Offensive Security stories
Hidden tracking markers and a US standoff over a vulnerability-finding model are fuelling fears that AI now carries cyber and national security risks.
Security leaders can now map team gaps more precisely as the platform adds crisis simulation, AI coaching and SOC training tools.
Organisations risk missed exposures as cloud, APIs and AI systems change far faster than annual security checks can keep up.
Enterprise security teams gain a new AI-assisted way to spot exploitable code flaws, as IBM widens its cyber work with OpenAI.
The move aims to help defenders turn faster vulnerability discovery into working fixes, as OpenAI broadens access to its cyber tools and partners.
Public release of the Mini Shai-Hulud code means copycat attacks can now hit developers, CI/CD systems and open-source supply chains.
With AI speeding up attacks, 53% of security leaders say point-in-time tests are already outdated by the time reports land.
Cybersecurity teams fear the release could speed up vulnerability hunting on both sides, forcing faster patching and tighter controls.
Periodic penetration tests miss most systems, prompting Australian and New Zealand firms to use AI-driven checks for broader coverage and faster risk spotting.
Security buyers get a stronger benchmark as CREST-certified testers gain faster access to Synack's vetted red team for client engagements.
Passes in a sponsored hacking exam will trigger USD $1,000 in training credits for underserved communities, with up to USD $1 million on offer.
Only 12% of chief information security officers have recently validated controls they expect to stop intruders moving sideways through networks.
Industrials remained the main target as the monthly ransomware total eased 7%, even as The Gentlemen surged to second place among active gangs.
A financial services cloud was taken over in seconds in a test, highlighting how approved permissions can still let attackers reach full AWS control.
The certifications may help reassure UK customers and public-sector buyers as cyber breaches remain widespread and scrutiny of suppliers intensifies.
Developers can now pull thousands of hardened container images for free, as the company drops registration and expands access across its library.
Continuous attack testing aims to help customers spot exploitable gaps before criminals do, including misconfigurations hiding outside core systems.
Exploited software flaws are now overtaking stolen passwords as the main breach route, sharpening pressure on security teams to patch faster.
Enterprises could cut remediation noise as attacker-validated findings are ranked against business context, ownership and exploit paths.
The platform aims to speed application security reviews by about 20% while keeping expert testers in charge of final findings.