New CTI Lab: CVE-2025-55182 (React - Next.js)
On December 3, 2025, the cybersecurity world received news of a critical vulnerability in the React 19 ecosystem. This critical flaw, tracked as CVE-2025-55182 with a CVSS score of 10.0, affects React Server Components (RSC). A major issue, this flaw allows unauthenticated attackers to achieve Remote Code Execution (RCE) on vulnerable servers by sending a specially crafted HTTP request. AI Hallucination Within the first 24 hours of the vulnerability being announced, a POC was published to GitHub, which looked convincing and, when tested, appeared to achieve the goal successfully, resulting in Code Execution. It turned out that this POC, which was picked up and circulated by researchers and social media, was actually an AI Hallucination. The AI had crafted a deliberately misconfigured and vulnerable server and a POC that appeared to match the requirements of the exploit, but only actually triggered the misconfiguration. What is this about? CVE-2025-55182 is a critical Insecure Deserialization vulnerability. It affects React Server Components (RSC) within the React 19 ecosystem. The flaw is located in the server-side logic that handles the React Flight protocol, which is used for client-to-server interactions, specifically Server Functions or Server Actions. An unauthenticated attacker can execute a specially crafted HTTP request containing a malicious, serialized payload. The vulnerable server-side code fails to validate this payload, allowing the attacker to achieve remote code execution on the server. Why is this critical for you and your team? This critical vulnerability has a CVSS score of 10, is fairly trivial to exploit, and has significant impacts when successfully exploited, given that its impact includes unauthenticated remote code execution. If your team uses React, React Server Components (RSC), or similar, are at risk. This flaw impacts the standard, default configurations of high-profile frameworks like the Next.js App Router, which many organizations rely on for building high-performance sites. Who is the content for? Security Analysts Penetration Testers Incident Responders Vulnerability Management Teams Here is a link to the lab: CVE-2025-55182 (React - Next.js)It’s Not Magic, It’s Mechanics: Demystifying the OWASP Top 10 for AI
Welcome back to our series, “Behind the Scenes of Immersive One”! The following is a conversation with Sabrina Kayaci, Cybersecurity Engineer for Immersive One, and Rebecca Schimmoeller, Lead Product Marketing Manager. Today, we’re continuing the discussion on our Secure AI capability. “When developers hear ‘AI Security,’ they either start to sweat or eye-roll. It either feels like a black box where the old rules don’t apply, or it feels like inflated marketing hype. The truth is, AI vulnerabilities aren't magic; they are mostly just new manifestations of the classic flaws we’ve been fighting for decades. Once you map the new threats to the old patterns, the mystique fades. You realize it’s not magic to fear or hype to ignore—it’s just an engineering problem to solve.” Rebecca: Awesome frame, Sabrina. No matter where you sit on the spectrum—whether you’re anxious about the risks or skeptical of the buzz—AI security doesn't mean starting from zero. Developers should already have the muscle memory for this. Sabrina: Exactly. We aren't asking them to learn a new language; we're asking them to apply their existing fluency to a new dialect. That’s the core philosophy behind our new OWASP Top 10 for LLMs and GenAI collection. We tackle the problem that AI is often treated as a "new and daunting" field. By framing threats like Supply Chain Vulnerabilities or Excessive Agency as variations of known issues, we accelerate the learning curve. We strip away the "AI mysticism" to reveal the underlying mechanical flaw. Rebecca: I love "stripping away the mysticism." Let’s talk about how that works, starting with the big one everyone is concerned about—Prompt Injection. How do you take that from "scary AI jailbreak" to something a grounded engineer can fix? Sabrina: In the media, Prompt Injection is portrayed as this sentient ghost in the machine. In our lab, we treat it as an Input Validation failure. We show that the system is simply confusing "user input" with "system instructions." When a developer sees it through that lens, the eye-roll stops. It’s no longer hype; it’s just mixed context. And they know how to fix mixed context. We show