OnSecurity's Latest Articles, News and Industry Tips
Security should be important to everyone. Our blog features articles regarding your business’ security and different aspects to consider.
Discover the process and insights behind making Rapid7’s Project Sonar accessible and searchable. Explore the
Gain insight and learn responsible cURL usage and secure scripting practices in this essential OnSecurity
Explore the buffer overflow vulnerability in Easy Chat Server 3.1. Gain insights into this security
Defend against BlueKeep’s looming threats. Insights on securing systems from potential widespread attacks and common
Explore Kerberos abuse techniques on Linux with our comprehensive guide. Delve into the available tools
Learn the definition of spear phishing and the potential threats it poses to businesses in
What is social engineering? This blog will define what is meant by ‘social engineering’ in
This post revolves around general analysis, exploitation and discovery of SQL Injection vulnerabilities in app
Maximise your pentest impact with OnSecurity’s guide on leveraging reports to enhance your security posture
Join Gus on a deep dive into crafting Jinja2 SSTI payloads from scratch. Explore bypass
Understand the Power of Secure Code: Enhance Business Security with Proactive Code Audits. Discover vulnerabilities,
Roles in software engineering are becoming more popular with advances in technology and require a
Learn about spoofing in cyber security, how it works, common types, and how businesses can
Learn how OnSecurity evolved from the vision of a few founders to an industry-leading pentest
Learn how iOS penetration testing uncovers vulnerabilities in your mobile apps, ensuring robust security and
“Online US retail giant Amazon has used its cloud operations to do a deal with the GCHQ, MI5, and MI6, The Financial Times reports.
Google’s very impressive record: Zero successful phishing attacks on a massive workforce of 140,000+ employees. Discover their security success story.
Online US retail giant Amazon has used its cloud operations to do a deal with the GCHQ, MI5, and MI6, The
Catch Of The Week Did you know that Google has never been the victim of a successful phishing attack? Not bad for
Sony is a gigantic multipartite corporation that has been prone to multiple different types of hacks, find out why and how they improve their security posture
Explore the risks businesses face with internet-stored data and the prevalent distrust in online security, highlighting the need for robust protection.
Dive into the alarming rise of Ryuk ransomware since 2018, which has accumulated over $150 million, showcasing its global financial impact and danger.
A compilation of tricks and checks for when a file upload is encountered in an offensive security test.
Unravel the simplicity of gRPC with Project Crobat. Learn to streamline development with gRPC and empower your projects. Dive into our blog for insights!
Delve into the fascinating narrative of how a love letter altered the landscape of computer security perpetually. Uncover this tale of technological evolution.
One of the biggest growing problems in computer security is the growing proliferation of cyberattacks which are far more open and threatening in nature.
The myths surrounding cloud security hesitancy. Gain clarity on common misconceptions and make informed decisions about cloud-based security solutions.
Explore the methods targeting LinkedIn users through phishing scams and gain insights into the everyday tactics used by cybercriminals to exploit you further.
A computer hacker in the US was able to gain access to the water system of Oldsmar in Florida and successfully increased the amount of sodium hydroxide.
Uncover the latest threat looming over government servers. The newfound vulnerability impacts Microsoft systems, leaving government infrastructures at risk.
Discover the key differences between vulnerability assessment and penetration testing, and learn which approach is right for your security needs.
Discover what ISO 27001 entails and how it can enhance your information security. Read our comprehensive guide to strengthen your security framework.
Learn about LLM prompt injection attacks and exclusive tips and tricks on prompt injection defence in our latest expert blog.
LLM jailbreak guide: examples, attack types, and a practical testing checklist to identify vulnerabilities and boost model safety
Discover what AI red teaming is, why it’s essential for AI security, and how to start testing your systems for vulnerabilities before attackers do.
Discover how AI is transforming cybersecurity. Explore how hackers exploit AI, how defenders fight back, and who holds the upper hand in today’s AI cybersecurity battle
Discover essential LLM red teaming techniques to secure AI systems. Learn step-by-step frameworks, attack vectors & best practices.
Improve DevOps infrastructure security with post-pentest insights. Learn how to turn findings into action and protect your CI/CD pipeline effectively.
Explore the current cybersecurity AI arms race between hackers and defenders: how it’s being used, who has the edge, and what it means for the future.
Telecommunications providers are prime targets for nation-state actors and advanced persistent threats (APTs) due to their central role in national
Discover how generative AI is transforming cybersecurity for attackers and defenders. Learn the real risks, practical defensive applications, and future trends in AI-powered security.
Explore the rise of AI-generated code in vibe coding, its cybersecurity risks, and how to secure fast, intuitive development without sacrificing safety.
Sometimes referred to as ‘internal infrastructure tests’, or ‘internal network tests’, internal penetration tests are the backbone of any thorough
External penetration testing methodology: what is it and how does it work? External penetration testing is a crucial cybersecurity measure
Cybercriminals are no longer targeting just the big players. In fact, small businesses are firmly in their sights too. With
Ensure your Open Banking APIs meet regulatory standards with robust security testing. Learn key methods, risks, and compliance best practices.
Discover the risks of using unsecured WiFi and learn effective strategies to protect your data. Read more to safeguard your online security today.
Discover the top 10 fintech app security vulnerabilities found in 2025, plus practical fixes to help your team improve security and reduce cyber risk.
Many retailers face rising cyber threats. Discover key challenges and practical solutions to protect systems, data, and customer trust.
Find out why you need to protect your business against zero-click malware. Discover the best ways to defend your business against attacks.
Learn what MFA fatigue is, why it poses a security risk, and discover practical steps businesses can take to prevent and mitigate it effectively.
Learn how to build effective cybersecurity policies for your small business. Practical steps to protect data, ensure compliance & reduce risks.
Discover how enterprise businesses can tackle remote working cybersecurity risks with pentesting, clear policies, and training.
Discover 5 effective ways to protect your business from deepfake scams, including employee training, testing processes, and AI-generated content detection.
Learn about brute force attacks in cyber security, how they work, types, signs to watch for, and ways to protect systems from unauthorised access and potential data breaches.
Learn about brute force attacks in cyber security, how they work, types, signs to watch for, and ways to protect systems from unauthorised access and potential data breaches.
From doctor to pentester: Archana Singh’s inspiring journey into cybersecurity shows how passion and resilience can shape new careers.
Explore the journeys of women in cybersecurity at OnSecurity, with insights from Product Manager Beth Watts on navigating and thriving in tech.
Explore OnSecurity’s services and products for enhancing your organisation’s security posture. Understand the importance of SOC 2 compliance requirements.
Unravel the essentials of ISO 27001 certification in this blog. Explore critical insights and guidelines for a robust security management system.
Ready to experience the future of pentesting?
Discover how combining expert insight with automation leads to faster, more precise, and high-impact penetration testing.
