OnSecurity's Latest Articles, News and Industry Tips
Security should be important to everyone. Our blog features articles regarding your business’ security and different aspects to consider.
Learn about brute force attacks in cyber security, how they work, types, signs to watch
Enhance your security posture with essential practices for effective pentest orchestration. Discover strategies that streamline
Ransomware can cripple businesses by locking critical data and demanding payment. Learn what ransomware is,
Protect your business from phishing scams with these 5 essential tips. Learn how to avoid
What are the differences between ISO 27001 and SOC 2, Type 2? How can I
Learn the key differences between penetration testing vs. vulnerability scanning. Understand when to use each
From doctor to pentester: Archana Singh’s inspiring journey into cybersecurity shows how passion and resilience
Explore the journeys of women in cybersecurity at OnSecurity, with insights from Product Manager Beth
OnSecurity’s CEO emphasises a merit-based hiring approach, career development, and life/work balance. By nurturing talent,
Discover the differences between ethical hacking and penetration testing, how they protect your business from
Learn how Mike Oram, VP of engineering at OnSecurity, taught himself coding, and how to
Explore API pen testing, its benefits, common vulnerabilities, and best practices to strengthen your business’s
Explore OnSecurity’s services and products for enhancing your organisation’s security posture. Understand the importance of
Unravel the essentials of ISO 27001 certification in this blog. Explore critical insights and guidelines
Explore the intricacies of this vital framework designed to fortify businesses against diverse cyber threats.
Learn how to secure SaaS applications with expert strategies for data protection, access control, compliance, and threat detection.
Learn what ISO 42001 is, why it matters, and how businesses can implement AI governance, manage risk, and align with EU AI Act compliance requirements.
Protect patient data in healthcare with essential security measures, pentesting insights, and UK data protection guidance.
Technical debt increases breach risk, slows response, and drives up costs. Learn why security debt matters and how to manage it.
Discover how 2-step authentication secures business data from breaches. Compare MFA methods to strengthen your security.
Discover what an ISMS is and how it enhances your organisation’s information security. Read our clear guide to implement effective management systems.
Tom Keyte reflects on five years at OnSecurity- from infrastructure wins to security lessons, and how his role evolved beyond just writing code.
The EU AI Act sets strict rules for AI providers and users. Learn who it applies to, key risk categories, compliance steps, and what businesses must do to prepare.
OnSecurity secures award highlighting the breakthrough year of growth, innovation and AI-augmented cybersecurity
Discover the top emerging AI security risks in 2026, including AI-driven phishing, autonomous agents, model attacks, shadow AI, and governance gaps.
Build a proactive cybersecurity culture. Learn how CISOs can drive lasting behavioural change, boost awareness, and reduce cyber risks
Turn penetration test results into action. Follow this step-by-step remediation checklist to fix vulnerabilities and boost security.
Learn 9 key cybersecurity metrics boards care about to prove ROI, reduce risk, and align security with business goals.
Explore the top penetration testing challenges CISOs face in 2025 and how AI-powered continuous pentesting is reshaping security assurance.
CEO explains his opinion on how AI is transforming cybersecurity. He explores how hackers exploit AI, how defenders fight back, and who holds the upper hand in today’s AI cybersecurity battle
Learn how to secure SaaS applications with expert strategies for data protection, access control, compliance, and threat detection.
Learn what ISO 42001 is, why it matters, and how businesses can implement AI governance, manage risk, and align with EU AI Act compliance requirements.
Learn how often to conduct cloud penetration testing based on your compliance needs, risk profile and cloud maturity level, from security experts.
Protect patient data in healthcare with essential security measures, pentesting insights, and UK data protection guidance.
Discover proactive security testing: prevent breaches before they happen, enhance compliance, and secure AI/LLM systems with continuous validation
Move beyond one-off pentests. Learn how to build a continuous assurance programme with regular testing, monitoring, and clear metrics that security leaders can track.
Discover how 2-step authentication secures business data from breaches. Compare MFA methods to strengthen your security.
Learn how supply chain attacks exploit third-party vulnerabilities and discover essential security measures to safeguard your business from costly breaches.
Discover what hackers can learn about your business online and how external attack surface discovery helps you reduce risk and strengthen security.
Discover the types of penetration testing, including network, web, mobile, cloud, API, and social engineering tests. Learn how to choose the right pentest.
Build a strong human firewall with effective security awareness training. Learn how to prevent social engineering and strengthen employee defences.
Explore the pros and cons of public and private cloud computing to determine the best fit for your needs. Learn how to secure any cloud environment with best practices.
Discover what an internal infrastructure test reveals about your systems. Gain insights to enhance security and performance. Read the article for more.
Discover what an ISMS is and how it enhances your organisation’s information security. Read our clear guide to implement effective management systems.
Discover the key differences between vulnerability assessment and penetration testing, and learn which approach is right for your security needs.
CVE-2021-44228: A new high profile zero-day vulnerability affecting large number of Java applications through a vulnerable version of the widely-used library Apache log4j.
Here you can discover the history and impact of MyDoom, the fastest spreading and most damaging computer virus to date, on OnSecurity’s informative blog post
Explore the rise of social engineering threats. Understand how individuals are manipulated to divulge sensitive information, passwords, and financial details.
Protecting the data, valuables and account information related to your business has become even more vital as our workplaces have
Apple claims that its Mac computers are well protected by in-built antivirus features, and there is no need to worry about extra security – how true is this?
This post explores each of the initial compromise methods for the TryHackMe x HackerOne CTF. Diving into the web security flaws and PHP tricks abused to gain access to the host webserver.
Delve into OnSecurity’s research on Go’s server-side template injection vulnerabilities, revealing potential for file reads and RCE exploits. Read more now.
Learn 3 essential steps to enhance your cybersecurity posture, and effectively mitigate emerging zero-day vulnerabilities for comprehensive threat protection.
Explore the challenge of vulnerabilities exploited before fixes. Learn how to address security gaps and protect against threats in this insightful discussion.
7 effective strategies to improve your company’s security. Discover actionable steps to fortify your defences against cyber threats and safeguard your business.
Craig has delved into his research on CVE-2019-11510, uncovering over 736 vulnerable hosts and sharing insights on this critical cybersecurity threat.
Do you suspect a phishing attempt? Explore this guide for actionable steps on what to do next. Get assistance in handling potential phishing incidents.
CVE hunting within open-source applications – invaluable insights for identifying vulnerabilities, ensuring robust security in open-source software.
Dive deeper into Spear Phishing, a sophisticated cyber attack targeting specific individuals to gain unauthorized access to confidential data and files.
Recruitment companies are a prime target for hackers. We go over the main aspects that recruitment companies should be careful of with their CyberSecurity
Ready to experience the future of pentesting?
Discover how combining expert insight with automation leads to faster, more precise, and high-impact penetration testing.