them how to apply that architectural fix to an LLM. Rebecca: That maps perfectly. But looking at the curriculum, I see we go much deeper than just a standard "Top 10" checklist. Why was it important to go beyond the simple definitions? Sabrina: Because a definition tells you what something is, but it doesn't tell you how it impacts you. In the new OWASP LLM collection, we focus on Core Mechanics and Attack Vectors. We deconstruct threats like Data and Model Poisoning or Supply Chain vulnerabilities to show you exactly how they infiltrate a system. It’s the difference between knowing what an engine looks like and knowing how to take it apart. You need to understand the mechanics of the vulnerability to understand the potential impact—otherwise, you're just guessing at the fix. Rebecca: It sounds like we're upgrading their threat modeling software, not just their syntax. Sabrina: Yes, 100%. Look at Excessive Agency. That sounds like a sci-fi plot about a robot takeover. But when you do the lab, you realize it’s just "Broken Access Control" on steroids. It’s about what happens when you give an automated component too much permission to act on your behalf. Once a developer maps "Excessive Agency" to "Least Privilege," they stop worrying about the robot and start locking down the permissions. Rebecca: Is the goal to get them through all ten modules to earn a Badge? Sabrina: The OWASP Top 10 for LLMs Badge is the end state. It proves you have moved past the "sweat or eye-roll" reactive phase. To your manager, it signals you have a proactive, structured understanding of the AI risk landscape and can speak the language of secure AI. There’s no hype in that. Only value-add to you and your team. Final Thought Our OWASP Top 10 for LLMs collection is the antidote to AI security angst. For the developer, it demystifies the threat landscape, proving that their existing security instincts are the key to solving new problems. For the organization, it ensures that your AI strategy is built on a bedrock of engineering reality, rather than a shaky foundation of fear. [Access Collection]Architecting at Speed: Mastering Secure Development with OpenAI Codex
Welcome back to our series, “Behind the Scenes of Immersive One”! The following is a conversation with BenMcCarthy, Lead Cybersecurity Engineer for Immersive One, and RebeccaSchimmoeller, Lead Product Marketing Manager. Today, we’re continuing the discussion on our Secure AI capability. There is a misconception that security is the enemy of development speed. But with AI, the opposite is true. If you don't have security engineered into your AI workflow, you can't actually go fast—because you’re constantly stopping to fix 'trash code' or patch vulnerabilities. The developers who win in this era aren't just the ones coding faster; they are the ones architecting systems that are secure by design, even at AI speeds.” Rebecca: That’s a crucial distinction, Ben. We often hear that AI is a "firehose" of productivity, but without control, that firehose just creates a mess. It seems like the role of the developer is shifting from "writing lines" to managing this high-velocity output. How does the new Building with AI: Codex CLI collection help them make that shift? Ben: By giving them the controls they need to harness that speed safely. If you let OpenAI’s Codex run without guardrails or understanding, you get velocity, sure—but you also get risk. We designed this collection to empower developers to become their own Security Architects for their workflows. We are leveraging the Azure AI Foundry capability to give learners real, secure access to these models. The goal isn't to teach you how to hit "Tab" to autocomplete; it's to teach you how to rigorously evaluate, guide, and constrain what the AI produces using the command line tool like Codex so you can ship code that is both fast and bulletproof. Rebecca: So it’s about elevating the human’s role to "Architect." Let’s talk specifics given what the collection covers—how did you instill that mindset? Ben: We start by ensuring developers know the power of what you can do with Codex. How to get the best out of your models in this CLI tool. We go over effective prompt engineering, tool usage, and how AI can help with "Greenfield" projects (net-new builds) and "Brownfield" projects (legacy codebases). This is a critical skill for a lead engineer. AI is great at generating new code (greenfield), but it can be dangerous when it doesn't understand