Blogs

The vulnerability stems from the way sudo handles its --chroot (or -R) option, allowing attackers to load arbitrary shared libraries as root if they can control the chroot environment. To be clear:...

Today marks the release of the Maze Challenge, Immersive’s most advanced and cunningly designed offensive cybersecurity collection yet. This new series of labs is more than just a test of skills. I...

Throughout early August 2025, representatives from Immersive's cyber team attended the BlackHat 2025 and DefCon 33 conferences and got great exposure to the latest technologies, topics, and technique...

Pvotal Technologies published a write-up for a vulnerability in Docker Engine, given a CVSS score of 9.3. CVE-2025-9074 is a flaw in Docker Desktop that exposes the Docker Engine API to any container...

In this blog, I share my perspective as a cyber resilience advisor, exploring how SANS equipped its team to design and deliver exercises based on real-world incidents. What started as a one-time ev...

We are thrilled to announce the official launch of the Immersive Advocacy Program, an exclusive initiative designed to recognise and reward our most engaged community members and Immersive platform u...

Scattered Spider has continuously been a threat to many of our customers, and one of the reasons is that they have techniques and tactics that can affect all members of an organization. From their ...

When running a cyber drill, it’s useful to have a consistent and cohesive sense of the story throughout. The use of branding and rich media (videos and audio related to the theme) can engage particip...

The changing world To understand where we're going, you first need to grasp the sheer scale of what's happening now. The May 2025 report on Artificial Intelligence Trends by Mary Meeker and Bond Ca...

This year, as in previous years, the Immersive Container 7 team arrived to attend briefings, talk to vendors, and get a glimpse into the state of security – or at least, how the vendors and researche...

Key Objectives of the Email Generate Excitement: Make employees want to participate. Clearly State Benefits: What's in it for them? Provide Clear Next Steps: How do they get started? Assure...

I recently had the pleasure of attending a unique and highly engaging cyber drill in the heart of London, right next to the iconic Tower of London and Tower Bridge. These landmarks always leave me in...

In 2025, the cybersecurity landscape isn’t just evolving – it’s accelerating. State-backed cyberattacks, geopolitical tensions, and a fragmented regulatory environment have placed cyber resilience sq...

Understanding the RCE On July 22, 2025, Immersive’s threat research team was trying to understand how the SharePoint zero-day vulnerability was uncovered, based on Eye Security’s initial artic...

Recently, a critical zero-day vulnerability affecting on-premise SharePoint servers, identified as CVE-2025-53770, was uncovered. This vulnerability allows for authentication bypass, leading to remot...

Cyber threats have become a pervasive force within the business world, elevating the need for regular cyber resilience exercises into an organization-wide imperative.  Genuine resilience is about m...

Before I start, it’s important to take a moment to acknowledge that I’m privileged to work with some fantastic experts.  Immersive’s Crisis Sim lead, JonPaulGabriele​, is our very own Daedalus, for...

“The best customer feedback we got was, we don’t need you to do everything for us.”  Rebecca: Wait, seriously?  Matt: Never more so. We built Lab Builder, a powerful Immersive One platform ...

Why Prompting Matters for Crisis Simulations Think of AI as a highly intelligent, but literal, assistant. The quality of its output directly reflects the clarity and specificity of your instruction...