OnSecurity's Latest Articles, News and Industry Tips
Security should be important to everyone. Our blog features articles regarding your business’ security and different aspects to consider.
Because so much of life is carried out online these days, it’s essential that you take all the necessary steps
Protecting the data, valuables and account information related to your business has become even more vital as our workplaces have
Uncover the latest threat looming over government servers. The newfound vulnerability impacts Microsoft systems, leaving government infrastructures at risk.
Do you suspect a phishing attempt? Explore this guide for actionable steps on what to do next. Get assistance in
Vulnerability scans look for known vulnerabilities in your systems, while Penetration tests intend to exploit weaknesses in the architecture. How
We love using Clubhouse to helps us develop our security projects
Learn proactive cyber threat prevention through threat modeling. Discover how to anticipate and mitigate security incidents before they occur with
Dive deeper into Spear Phishing, a sophisticated cyber attack targeting specific individuals to gain unauthorized access to confidential data and
The continued impact of the pandemic has made working from home the new normal, rapidly accelerating digital transformation in companies
Craig has delved into his research on CVE-2019-11510, uncovering over 736 vulnerable hosts and sharing insights on this critical cybersecurity
Recruitment companies are a prime target for hackers. We go over the main aspects that recruitment companies should be careful
In this blog we uncover a huge data spill for Wishbone, revealing massive amounts of user data available for malicious
Uncovering what went wrong with TravelEx. Investigating ransomware designed to take over the network and block access to file networks.
CVE hunting within open-source applications – invaluable insights for identifying vulnerabilities, ensuring robust security in open-source software.
7 effective strategies to improve your company’s security. Discover actionable steps to fortify your defences against cyber threats and safeguard
Discover how AI is transforming cybersecurity. Explore how hackers exploit AI, how defenders fight back, and who holds the upper hand in today’s AI cybersecurity battle
Explore the current cybersecurity AI arms race between hackers and defenders: how it’s being used, who has the edge, and what it means for the future.
Telecommunications providers are prime targets for nation-state actors and advanced persistent threats (APTs) due to their central role in national
Discover how generative AI is transforming cybersecurity for attackers and defenders. Learn the real risks, practical defensive applications, and future trends in AI-powered security.
Explore the rise of AI-generated code in vibe coding, its cybersecurity risks, and how to secure fast, intuitive development without sacrificing safety.
Explore the rise of AI-generated code in vibe coding, its cybersecurity risks, and how to secure fast, intuitive development without sacrificing safety.
Enforceable by January 2025, the EU’s Digital Operational Resilience Act (DORA) introduces a landmark EU regulation framework, designed to help
2024 has been a transformative year for the OnSecurity team, marked by progress and significant milestones. To celebrate the company’s
In the blink of an eye, artificial intelligence and emerging technology are shattering the old rules of cybersecurity, rendering traditional
ISO 27001 and SOC 2, Type 2 are two of the most prominent regulatory frameworks in the cybersecurity industry. While
Many retailers face rising cyber threats. Discover key challenges and practical solutions to protect systems, data, and customer trust.
Discover what the Digital Operational Resilience Act (DORA) means for cybersecurity in the financial sector. Learn the compliance requirements, and how to prepare with penetration testing.
With the rise of remote and flexible work policies, many employees have adopted cafes, libraries, and other public spaces as
Conor O’Neill is not your typical CEO. In 2023 he completed an Ironman marathon. He practises archery in his spare
For National Coding Week, we reached out to some of our software developers at OnSecurity to hear their perspective on
Penetration testing is a crucial investment in your organisation’s cybersecurity, but understanding the associated costs can be challenging. While there’s
Maximise your pentest impact with OnSecurity’s guide on leveraging reports to enhance your security posture and confidently and quickly share results
What is Penetration Testing? Penetration Testing, otherwise known as “pentesting” or ethical hacking, is the beating heart of all good
Explore OnSecurity’s services and products for enhancing your organization’s security posture. Understand the importance of SOC 2 compliance requirements.
Discover now how our tester skillfully exploited multiple SQL injection vulnerabilities to extract valuable data from an application’s backend databases.
Cloud-native security systems are transforming the way businesses protect their digital assets. Built for the cloud, these systems offer dynamic and scalable solutions to defend against evolving threats. In this blog, we’ll explore what cloud-native security systems are and why they’re essential for modern businesses.
Highlighting a critical cybersecurity issue: Unauthorised access is inevitable wherever default credentials are used, underscoring the need for caution.
Discover the purpose of PCI DSS: securing card payments. OnSecurity offers PCI segmentation pentesting for businesses, ensuring a secure payment environment.
A simple bug in the ‘forgotten password’ and password reset mechanism led to a malicious takeover of an entire target application. Find out how this was fixed and secured.
Explore Docker’s security aspects: Understand how taking precautions is crucial to avoid vulnerabilities in this widely-used containerization platform.
Explore our technique of using Server Side Request Forgery (SSRF) to successfully retrieve EC2 credentials, demonstrating advanced cybersecurity tactics.
Unveiling the risks of exposing cloud acces keys – particularly in reference to AWS (amazon web services) keys. This article shares a real example from a recent pen test conducted by our expert testers.
Here Tristan demonstrates how to reset any user’s password by altering the password reset functionality, revealing a crucial cybersecurity vulnerability responsible for password reset bugs and consequential exploits.
Discover how one of our pentesters found that client-side security controls hadn’t been enabled in our customer’s target application, allowing them to access features reserved for paying customers, as well as how we fixed it.
Welcome to our Pentest Files blog series. Each blog post will present an interesting or dangerous finding one of our
Learn about spoofing in cyber security, how it works, common types, and how businesses can detect and protect against this growing cyber threat.
Learn how OnSecurity evolved from the vision of a few founders to an industry-leading pentest provider, as shared by one of its founding members.
Learn how iOS penetration testing uncovers vulnerabilities in your mobile apps, ensuring robust security and protecting user data on Apple devices.
What are the differences between ISO 27001 and SOC 2, Type 2? How can I choose the right cybersecurity framework for my organisation?
Ensure your Open Banking APIs meet regulatory standards with robust security testing. Learn key methods, risks, and compliance best practices.
Discover the risks of using unsecured WiFi and learn effective strategies to protect your data. Read more to safeguard your online security today.
Discover the top 10 fintech app security vulnerabilities found in 2025, plus practical fixes to help your team improve security and reduce cyber risk.
Many retailers face rising cyber threats. Discover key challenges and practical solutions to protect systems, data, and customer trust.
Find out why you need to protect your business against zero-click malware. Discover the best ways to defend your business against attacks.
Learn what MFA fatigue is, why it poses a security risk, and discover practical steps businesses can take to prevent and mitigate it effectively.
Learn how to build effective cybersecurity policies for your small business. Practical steps to protect data, ensure compliance & reduce risks.
Discover how enterprise businesses can tackle remote working cybersecurity risks with pentesting, clear policies, and training.
Discover 5 effective ways to protect your business from deepfake scams, including employee training, testing processes, and AI-generated content detection.
Learn about brute force attacks in cyber security, how they work, types, signs to watch for, and ways to protect systems from unauthorised access and potential data breaches.
Learn about brute force attacks in cyber security, how they work, types, signs to watch for, and ways to protect systems from unauthorised access and potential data breaches.
Ready to experience the future of pentesting?
Discover how combining expert insight with automation leads to faster, more precise, and high-impact penetration testing.