the hidden dependencies of a ten-year-old application (brownfield). We teach engineers how to spot those context gaps, key stuff that the AI might miss. Rebecca: I saw "specification-driven development" was a big part of your roadmap, too. How does that fit into the "speed" theme? Ben: This is the ultimate accelerator. Instead of writing the code line-by-line, you write the "spec"—the blueprint—and let Codex handle the implementation details. It’s not about doing less work; it’s about doing higher-leverage work. You define the logic and security constraints, and the AI handles the boilerplate. It shifts the developer’s brain from "how do I type this function?" to "what should this system actually do?" Rebecca: That sounds like a powerful approach, Ben. But what about the security risks? If developers are offloading implementation to Codex, how do they avoid leaking data or introducing bugs? Ben: That’s non-negotiable. In the Guardrails lab, we show learners how to build a safety net. We teach practical methods for stripping PII (Personally Identifiable Information) and using hooks to sanitize inputs before they reach the model. It gives developers the confidence to use these tools freely, knowing they have already engineered the safety mechanisms to protect their org. Rebecca: I saw a lab in the collection called "Tools and MCP" (Model Context Protocol). Is that where you get into advanced workflows? Ben: Exactly. This is where we give developers the keys to become a force multiplier. We show users how to connect Codex to other tools. This is the ideal definition of ROI for developers. You’re automating the tedious "check your work" phase, allowing you to ship secure code faster without burning out on manual review. Rebecca: It feels like that approach accepts today’s AI era realities for what they are and finds the strategic advantages… pushing developers towards productivity and security gains with real mastery. And just like the Claude collection, users have access to a Demonstrate Lab, to prove that mastery, am I right? Ben: Absolutely. The Demonstrate Lab challenges users to build a solution that’s efficient, functional, and secure. It proves that you aren't just an "AI user"—you are an AI Engineer who understands the capabilities the collection covers. Final Thought Our Building with AI: Codex collection is about upgrading the developer’s toolkit. For the organization, it ensures AI adoption is secure and scalable. For the engineer, it removes the drudgery of boilerplate, freeing you to focus on the creative, architectural challenges that drive real value. Ready to upgrade your workflow? [Access Collection]New CTI Lab: Shai-Hulud 2.0: Analysis
In late November/early December 2025, a set of critical software supply chain intrusions took place when the highly dangerous Shai-Hulud 2.0 worm was used to steal GitHub, Cloud, and other credentials and secrets by gaining access to developer machines through the use of a malicious npm package installation. What is this about? By abusing the inherent trust in the npm ecosystem, Shai-Hulud guarantees execution during the crucial preinstall phase, effectively bypassing many traditional security scans that only review code after installation. Once running, the payload launches a concurrent, parallel attack across your environment: it hunts for local credentials, attempts to steal highly privileged temporary cloud tokens via the Instance Metadata Service (IMDS), and, most critically, can automatically inject itself into every other package the victim maintains on their machine. Why is this critical for you and your team? npm is massively popular, and many of the affected packages are widely used in software development and deployment. Shai-Hulud 2.0 is a devastating self-replicating worm that weaponizes your supply chain to steal highly privileged cloud credentials (IMDS) and establish a permanent C2 backdoor via GitHub Actions if the threat actor decides to set that up. Given the importance of npm packages to developers, customers from any organisation, and across all sectors, it is essential that they understand how this intrusion works to prevent their credentials and secrets from being stolen. Who is the content for? Security Analysts Incident Responders Software Developers/Secure Development teams Cloud Engineers Vulnerability Management Teams Here is a link to the lab: Shai-Hulud 2.0: AnalysisAnnouncing the Winners of the 2025 Cyber Resilience Customer Awards!
