Day in the Life of a Red Teamer: Thinking Like the Adversary 2026-06-04 at 17:38 By John Jackson There’s a persistent myth about red team operators: that the job is all zero-days, glowing terminals, and cinematic “I’m in” moments. The reality is more interesting and far more human. This article is an excerpt from LevelBlue […]
Day in the Life of a Red Teamer: Thinking Like the Adversary Read More »
Two Approaches for Offensive Testing of AI Systems: Architecture-led AI Application Penetration Test and Threat-led AI Red Team Assessment 2026-05-27 at 16:59 By Sarath Nair Artificial intelligence (AI) is changing the shape of the application attack surface. A traditional application assessment usually starts with familiar questions, such as: This article is an excerpt from LevelBlue
Lyrie: Open-source autonomous pentesting agent 2026-05-18 at 09:42 By Sinisa Markovic Penetration testing has usually required weeks of manual work, specialized tooling, and teams with narrow skill sets. Lyrie, an open-source autonomous security agent built by OTT Cybersecurity, compresses that process into a command line tool and publishes the entire codebase. The project reached version
Lyrie: Open-source autonomous pentesting agent Read More »
Threat Analysis: Backdoored Electron Apps Evading Defenses 2026-05-08 at 18:03 By Michael Morose This Threat Analysis report is part of the “Purple Team Series” in which the LevelBlue Global Security Operations Center (GSOC) provides a technical overview of some of the methods that threat actors are using to compromise their victims. This article is an
Threat Analysis: Backdoored Electron Apps Evading Defenses Read More »
Hacking Hotels via Smart Stationary Bikes: How Unsecured Gym Equipment Can Lead to RCE 2026-04-29 at 17:00 By John Lopez Internet of Things (IoT) systems in hospitality environments are often overlooked as harmless amenities, but in reality, they can operate within highly interconnected networks, turning them into surprisingly effective gateways for broader system compromise. This
Hacking Hotels via Smart Stationary Bikes: How Unsecured Gym Equipment Can Lead to RCE Read More »
25 open-source cybersecurity tools that don’t care about your budget 2026-04-27 at 10:30 By Anamarija Pogorelec Regardless of the operating system you use, managing secrets, apps, cloud, compliance, and security operations can be overwhelming. The free, open-source tools presented in this article can help you detect threats, increase visibility, enforce controls, and investigate and respond
25 open-source cybersecurity tools that don’t care about your budget Read More »
PentAGI: Open-source autonomous AI penetration testing system 2026-04-22 at 10:09 By Anamarija Pogorelec Penetration testers have long relied on collections of specialized tools, manual coordination, and documented runbooks to work through a target assessment. PentAGI, an open-source project from VXControl, attempts to automate that entire workflow using a multi-agent AI system that plans, researches, and
PentAGI: Open-source autonomous AI penetration testing system Read More »
Kali Linux 2026.1 ships BackTrack mode, eight new tools, and a kernel upgrade to 6.18 2026-03-25 at 08:07 By Anamarija Pogorelec Penetration testers running Kali Linux have a new release to work with. Version 2026.1 delivers the annual theme refresh, a new BackTrack-inspired mode in kali-undercover, eight tools added to the network repositories, a kernel
Kali Linux 2026.1 ships BackTrack mode, eight new tools, and a kernel upgrade to 6.18 Read More »
Bug bounties are broken, and the best security pros are moving on 2026-03-10 at 08:33 By Anamarija Pogorelec Penetration testing engagements are organized as scheduled contracts with defined scope, set testing windows, and direct communication channels with client teams. Cobalt’s 2026 Pentester Profile Report describes growing preference for penetration testing as a service (PTaaS) and
Bug bounties are broken, and the best security pros are moving on Read More »
What happens when AI teams compete against human hackers 2026-03-06 at 07:58 By Anamarija Pogorelec A cybersecurity competition produced what may be the largest controlled dataset comparing AI-augmented teams to human-only teams on professional-grade offensive security tasks. The event, called NeuroGrid, ran for 72 hours on the Hack The Box platform and drew 1,337 registered
What happens when AI teams compete against human hackers Read More »
BlacksmithAI: Open-source AI-powered penetration testing framework 2026-03-02 at 08:00 By Mirko Zorz BlacksmithAI is an open-source penetration testing framework that uses multiple AI agents to execute different stages of a security assessment lifecycle. A multi-agent structure for offensive workflows BlacksmithAI runs as a hierarchical system in which an orchestrator coordinates task execution across specialized agents.
