in CVE-2021-44228, with follow-on fixes across CVE-2021-45046 and CVE-2021-45105) demonstrated how a single logging-library feature — automatic JNDI lookup evaluation in...

Advanced

Log4j Vulnerability Lab: Video Walkthrough

log4j · vulnerability · video · walkthrough · briefings · networking · systems · security · ldap · server · setting · shell · detections · exploitation · malicious · network · payload · p...

Advanced

Log4j Vulnerability: What You Should Know

Log4Shell demonstrated how a single flaw in a nearly ubiquitous, trusted open-source logging library could put a massive share of the internet's applications, cloud services, and even IoT...

Advanced

Microsoft Outlook Elevation of Privilege Vulnerability: What You Should Know

This vulnerability represents a critical, zero-click credential-theft technique against Microsoft Outlook. By embedding a malicious UNC path in a calendar reminder's sound-notification pr...

Advanced

MOVEit Vulnerability: What You Should Know

The MOVEit Transfer vulnerabilities represent a textbook case of a critical, unauthenticated SQL injection flaw in a widely deployed, internet-facing managed file transfer application bei...

Advanced

OpenPrinting CUPS Remote Code Execution: What You Should Know

This exploit chain in the OpenPrinting CUPS ecosystem combines four separate vulnerabilities — a network-exposure flaw in cups-browsed, unsanitized-attribute flaws in libcupsfilters and l...

Advanced

OpenSSH RCE Vulnerability: What You Should Know

The regreSSHion vulnerability (CVE-2024-6387) is a signal handler race condition in OpenSSH's sshd daemon, triggered when a client fails to authenticate within the configured login grace...

Advanced

Palo Alto PAN-OS RCE Vulnerability: What You Should Know

This briefing covered a critical, actively exploited zero-day command injection vulnerability affecting the GlobalProtect VPN gateway feature of Palo Alto Networks' PAN-OS firewall software.

Advanced

RCE in NGINX on Kubernetes: What You Should Know

All four stem from insufficient sanitization of user-controllable input — either ingress annotation values or admission review requests — that the ingress controller passes through into i...

Advanced

Remote Code Execution in Apache Tomcat: What You Should Know

CVE-2025-24813 is a Critical (CVSS 9.8), unauthenticated, remotely exploitable vulnerability in Apache Tomcat, driven by insufficient file name normalization during partial PUT request ha...

Advanced

Remote Code Execution in Erlang: What You Should Know

CVE-2025-32433 is a maximum-severity (CVSS 10.0), unauthenticated, pre-authentication remote code execution vulnerability in the SSH daemon bundled with Erlang/OTP. The flaw stems from in...

Advanced

TorchServe Vulnerabilities: What You Should Know

Security researchers at Oligo Security identified a set of vulnerabilities in TorchServe that, when chained together, allow an attacker to achieve unauthenticated remote code execution. T...

Advanced

VMware ESXi Vulnerability: What You Should Know

This vulnerability affects the VMware ESXi hypervisor and, when exploited, can impact every virtual machine hosted on the affected server — including business-critical systems such as Act...

Advanced

Windows Kerberos Vulnerability: What You Should Know

CVE-2024-43639 is a critical (CVSS 9.8, temporal 8.5) remote code execution vulnerability rooted in a cryptographic flaw (CWE-197: Numeric Truncation Error) in how Windows handles Kerbero...

Advanced

Windows TCP/IP Remote Code Execution Vulnerability: What You Should Know

CVE-2024-38063 is a critical (CVSS 9.8), zero-click, wormable remote code execution vulnerability in the IPv6 implementation of the Windows TCP/IP stack (tcpip.sys), patched during Micros...

Advanced

Windows Update Remote Code Execution Vulnerability: What You Should Know

As part of September 2024's Patch Tuesday release, Microsoft disclosed CVE-2024-43491, a Windows Update Remote Code Execution vulnerability. The advisory was notable not because it introd...

Advanced

XZ Utils Backdoor: A Supply Chain Attack You Should Know About

The XZ Utils backdoor is a supply chain vulnerability — more precisely, a supply-chain-injected vulnerability — planted directly inside the open source project itself. Over a series of co...

Advanced

Zero-Days in Microsoft Hyper-V: What You Should Know

Microsoft's January Patch Tuesday release addressed the largest number of CVEs in a single month since 2017, with 162 vulnerabilities patched in total. This surpassed the previous record...

Advanced

Zero-Days in VMware: What You Should Know

Broadcom's March 4 security advisory disclosed three zero-day vulnerabilities affecting core VMware virtualization products — ESX, Workstation, and Fusion, along with any products that bu...

Advanced

Interested in Vulnerability Briefings?

Contact us to book a course or get a custom training plan for your team.