What a year for cyber resilience! As we say goodbye to another Cybersecurity Awareness Month, we are thrilled to celebrate the organizations and individuals who have demonstrated exceptional dedication to proving and improving their cybersecurity posture, defending against emerging threats, and embedding a culture of resilience across their organizations using the Immersive One platform. Collectively, our customers have tackled countless labs and simulations, setting new benchmarks for capability and speed. After crunching the numbers and reviewing the nominations, we're ready to announce just some of the winners who truly excelled in 2025 across the following categories: Emerging Threats Leader Award The Emerging Threats Leader award recognizes organizations and individuals at the forefront of threat detection and threat hunting; proactively identifying risks and strengthening defenses using insights from our Cyber Threat Intelligence labs. 🏆 Emerging Threats Award Organization Winners include: NHS England T-Mobile Arctic Wolf 🏆 Emerging Threats Award Individual Winners include: Steven Glogger, Swisscom Paul Blance, Specsavers Taz Wake, Jones Lang LaSalle Mark Cox, NationalGrid Stephen Wilson, BT Group Cyber Resilience Leader Award This award acknowledges organizations that maximize the full use of the Immersive One platform to fully optimize end-to-end cyber readiness. True cyber resilience goes beyond simply preventing attacks; it encompasses the ability to prove, improve, benchmark and report your cyber resilience. 🏆 Cyber Resilience Leader Award Winners include: Swisscom NHS England Arctic Wolf Darktrace BT Group Secure Development Champions Award This award celebrates organizations and individuals who champion security throughout the software development lifecycle. It recognizes a proactive approach to building secure applications, emphasizing practices like threat modeling, secure coding standards, and rigorous testing using the Immersive One platform to prepare and demonstrate secure coding practices. 🏆 Secure Development Champion Organization Award Winners include: Citigroup GfK Swisscom 🏆 Secure Development Champion Individual Award Winners include: Steffen Wacker, Arctic Wolf Joao Santos, GfK Omkar Joshi, GfK Balaji Kannan, GfK Naresh Sivakumar, GfK Alexander Kolyshkin, EMCD Exercising Excellence Award The Exercising Excellence award recognizes organizations that have excelled in regularly using scenarios on the Immersive One platform to prove their cyber resilience. They have successfully run multiple crisis simulations to regularly exercise their teams and have high levels of participation and engagement. 🏆 Exercising Execellence Award Winners include: Mastercard Citigroup Siemens Energy NHS England Immersive Trailblazer Award This award recognizes individuals who simply love Immersive and have shown exceptional dedication to the platform. They have been amongst our top point scorers since January 1st 2025, completing thousands of labs and truly immersing themselves in the platform. 🏆 Immersive Trailblazer Award Winners include: Mico Marcos, PepsiCo QingKai Ma, Hubbel Community Leader Award Our final award, the Community Leader award, recognizes individual members of the Human Connection Community that have contributed to, and engaged with, both community content and their fellow community members. They have consistently shared tips and advice, engaged with popular threads and participated in community events and meetups, helping to bring the Human Connection community to life. 🏆 Community Leader Award Winners include: netcat steven CyberSharpe autom8on MegMarCyberTrust Nneka_AN Dooley DGNo More Busy Work: How Programs Automate Personalized Cyber Readiness
Welcome back to our series, “Behind the Scenes of Immersive One”! The following is a conversation with MartinHewitt, Principal Product Manager for Immersive One, and RebeccaSchimmoeller, Lead Product Marketing Manager. “We’ve all seen the spreadsheet of doom. You assign a list of training labs to fifty people, and then you spend the next month chasing them down, manually checking completion statuses, and hoping the content you’ve assigned them is actually relevant—because if it’s not, your learners are just tuning out. It’s an operational nightmare, plain and simple.” Rebecca: Wow, yeah, we hear this constantly from the market, Martin. Leaders are drowning in admin work while trying to build resilience. It feels like we’ve been handing learners a stack of maps and hoping they figure out the route. Meanwhile, busy learners assume the content isn’t worth their time, so disengage. How does the new Programs capability change that dynamic? Martin: That map analogy is actually spot on. Until now, we’ve had Assignments and Collections—which are great, but they are static. Like you said, it’s handing someone a map. Programs is a fundamental shift … a GPS navigation system for learning. Instead of just handing a learner a stack of content and hoping for the best, a Program