BlacksmithAI: Open-source AI-powered penetration testing framework Read More »
Securing Every Layer: How LevelBlue’s Full-Stack Testing Protects Your Product and Reputation 2026-02-28 at 10:37 By Connected products, whether IoT, IIoT, embedded, mobile, or other such devices, serve to either strengthen or undermine an organization’s security posture and reputation. This article is an excerpt from LevelBlue Blog View Original Source
Open-source AI pentesting tools are getting uncomfortably good 2026-02-02 at 09:10 By Help Net Security AI has come a long way in the pentesting world. We are now seeing open-source tools that can genuinely mimic how a human tester works, not just fire off scans. I dug into three of them, BugTrace-AI, Shannon, and CAI,
Open-source AI pentesting tools are getting uncomfortably good Read More »
The 2026 State of Pentesting: Why delivery and follow-through matter more than ever 2026-01-21 at 07:34 By Help Net Security Penetration testing has evolved significantly over the past several years. While uncovering exploitable vulnerabilities remains the core goal, the real differentiator today is how findings are handled after the testing concludes. The method of reporting,
The 2026 State of Pentesting: Why delivery and follow-through matter more than ever Read More »
Product showcase: Penetration test reporting with PentestPad 2026-01-16 at 09:57 By Help Net Security If you’ve done a pentest before, you know things can get messy fast. You start organized, but a few hours in, notes are scattered, screenshots have odd filenames, and small details get lost. PentestPad was built to help with that, not
Product showcase: Penetration test reporting with PentestPad Read More »
Novee Emerges From Stealth With $51.5 Million in Funding 2026-01-14 at 15:54 By Ionut Arghire Novee provides continuous AI-driven penetration testing to uncover and address novel vulnerabilities. The post Novee Emerges From Stealth With $51.5 Million in Funding appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Novee Emerges From Stealth With $51.5 Million in Funding Read More »
Kali Linux 2025.4: New tools and “quality-of-life” improvements 2025-12-15 at 13:48 By Zeljka Zorz OffSec has released Kali Linux 2025.4, a new version of its widely used penetration testing and digital forensics platform. Most of the changes are related to appearance and usability: Kali’s GNOME desktop environment now organizes Kali tools into folders via the
Kali Linux 2025.4: New tools and “quality-of-life” improvements Read More »
Equixly Raises $11 Million for AI-Powered API Penetration Testing 2025-12-09 at 13:21 By Ionut Arghire The Italian startup will use the investment to build proprietary AI models, accelerate global expansion, and hire new talent. The post Equixly Raises $11 Million for AI-Powered API Penetration Testing appeared first on SecurityWeek. This article is an excerpt from
Equixly Raises $11 Million for AI-Powered API Penetration Testing Read More »
AI-driven threats are heading straight for the factory floor 2025-12-09 at 09:07 By Mirko Zorz In this Help Net Security interview, Natalia Oropeza, Chief Cybersecurity Officer at Siemens, discusses how industrial organizations are adapting to a shift in cyber risk driven by AI. She notes that in-house capability, especially for OT response and recovery, is
AI-driven threats are heading straight for the factory floor Read More »
Defining and Defending Against a Zero Day Attack 2025-12-02 at 16:35 By Unexpected attacks are the hardest to fend off. This article is an excerpt from Trustwave Blog View Original Source
Defining and Defending Against a Zero Day Attack Read More »