Hello again from Immersive HQ where we hope you all had a fantastic July. Looking for something to do on these long Summer evenings? Why not join us in Bristol on 14th August for our next meetup?
This month we excited to welcome ex-hacker Glenn Wilkinson who will take us inside the hacker’s world to reveal how attackers think, and what the rest of us can learn from it.
🏆 The Human Connection Challenge
Congratulations once again to the winners of season 1 of the Season 1 Finale Prize Draw.
A number of you have asked for a leaderboard for the whole of the season, so we’ve crunched the numbers and come up with this:
🥇 First to Finish
steven was the first to finish 6 of the 7 labs!
⏱️ Fastest to Complete
onkelstony was the fastest to complete all 7 labs in just 15 hours
🎯 Most Accurate
Xat had an average accuracy of 96.1% across all 7 labs
💪 Most Persistent
barney completed all 7 labs in 14 attempts.
Congratulations to everyone who took part. New challenges will be available very soon!
📰 Community Updates
Here are some of my favourite community articles from the last month:
Vibe coding your way to a ZAP MCP server - RobertKlentzeris shared his adventures in "vibe coding" to create a ZAP Model Context Protocol (MCP) server, demonstrating how AI can leverage existing SDKs to build new tools and highlighting the potential and challenges of this new coding paradigm.
The secret to hosting an engaging Crisis Sim - TomBoyle shared practical advice on how to keep participants engaged and ensure the effectiveness of virtual crisis simulation sessions.
CVE-2025-53770 - Unauthenticated Remote Code Execution via unsafe deserialization in Microsoft SharePoint Server In this blog, AmarKhan detailed his research journey to understand and weaponize the CVE-2025-53770 vulnerability, an unauthenticated remote code execution exploit in Microsoft SharePoint Server leveraging unsafe deserialization, by overcoming challenges in lab setup and payload analysis.
We also hosted a community webinar on this topic, you can watch the recording here.
🛡️ Container 7 Updates
Container 7 is the new home for our team of cyber security experts to post about their research, insights, and the latest threats and vulnerabilities that you need to know about.
Patch Newsday July 2025 - As per usual, the Container 7 team have reviewed the latest Microsoft patches so that you don't have to.
Weaponizing LLMs: Bypassing Email Security Products via Indirect Prompt Injection Ben McCarthy explains how Large Language Models can be exploited through hidden instructions in emails to reconstruct and present malicious links, thereby circumventing conventional email security products.
Our Container 7 Team will be at Blackhat and DEFCON later this week. Keep an eye on the blog for their daily updates or say “Hi” if you see them there.
🙌 Special Shout Outs
Please join me in thanking this month's most helpful members in our Help & Support Forum.
|
1. | |
|
2. | |
|
3. | |
|
4. | |
|
5. |
If you'd like to see your name here one day, head on over to the forum and answer a question.
🔮 Looking Forward
Feeling lost without the Human Connection Challenge? Hit a dead end on your cybersecurity upskilling journey? Fear not, we have some a-maze-ing new challenge labs coming very soon 🌽
As always, we want to hear from you! Please give us your feedback on your community experience and let us know what else you'd like to see.
See you in the community soon!
Kieran
Community Manager