RaptX

RaptX is taking a step back from CTFs due to the rapid advancements of AI and how they are changing the competitive security landscape. Moving forward, we will be transitioning into a more in-depth Security Research team focused on both Offensive and Defensive Security. Our goal is to build, research, document, and contribute in ways that create real impact beyond competition. Excited for this next chapter for RaptX. 🚀

Proud to share that RaptX took 2nd place at LA CTF. We went up against some seriously strong teams, and it was a great mix of pressure, learning, and fun. Big thanks to the ACM Cyber @ UCLA organizers/creators for putting together a well-designed event that really tests both technical depth and teamwork. This finish reflects the effort and consistency the whole RaptX team has been putting in. Already looking forward to the next one. #CyberSecurity #CTF #LACTF #CaptureTheFlag #RaptX #CTFtime #InfoSec #CTFCommunity

We found 2 more 😁 CVE-2026-25635 - https://lnkd.in/dFkNFPvi CVE-2026-25636 - (w/ Joshua Gallas) https://lnkd.in/dP5FfGts RaptX had a total of 3 CVEs credited this week, with the 3rd one being: CVE-2026-25731 - Azmi Alsarayrah #RaptX #Cybersecurity #SecurityResearch #InfoSec #CVE

We found 2 more 😁 CVE-2026-25635 - https://lnkd.in/dFkNFPvi CVE-2026-25636 - (w/ Joshua Gallas) https://lnkd.in/dP5FfGts RaptX had a total of 3 CVEs credited this week, with the 3rd one being: CVE-2026-25731 - Azmi Alsarayrah #RaptX #Cybersecurity #SecurityResearch #InfoSec #CVE

🚀 CVE-2026-25130 - 9.7/10 Found by me and Kiril Rusev Rather simple, but critical impact. https://lnkd.in/dn5K_5jm #RaptX #Cybersecurity #SecurityResearch #InfoSec #AI #CVE

🚨 It’s about that time of the year again. RaptX is opening spots for people serious about security research and competitive CTFs. If you’re interested in joining or want to understand how we operate, start here: https://lnkd.in/dpi9PAXB #CyberSecurity #CTF #HackTheBox #RedTeam #SecurityResearch #CaptureTheFlag

Proud to share that RaptX secured a Top 5 finish in the 0xL4ugh CTF, earning a total of 5,775 points in a highly competitive cybersecurity challenge. This result reflects the dedication, technical skill, and strong teamwork of every RaptX member. Each challenge solved, every late-night debugging session, and all the persistence under pressure played a role in reaching this milestone. A sincere thank you to the 0xL4ugh CTF organizers and sponsors for hosting a well-designed competition that continues to push and develop real-world cybersecurity skills. We’re proud of this achievement and excited for what’s next. #CyberSecurity #CTF #CaptureTheFlag #0xL4ugh #RaptX #CTFtime #CTFCommunity

I just published a new article on the basics of V8 exploitation. It took a lot of time and effort, hopefully it will be as helpful to others as were the resources and articles I myself used to get started on it. Shoutout to all the proofreaders who gave priceless advice on how to improve the article.

SECURITY SNAPSHOT: Ni8mare (CVE-2026-21858) What’s Going On? Introduction: A maximum-severity vulnerability was discovered in the n8n workflow automation platform that allows unauthenticated attackers to gain complete control over self-hosted instances. Severity: Critical (CVSS 10.0). CVE: CVE-2026-21858. Technical Details: The flaw is rooted in a "Content-Type confusion" bug within n8n's webhook request handling. Attackers can bypass standard parsing by sending crafted JSON requests to Form Webhook nodes, allowing them to override internal file pointers and read arbitrary local files (e.g., database and configuration files). By extracting the local encryption secret and user database, attackers can forge admin session cookies to bypass authentication and achieve Remote Code Execution (RCE) by creating malicious workflows. Affected Systems Software: Self-hosted and locally deployed n8n instances. Versions: All versions prior to and including 1.65.0; specifically, versions 1.65.0 through 1.120.4 are confirmed vulnerable to the unauthenticated path. Managed Services: n8n Cloud instances have been automatically patched and are considered secure. How to Stay Safe Patching: Immediately upgrade self-hosted instances to version 1.121.0 or later. Mitigation: Restrict or disable all publicly accessible webhook and form endpoints until patching is complete. Enforce mandatory authentication for all created Forms. Place n8n instances behind a VPN or firewall to prevent direct internet exposure. Post-Compromise: If exposure is suspected, rotate all API credentials, OAuth tokens, and encryption secrets stored within the instance. Further Reading: Security Advisory: https://lnkd.in/eE97jQkE News Article: https://lnkd.in/dPwwUfK4 Technical Blog / PoC: Cyera Research: https://lnkd.in/e2FWv9fR Bonus: https://lnkd.in/gKUsn5f3

Proud to share that RaptX has officially ranked 72nd worldwide on CTFtime for the 2025 season! A huge milestone for our team in our first full year of competitive Capture The Flag (CTF) cybersecurity events. This wouldn’t have been possible without the incredible dedication, skill, and teamwork of every RaptX member. Each challenge, every sleepless night, and all the relentless debugging brought us closer to this achievement. A heartfelt thank you to all the event organizers and sponsors who made these competitions possible, your support fuels the next generation of cybersecurity professionals. We're just getting started. The goal for next year: even higher. 🔗 Check out our journey and stats here: https://lnkd.in/gZ7UhpM7 #CTF #CyberSecurity #CTFtime #RaptX #CaptureTheFlag #InfoSec #Teamwork #CTFCommunity #HackingForGood