The 5 Stages of a CTEM Cybersecurity Program

To beat an attacker, you have to think like one. An adversary doesn't care about your compliance reports or internal severity ratings. They care about one thing: finding an exploitable path to your critical assets. So why are we still prioritizing based on theoretical scores? A modern security...

Offensive Security for AI Systems: Concepts, Practices, and Applications

As artificial intelligence AI systems become increasingly adopted across sectors, the need for robust, proactive security strategies is paramount. Traditional defensive measures often fall short against the unique and evolving threats facing AI-driven technologies, making offensive security an...

Applying the Tyson Principle to Cybersecurity: Why Attack Simulation is Key to Avoiding a KO

Picture a cybersecurity landscape where defenses are impenetrable, and threats are nothing more than mere disturbances deflected by a strong shield. Sadly, this image of fortitude remains a pipe dream despite its comforting nature. In the security world, preparedness is not just a luxury but a...

New COSMICENERGY Malware Exploits ICS Protocol to Sabotage Power Grids

A new strain of malicious software that's engineered to penetrate and disrupt critical systems in industrial environments has been unearthed. Google-owned threat intelligence firm Mandiant dubbed the malware COSMICENERGY , adding it was uploaded to the VirusTotal public malware scanning utility i...

Nighthawk Likely to Become Hackers' New Post-Exploitation Tool After Cobalt Strike

A nascent and legitimate penetration testing framework known as Nighthawk is likely to gain threat actors' attention for its Cobalt Strike-like capabilities. Enterprise security firm Proofpoint said it detected the use of the software in mid-September 2022 by a red team with a number of test emai...

Guide: How to Hack API in 60 minutes or API Threats Simulation with Open-Source Tools

What is API? API is the abbreviation for Application Programming Interface, which is a product middle person that permits two applications to converse with one another. Useful link: Api security tutorial for beginners and professionals What Is API Testing: Benefits, Types, How To Start ‍OpenAPI...

When Time is of the Essence – Testing Controls Against the Latest Threats Faster

A new threat has hit head the headlines Robinhood anyone?, and you need to know if you're protected right now. What do you do? Traditionally, you would have to go with one of the options below. Option 1 – Manually check that IoCs have been updated across your security controls. This would require...

IBM Opens Attack Simulation Test Center

CAMBRIDGE, Ma. – IBM cut the ribbon on its new global security headquarters Wednesday that will also serve as command center for its just announced X-Force Incident Response and Intelligence Services. The centerpiece of the new 153,000-sqft facility is the company’s Cyber Range which IBM bills as...