plots the optimal route based on their initial skill level. It re-routes them if necessary using logic, and it shows the manager if they fall behind schedule. We aren’t just looking at completion anymore; we are looking at flow. Rebecca: I love the "GPS" concept. But let’s make this real for our customers. What does one of these "routes" actually look like? Can you give us a concrete example of a path a team might take? Martin: Absolutely. Let’s look at the SOC Analyst Program. It doesn’t just start with a generic to-do list. It starts with an Adaptive Assessment. Based on those results, if the system sees a user is proficient and capable, it will route them into content that speaks to their level of knowledge and experience, rather than a one-size-fits-all (or, more often none) route. We see this for Cloud Security too. Engineers who know AWS inside-out don't need to waste time on S3 Buckets 101. The Program fast-tracks them to the advanced Cloud Defense scenarios. It’s about respecting their time Rebecca: That’s a perfect segue to the learner’s experience. We talk a lot about the manager’s benefit, but honestly, if I’m an analyst, why should I care? How does this make my day or professional life better? Martin: If you’re a learner, the biggest benefit is that you stop doing "busy work." Nothing kills morale faster than being a senior engineer forced to click through beginner labs just to get a completion checkmark. With Programs, the system recognizes your skill level immediately. You get to skip the stuff you already know and focus on the challenges that actually help you grow. Plus, because it’s a cohesive journey, you always know why you are doing a task. You aren’t just completing a random lab; you are moving through a cyber-narrative—from detection to analysis to remediation. It feels less like homework and more like a mission. Rebecca: So, we’re moving from "did you do it?" to "are you ready?" That sounds like it aligns perfectly with the CISO’s need to prove outcomes. But Martin, what about the manager’s visibility? You mentioned "flow" earlier—how is that different from just tracking who finished a lab? Martin: Right now, if you want to know who is struggling, you usually have to wait until the deadline passes and see who didn't finish. By then, it’s too late. With Programs, we focus on Pace. We capture a time commitment expectation—say, two hours a week—and the system calculates a "Burndown Rate." We can tell you in real-time if a user is Ahead, On Track, or Behind. It’s about finding what I call the "Bread and Valley Joes"—the people who are struggling silently. We want to surface those users to the manager before they fail, as well as highlighting the super-keen folk who really love stretching and testing their skills, we’re showing them as Ahead, making sure they’re spotted and give them the opportunity for recognition. Rebecca: That’s huge for "Management by Exception." You don't need to micromanage the high-performers, but you can quickly help those who are stuck. Martin: Exactly. And we’ve built the intervention right into the platform. You can filter for everyone who is "Behind" or stuck on a specific step—like Cloud Fundamentals—and bulk-message them right there. No more downloading CSVs and running mail merges just to nudge your team. Rebecca: Martin, this is a massive step forward. But knowing you and the engineering team, you’re already looking at what’s next. Can you give us a sneak peek at what’s coming for Programs? Martin: Don’t mind if I do! Right now, we have these amazing "Stock Programs" ready to go. In the New Year, we’re also handing the keys to customers … we’re going to introduce a custom builder. Managers will be able to build a completely bespoke journey tailored to their specific organization, drawing from right across our whole catalog. Things like being able to create your own "onboarding flow" to mirror your exact tech stack and security policies…. That’s when things will get even more exciting. Rebecca: I can't wait to see what customers build when that’s available, Martin. Thanks for walking us through the logic behind this milestone launch. This is major for customer outcomes. Martin: It is. We’re finally moving learners from just "completing tasks" to building real muscle memory. That’s the stuff that benefits their org now, and that they can carry it with them to their next professional opportunity. Final Thought Programs represent a shift that benefits the entire security function. For the organization, it replaces static assignments with an operational engine that measures true readiness against critical threats. For the learner, it transforms training from a checklist into a career-building journey, ensuring they develop skills that last far beyond their current role. Want to see how it works? Don’t miss this demo.Bad News for Black Hats: Why Our New Dynamic Threat Range Is Bound to Ruin Their Day
