On December 29, 2025, the US Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-14847 to its Known Exploited Vulnerabilities (KEV) catalog, and only a few days later, the MangoBleed Sherlock was released.

In HTB’s newest CVE Sherlock, you’ll be tasked with handling a high‑priority incident involving a suspected compromised server hosted on mongodbsync, a secondary MongoDB server.

After receiving root-level access to facilitate your investigation, you’ll perform a rapid triage analysis of the collected artifacts to determine whether the system has been compromised, identify any attacker activity (initial access, persistence, privilege escalation, lateral movement, or data access/exfiltration), and summarize your findings with an initial incident assessment and recommended next steps.

The “In Progress” tab in HTB Labs now gives users a more accurate view of what is actively being worked on by showing progress the moment a user starts engaging with content rather than only showing progress after milestones have been achieved.

New exclusive content has been released on Dedicated Labs which features a vulnerable web application as well as data and triage acquisition from Windows Endpoints.

This Sherlock provides players with an opportunity to use KAPE for Forensic Triage acquisition from Windows systems. Players also get to explore the structure of KAPE images, utilizing different types of targeted acquisition.

An Easy Linux machine featuring a web application vulnerable to an SQL injection flaw in the Django framework (CVE-2025-64459).

The module provides a deep technical analysis of WMI tradecraft from both attacker and defender perspectives. While completing the module, you will learn how WMI is abused for execution, lateral movement, persistence, and stealthy backdoor deployment, as well as how to detect, hunt, and investigate malicious WMI activity using logs, ETW, and low-level artifacts.

Key learning outcomes:

HTB Academy’s defensive portfolio just got deeper, sharper, and more job-aligned with the addition of nine LetsDefend courses.

These new modules strengthen critical defensive capabilities across the workflows defenders rely on every day, including PKI, malware analysis, threat frameworks, network traffic analysis, DFIR, and threat hunting across SIEM, DNS, and IPS/IDS environments.

Courses included in this release are:

HTB Account has now been fully integrated into the LetsDefend platform.

What this means for Community Platform users:

For a short transition period, there will be two sign-in options:

We’ve added a brand-new Quantum challenge category which includes five hands-on challenges exploring the impact of quantum computing on cryptography and security.

Designed for intermediate to advanced security professionals who want to get hands-on with quantum circuits, cryptographic attacks, and emerging quantum threats, users will learn:

The CTF Post-Event Workshop is now live for HTB CTF Platform users.

The Post-Event Workshop enables you to create a non-competitive clone of an original CTF, allowing participants to revisit and solve challenges in a more relaxed, training-focused environment after the main event has ended.

We’ve implemented an infrastructure upgrade to improve the performance, stability, and long-term scalability of Cloud Labs by re-deploying the service on a more modern and efficient backend.

The AI Red Teamer Job Role Path, built in collaboration with Google, is now fully complete!

This path equips cybersecurity professionals with the cutting-edge skills needed to assess, exploit, and secure today’s AI-powered systems. With 12 hands-on modules aligned to Google’s Secure AI Framework (SAIF), you’ll explore everything from prompt injection and model privacy attacks to adversarial AI techniques, supply chain risks, and deployment-level threats.

As you move through the path, you’ll work through real-world AI security scenarios, learning how to influence model behavior, craft AI-specific red teaming strategies, and execute offensive security testing against AI-driven applications.