Insights on vulnerabilities, cloud security, API testing, compliance, and penetration testing - written by the consultants who do the work.
Three years on from CVE-2023-34362 (MOVEit Transfer SQLi) and the Cl0p mass-exploitation campaign that defined modern data-exfiltration ransomware. Plus the 2024-2025 ransomware retrospective: LockBit takedown, BlackCat exit-scam, and what survives them.
Read articleTwo years after regreSSHion (CVE-2024-6387), the OpenSSH CVE that didn't quite weaponise globally - plus what CUPS, OpenSSL, and the rest of the critical OSS stack look like in April 2026.
It's been a year since CVE-2025-30066 (the tj-actions/changed-files compromise) and the XZ Utils backdoor (CVE-2024-3094) is two years old this month. Where supply-chain defence stands, what changed, and what most teams still haven't done.
Microsoft shipped fixes for more in-the-wild zero-days in 2024 than in any prior year - and the Windows MSHTML, TCP/IP, and Task Scheduler issues remain pre-prevalent on unpatched estate. A February inventory of the Microsoft CVEs you still need to verify are gone.
Two years after Snowflake, the credential-theft + SaaS-misconfiguration pattern is the most consistent breach vector we triage. A digest of the real incidents and CVEs that should anchor your January retrospective.
tj-actions/changed-files was compromised in March 2025 and used to leak CI secrets across thousands of repositories. Plus Q1 2025's other actively-exploited zero-days, what was chained with what, and what defenders should patch first.
WordPress, Drupal, and Joomla took the brunt of 2024's web compromises - and the pattern was the same as 2023. What Wordfence, Sucuri, and Patchstack data tells us, plus the controls that materially reduce breach probability.
Snowflake customer compromises, Microsoft Midnight Blizzard, AnyDesk - the 2024 cloud incident pattern was consistent: stolen credentials reused against unprotected SaaS. Eight failure modes, ranked by real-world incident frequency.
The shared-responsibility model isn't ambiguous - it's just frequently unread. A practical map of what AWS, Azure, and GCP own versus what you own, and the three architectural patterns that move the needle for mid-market customers.
API4:2023 (resource consumption) and API6:2023 (sensitive business flows) are where the most expensive bugs hide. Plus GraphQL aliasing, depth attacks, and introspection - the failure modes scanners cannot find.