Blogs

If you haven’t heard already, Model Context Protocol (MCP) is a new, standardised way that LLMs and AI agents can communicate with external tools. Lots of people in the AI community have been calling...

On June 30, 2025, the Stratascale Cyber Research Unit (CRU) team identified a critical local privilege escalation vulnerability in sudo, tracked as CVE-2025-32463. This vulnerability, related to sudo...

Time’s Up! Congratulations to everyone who completed Lab 5: Windows from the Human Connection Challenge: Season 1. In this walkthrough, I'll share some strategies for efficiently completing the lab...

The Human Edge Beyond Pentesting – Building True Cyber Resilience Pentest vs. Red Team: Understanding the Core Difference Many cybersecurity vendors are rebadging pentesting as attack simulations...

We have received reports of a cyber incident that occurred at the Lake Risevatnet Dam, near Svelgen, Norway, in April 2025. A threat actor gained unauthorized access to a web-accessible Human-Machine...

Keeping up with vulnerabilities is like playing a never-ending game of whack-a-mole. One day, we were knee-deep in XSS payloads and buffer overflows; the next, developers everywhere were plugging SQL...

This is the second blog in a 2 part series that will walk you through the entire process of building your first custom practical lab. You’ll learn how to do everything from launching and configuring ...

This is the first blog in a 2 part series that will walk you through the entire process of building your first custom practical lab. You’ll learn how to do everything from launching and configuring a...

Time’s Up! Congratulations to everyone who completed Lab 4: Linux from the Human Connection Challenge: Season 1. In this walkthrough, I'll share some strategies for efficiently completing the lab b...

Neurodiversity advocate and my own personal hero, Chris Packham, recently made a series for the BBC titled Inside Our Minds. It focused on giving a voice to neurodivergent individuals by creating sho...

We're in an age of rapid digitization. Different industries are embracing technologies like artificial intelligence (AI) and cloud solutions, driven by the ambition to shift from analog to digital. ...

Another vulnerability patched was released during Microsoft's June 2025 patch Tuesday review! An important elevation of privilege vulnerability was listed, and if exploited successfully, attackers ca...

In a world of ever-evolving tactics, techniques, procedures (TTPs) and relentless adversaries, it’s no longer enough for defenders to simply monitor, detect, and respond. You can’t wait for next-gen ...

Yesterday, in Microsoft's Patch Tuesday, there was a zero-day vulnerability that was patched and has been exploited in the wild! This zero-day was used by the cyber-espionage group Stealth Falcon and...

What is CVE-2025-31161? CrushFTP is widely used by businesses to transfer files securely. CVE-2025-31161 is a critical flaw that impacts CrushFTP versions 10 (up to 10.8.3) and 11 (up to 11.3.0).  ...

Here at Immersive, we're constantly striving to push the boundaries of cyber education and make our simulations as realistic and impactful as possible. We believe that truly effective learning happen...

The importance of continuous evidence When audits or investigations happen, it’s not enough to say you’ve got things under control – you need to prove it. That means having solid evidence of your s...

Welcome back for the final instalment of our series on Cyber Drills! In Parts 1 and 2: Level Up Your Resilience: Unlocking the Power of Cyber Drills with Immersive Level Up Your Resilience: Pla...

Welcome back, Immersive Community! In Part 1 of this blog series, we laid the groundwork for understanding the critical role of Cyber Drills in building true organizational cyber resilience, highli...

Two days ago, Akamai released a technical research blog post detailing a privilege escalation vulnerability in Windows Server 2025. This vulnerability abuses delegated Managed Service Accounts (dMSAs...