OnSecurity's Latest Articles, News and Industry Tips
Security should be important to everyone. Our blog features articles regarding your business’ security and different aspects to consider.
Dive deeper into Spear Phishing, a sophisticated cyber attack targeting specific individuals to gain unauthorized
The continued impact of the pandemic has made working from home the new normal, rapidly
Craig has delved into his research on CVE-2019-11510, uncovering over 736 vulnerable hosts and sharing
Recruitment companies are a prime target for hackers. We go over the main aspects that
In this blog we uncover a huge data spill for Wishbone, revealing massive amounts of
Uncovering what went wrong with TravelEx. Investigating ransomware designed to take over the network and
CVE hunting within open-source applications – invaluable insights for identifying vulnerabilities, ensuring robust security in
7 effective strategies to improve your company’s security. Discover actionable steps to fortify your defences
Safeguard your inbox against cyber threats. Explore our expert insights on spotting and avoiding phishing
Phishing, a cyber-crime that targets victims through email, has become the most common form of
Launched in 2015, Wishbone is a social networking app that encourages users to have their
Uncover the mechanics of ransomware and prevention strategies to safeguard your network against cybercriminal tactics
Explore the financial implications of data breaches, a frequent occurrence in today’s digital world. Learn
What happened in 2014 when Sony became the victim of an attack? Explore how Wiper
Recently I was tasked to conduct an external infrastructure penetration test against a select few
A practical guide to implementing Secure by Design in UK government product delivery. Covers risk-driven design, lifecycle security activities, compliance with the PSTI Act, and how regular penetration testing keeps your security posture continuously validated.
Learn GDPR essentials: data protection principles, subject rights, breach management, and compliance tools to safeguard personal data effectively.
Learn how to secure SaaS applications with expert strategies for data protection, access control, compliance, and threat detection.
Learn what ISO 42001 is, why it matters, and how businesses can implement AI governance, manage risk, and align with EU AI Act compliance requirements.
Protect patient data in healthcare with essential security measures, pentesting insights, and UK data protection guidance.
Technical debt increases breach risk, slows response, and drives up costs. Learn why security debt matters and how to manage it.
Discover how 2-step authentication secures business data from breaches. Compare MFA methods to strengthen your security.
Discover what an ISMS is and how it enhances your organisation’s information security. Read our clear guide to implement effective management systems.
Tom Keyte reflects on five years at OnSecurity- from infrastructure wins to security lessons, and how his role evolved beyond just writing code.
The EU AI Act sets strict rules for AI providers and users. Learn who it applies to, key risk categories, compliance steps, and what businesses must do to prepare.
OnSecurity secures award highlighting the breakthrough year of growth, innovation and AI-augmented cybersecurity
Discover the top emerging AI security risks in 2026, including AI-driven phishing, autonomous agents, model attacks, shadow AI, and governance gaps.
Build a proactive cybersecurity culture. Learn how CISOs can drive lasting behavioural change, boost awareness, and reduce cyber risks
Turn penetration test results into action. Follow this step-by-step remediation checklist to fix vulnerabilities and boost security.
Learn 9 key cybersecurity metrics boards care about to prove ROI, reduce risk, and align security with business goals.
A simple bug in the ‘forgotten password’ and password reset mechanism led to a malicious takeover of an entire target application. Find out how this was fixed and secured.
Explore Docker’s security aspects: Understand how taking precautions is crucial to avoid vulnerabilities in this widely-used containerization platform.
Explore our technique of using Server Side Request Forgery (SSRF) to successfully retrieve EC2 credentials, demonstrating advanced cybersecurity tactics.
Unveiling the risks of exposing cloud acces keys – particularly in reference to AWS (amazon web services) keys. This article shares a real example from a recent pen test conducted by our expert testers.
Here Tristan demonstrates how to reset any user’s password by altering the password reset functionality, revealing a crucial cybersecurity vulnerability responsible for password reset bugs and consequential exploits.
Discover how one of our pentesters found that client-side security controls hadn’t been enabled in our customer’s target application, allowing them to access features reserved for paying customers, as well as how we fixed it.
Penetration testing is a mostly manual process carried out by experienced consultants, using some of the same methods and tools a real hacker would. You decide on the scope of your test with your consultant, set your target, and your tester will get to work attempting to breach it. This blog will explore the importance of pentesting for businesses and how to begin.
Welcome to our Pentest Files blog series. Each blog post will present an interesting or dangerous finding one of our
Because so much of life is carried out online these days, it’s essential that you take all the necessary steps
Vulnerability scans look for known vulnerabilities in your systems, while penetration tests systemically exploit weaknesses in the architecture. Which is best for your organisation?
Effortlessly obtain a penetration testing quote online without sales calls. Experience a streamlined, hassle-free process for your cybersecurity needs.
Join Gus, explore advanced techniques for detecting and exploiting SQL Injection vulnerabilities in PostgreSQL-based web applications, ensuring robust security.
Explore the future of pentest reports as we unveil the next-generation approach. Discover what’s on the horizon for cybersecurity assessments and reporting.
This post revolves around general analysis, exploitation and discovery of SQL Injection vulnerabilities in app using the Postgres DMBS. We
Maximise your pentest impact with OnSecurity’s guide on leveraging reports to enhance your security posture and confidently and quickly share results
Build a secure software development cycle: integrate pentesting & shift security left. Guide for security leaders & developers.
Smishing, a form of cyber-attack that uses SMS messages to deceive victims, is on the rise. By exploiting human trust,
Exploring Cloud Security: Risks, Regulations & Remedies. Learn from incidents & strategies for robust cloud protection in an evolving digital landscape.
Discover how to mitigate financial risks from subdomain takeovers. Learn strategies to safeguard against reputational damage and data breaches.
Explore SSDLC stages: From planning to deployment. Learn how to secure web apps effectively with OnSecurity’s solutions.
How would we define Cybercrime? What do you imagine when you think of a cybercriminal? Do you envision an erratic,
The risks of typosquatting and its implications for online security. Explore cybercriminal tactics, real-world cases, and protective measures for your brand.
Radar by OnSecurity: an advanced tool for threat intelligence. Learn its role in enhancing security, achieving ISO certifications, and prioritizing threats.
The best practices with OnSecurity’s cyber security checklist 2023. Identify crucial steps to protect data and systems from unauthorised access and threats.
Learn how external vulnerability scanning can support your organisation in achieving operational resilience in this blog.
Delve into an effective external vulnerability scanning strategy and adopt best practices. This guide offers a very comprehensive understanding of the role they play.
New report reveals increasing cyber threats to drilling rigs, potentially leading to severe safety incidents. Understand the emerging vulnerabilities.
Here we delve into the evolution of ransomware with OnSecurity’s article on Triple Extortion ransomware tactics that threaten not just data, but a companies reputation
New research shows the prevalence of email phishing as the top cyber threat, tricking firms into revealing information through reputable sender disguises.
CVE-2021-44228: A new high profile zero-day vulnerability affecting large number of Java applications through a vulnerable version of the widely-used library Apache log4j.
Ready to experience the future of pentesting?
Discover how combining expert insight with automation leads to faster, more precise, and high-impact penetration testing.