New exclusive content has been released on Dedicated Labs featuring AI supply chain exploitation, malware analysis, identity governance abuse, and a new Satellite Challenges category.

Augment is a medium-difficulty Linux machine centered around emerging AI application vulnerabilities, including RAG abuse and ML supply chain attacks. Exploit a poisoned vector database to achieve RCE through unsafe markdown processing before abusing a malicious GGUF model validator to escalate privileges and gain full root access.

IncipientBreeze-2 continues the Medusa rootkit investigation series and challenges players to deepen their malware analysis and threat hunting capabilities. Using Elastic SIEM and forensic investigation techniques, you will analyze the Medusa rootkit’s behavior, persistence mechanisms, and operational footprint while building on concepts introduced in the first Sherlock of the series.

Ghost Claims explores weaknesses in identity governance and access management within an enterprise approval platform. Players must move beyond the limited public-facing portal to uncover hidden operator functionality, bypass restrictions, and access sensitive administrative capabilities.

A brand-new Challenge category has landed on HTB, blending cybersecurity with aerospace engineering. These challenges place you in realistic satellite incident response scenarios where precise calculations and problem-solving are critical to restoring mission operations and preventing catastrophic failures.

Threat Range Event Management is now available, introducing a self-service workflow for creating, hosting, and managing defensive cybersecurity simulations directly on the HTB platform.

This enables you to deploy on-demand SOC and DFIR simulations using the same streamlined workflow as standard CTF events.

Now you can:

We have introduced XP and Activity Streaks directly to the HTB Profile. This update allows you to highlight your continuous learning and hands-on skills to the community and potential employers.

Hack The Box (HTB) Academy and Enterprise users undertaking certificate exams can now select Australian VPN servers for their connection. This infrastructure update reduces latency and provides a significantly smoother exam-taking experience for users based in the APAC region, across both individual and enterprise plans.

This new module delivers an in-depth, defense-focused study of Windows credential access. It explains how adversaries steal credentials via dumping and abuse of sensitive stores, then breaks down authentication flows, cryptographic protections, and both live-memory and offline extraction to understand tool behavior and build robust detection rules. It also covers DPAPI, Windows Credential Manager, browser credential stores, including App-Bound encryption, and Credential Guard bypass techniques with their detection opportunities.

You can now connect to HTB using a US-based Pwnbox directly from the location drop-down in Windows Pwnbox, improving connectivity and reducing latency for users in the United States.

This update on Windows Pnwbox, which comes with Windows-centric tooling to investigation-driven workflows, delivers a smoother, more responsive experience by allowing you to connect to infrastructure closer to your region.

We have added two new preparation tracks to Hack The Box (HTB) Labs to help users prepare for our web security certifications.

The HTB Certified Web Exploitation Specialist (HTB CWES) preparation track builds a foundation in identifying and exploiting common web vulnerabilities. For those looking for a deeper dive, the HTB Certified Web Exploitation Expert (HTB CWEE) preparation track focuses on advanced techniques and chaining vulnerabilities in complex, real-world scenarios.

Both tracks consist of hands-on challenges designed to bridge the gap between theory and exam performance.

Your HTB Profile now includes an automated Badges showcase that highlights your achievements across HTB Labs and Academy. Clicking any badge reveals the full artwork, completion criteria, and global rarity statistics. This update helps you track your total progress and provides a public-facing snapshot of your milestones.

We updated HTB Jobs to give you more transparency during your job hunt. You can now see critical details on every listing to help you decide if a role is the right fit before you apply.

The new updates include:

👉 Start applying on HTB Jobs here.

We have successfully rolled out HTB XP, a cumulative points system that tracks lifetime growth across the entire HTB Labs and Academy platforms.

XP is now awarded for Machines, Challenges, Academy Modules and Paths. This score is non-deductible and reflects your lifetime activity. More content integration is coming soon.

Completing Active Labs now grants an automatic 1.3x XP bonus.

Climb through 7 new ranks and 3 sub-grades, and more than 100 levels for more frequent rewards, all the way to Grandmaster.

A streak advances when 200 XP is earned within a calendar week (Monday 00:00:00 UTC to Sunday 23:59:59 UTC).

Labs VIP/VIP+ (Monthly and Annual) and Academy Annual subscribers now automatically receive Streak Savers every month (Max 3 held at once).