Phishing – One of the Biggest Cyber Threats
New research shows the prevalence of email phishing as the top cyber threat, tricking firms into revealing information through reputable sender disguises.
Penetration Testing for Universities: A Critical Cyber Security Solution
University networks are complex, open, and high-value. See how penetration testing for universities finds the gaps your internal team can’t see.
Session Management Vulnerabilities: What Developers Get Wrong and How to Fix Them
Session management flaws are almost always developer errors. Learn how attackers exploit them, and the exact controls needed to fix them.
Why Cyber Security in Education Is More Complex Than Most Organisations Realise
From ransomware to data exfiltration, UK universities face growing cyber threats. Learn how to build resilience and protect sensitive data.
Pentest Files: How A Single HTTP Header Unlocked Every Customer’s Data
A single HTTP header. Fully client-controlled. Trusted completely by the server. In this Pentest Files, Daniel shows how modifying one value in a routine API request was enough to pull user data from every organisation on a multi-tenant SaaS platform, no special privileges required, no complex exploit chain, just a for loop and an integer.
Pentest Files: Account Takeover Via Password Reset Token Disclosure
A critical flaw in a password reset API handed attackers a full account takeover in just two requests. See how our tester found it, how it works, and how to fix it.
How to Build Risk Assessments for Cyber Security: A Practical Outline
Complete guide to cybersecurity risk assessments: identify vulnerabilities, analyse threats, implement controls, and maintain compliance with regulatory standards
Agentic AI Security Risks: What Businesses Need to Know
Explore agentic AI security risks, including memory poisoning, NHI sprawl, and tool misuse, and how businesses can safeguard autonomous AI systems
Web Application Pentesting vs Network Pentesting: What’s the Difference?
Discover the key differences between web application pentesting vs network pentesting, when you need each type, and why both are essential for comprehensive security.
Secure by Design in Practice: A Guide for UK Government Product and Delivery Teams
A practical guide to implementing Secure by Design in UK government product delivery. Covers risk-driven design, lifecycle security activities, compliance with the PSTI Act, and how regular penetration testing keeps your security posture continuously validated.