Welcome back to our series, “Behind the Scenes of Immersive One”! The following is a conversation with DaveSpencer, Immersive Product Manager for Technical Exercising, and RebeccaSchimmoeller Lead Product Marketing Manager. “Getting your SOC team off their desks for a multi-day drill is tough. Then, having them practice on a generic SIEM when your entire team lives and breathes in Splunk? I mean, practice is supposed to make perfect … That set-up is … flawed.” Rebecca: No kidding, Dave. It sounds like you heard from a lot of SOC Managers that their teams were running straight into what we call the ‘relevance gap.’ Can you break down what that actually means for hands-on analysts? Dave: Think of that 'gap' as the frustrating space between theory and reality. It’s when you force an analyst to practice on a generic, made-up tool, but their actual job is 100% in Splunk. It’s running an exercise on a simple, flat network when your real corporate network is a complex, segmented beast. Rebecca: So, the skills they're learning just don't transfer to the real world. Dave: Exactly. It’s why a team can get a 100% pass rate on a training module and still be completely unprepared when a real incident hits. It’s not just wasted time; it’s a false sense of security. Rebecca: So, how does our new Dynamic Threat Range capability solve that? How do we close that gap for good? Dave: By blowing it up entirely. We built this from the ground up to be hyper-realistic. Dynamic Threat Range is the only capability on the market that lets teams run live-fire exercises in a high-fidelity replica of an enterprise environment, using licensed security tools. At launch this November, we’re talking native support for Splunk and Elastic. This isn't just replaying logs; it's an authentic, full-chain adversary attack, built by our elite C7 threat team, running on the exact tools teams use every single day. Rebecca: Okay, so that’s a game-changer for the hands-on user and, no doubt, from managers too. They’re struggling to prove where their team is at in order to help them improve. How do we help them with this? You know, move beyond a pretty unhelpful "pass/fail"? Dave: Right. That's actually a core pillar we’ve built against. With Dynamic Threat Range, customers move beyond arbitrary scores. Our design is all about objective proof of readiness. We're giving managers the hard data they need to prove their team’s capability and justify their security spend. Rebecca: Oh … tell me more! Dave: At launch, we’re measuring key metrics like Time to Detect, Time to Escalate, and Investigation Accuracy. It’s the only way to get verifiable, evidence-based data on performance. “In a real attack, the platform doesn’t tell you if you’re right or wrong. So why should your exercise?” Rebecca: Running full-chain attacks on a replica of a customer's environment sounds incredibly complex. I can just hear the IT and Ops teams groaning about setup, VPNs, and operational overhead. Dave: (Laughs) Yeah, we heard that, too. And that’s why we made it 100% browser-based. No VPNs. No operational headaches. You get into the exercise and start learning in seconds. We also designed the exercises to be practical. Getting a SOC team offline for a multi-day drill is really hard. So, these default to 4 hours—intense, focused, and easy for a manager to schedule. You can extend it to 24 hours if you want to practice handovers between shifts, but the goal is zero friction. Rebecca: I love that. So, as an analyst, what can I actually do in these 4-hour exercises at launch? Dave: We’re launching with two critical exercise types. First is Digital Forensics and Incident Response (DFIR), where you join after the attack has happened and you have to use your Splunk or Elastic instance to piece together what went wrong. The second is Threat Hunting, which I love. You're in the environment as the attack itself is kicking off, and you have a detailed threat intelligence pack to work from, allowing you to proactively detect the threat before it causes real damage. It’s the difference between being a digital archaeologist and being the hunter on the ground. Rebecca: So cool! This is already huge, Dave. Knowing you, though, the team is just getting started. What’s the long-term vision? Dave: We're moving fast. We’re already working on Microsoft Sentinel support for Q1 2026. After that, we’re building out exercises for the entire security lifecycle—Containment, Recovery, Red Team, and Purple Team drills. The vision is to let you exercise every part of your security function and then benchmark your performance against your industry peers. That’s the real holy grail: knowing exactly where you stand. Rebecca: Dave, this is incredible. The passion you and the team have for solving this real-world problem is clear. Thanks so much for geeking out with me today. Dave: Any time. We're just excited to get it in people's hands. Final Thought The days of generic, classroom-style training are over. Dynamic Threat Range finally bridges the gap between practice and reality, allowing your teams to build muscle memory on the actual technology they are paid to protect. It moves your entire security function from ‘we think we’re ready’ to ‘we know we’re ready’—with the data to prove it. Want to see how it works? Don’t miss this demo.New CTI Lab: Lazarus Cyberespionage Campaign: Analysis
In early November 2025, North Korean state-sponsored actor Lazarus was reported to have launched various attacks as part of a long-standing cyberespionage campaign linked to Operation DreamJob. Targets of the attacks include European organizations manufacturing unmanned aerial vehicles (UAV), aircraft component manufacturers, and British industrial automation organization. Lazarus's and by extension North Korea's operational objectives with these attacks is assessed with high confidence to be cyber espionage. What is this about? The attacks launched by Lazarus used a custom remote access trojan called ScoringMathTea RAT, which uses its own cipher system to obfuscate its code to conceal its functionality from analysts. The lab involves reverse engineering the malware and identify indicators of compromise by breaking the cipher and using that to identify what the malware is doing. Why is this critical for you and your team? North Korean cybercriminals and state sponsored actors are highly skilled, persistent, and aggressive in the pursuit of the North Korean regimes objectives, and one of those objectives is stealing information from targets that can affect national security. Understanding how North Korean cyber operators conduct attacks and understanding their tooling is essential for analysts to be better equipped to tackle these threats. Who is the content for? Malware Analysts and Reverse Engineers SOC Analysts Incident Responders Threat Hunters Tactical and Operational Cyber Threat Intelligence Analysts Here is a link to the lab: Lazarus Cyberespionage Campaign: AnalysisImmersive Certifications: From incident responders to SOC analysts, we’ve got you covered!
Our career paths are crafted by Immersive experts and designed to give you hands-on, in-depth technical learning across a range of areas. When you complete a career path, we’ve always been proud to see people share their achievements and showcase their badges online. But you called for something more – and we heard you. Now, when you complete one of our 39 Immersive Certified career paths, you’ll be able to download a certificate to demonstrate your achievement and showcase your skills. Our Immersive Certifications cover a range of areas, whatever your interests and expertise – from SOC analysts to incident responders, penetration testers to threat hunters, and Java developers to malware analysts. And a number of the Immersive Certified career paths range from beginner to advanced levels, so you can keep building your skills. If you’ve already completed one of the Immersive Certified career paths, you’ll be able to download a certificate today. Simply head into the Achievements area of the platform (Upskill > Achievements) and select the relevant career path. If you haven’t completed a career path yet, check out the options in the Upskill > Career Paths area of the platform. You can find further information on Immersive Certifications and all of our Immersive Certified career paths in the FAQs page on the Helpdesk. Immersive Certifications are a new feature. We’re keen to hear your feedback on how they can help develop your skills, share your achievements with others, and demonstrate your learning. Leave a comment below to let us know your thoughts!New CTI Labs: CVE-2017-1000353 Offensive and Defensive (October 2025 CISA KEV Additions)
In October 2025, the Cybersecurity and Infrastructure Security Agency (CISA) added five new vulnerabilities to its known exploited vulnerabilities catalogue, one of which was a critical 2017 vulnerability affecting Jenkins versions 2.56 and earlier and 2.46 LTS and earlier. This vulnerability allowed attackers to gain remote code execution on vulnerable instances. Why is this critical for you and your team? Jenkins is a widely used application. Shodan reports confirm that there are 000s of instances exposed to the internet, with the vulnerable versions. With this vulnerability being a critical remote code execution vulnerability, the impact is significant. Understanding how to investigate logs for this attack and understanding how to successfully achieve exploitation is important for any team. Even though it's a 2017 vulnerability, it's a very recent addition to CISA KEV, which illustrates just how significant it is, and that even today, attackers are using this vulnerability to gain footholds and compromise vulnerable victims. Who is the lab for? SOC Analysts Incident Responders Penetration Testers Red Teamers Threat Hunters Here are the links to the labs: Offensive: https://immersivelabs.online/v2/labs/cve-2017-1000353-jenkins-command-injection-offensive Defensive: https://immersivelabs.online/v2/labs/cve-2017-1000353-jenkins-command-injection-defensive
