We know GenAI is risky, so why aren’t we fixing its flaws? 2025-06-27 at 07:33 By Help Net Security Even though GenAI threats are a top concern for both security teams and leadership, the current level of testing and remediation for LLM and AI-powered applications isn’t keeping up with the risks, according to Cobalt. GenAl […]
We know GenAI is risky, so why aren’t we fixing its flaws? Read More »
XBOW’s AI reached the top ranks on HackerOne, and now it has $75M to scale up 2025-06-25 at 12:48 By Sinisa Markovic XBOW has raised $75 million in Series B funding to grow its AI-driven offensive security platform. The round was led by Altimeter’s Apoorv Agrawal, with participation from existing investors Sequoia Capital and Nat
XBOW’s AI reached the top ranks on HackerOne, and now it has $75M to scale up Read More »
Unleash the Tiger: Fast, Smart, and Targeted Cybersecurity Testing from Trustwave SpiderLabs 2025-06-19 at 21:54 By Learn all about Trustwave SpiderLabs’ new Tiger Team Testing. Get rapid, targeted, and cost-effective security assessments. Discover how Tiger Teams differ from traditional red and purple teams. Learn about their focused approach for faster, more efficient vulnerability detection. Identify
Review: Learning Kali Linux, 2nd Edition 2025-06-16 at 07:32 By Mirko Zorz Kali Linux has long been the go-to operating system for penetration testers and security professionals, and Learning Kali Linux, 2nd Edition by Ric Messier aims to guide readers through its core tools and use cases. This updated edition introduces new material on digital
Review: Learning Kali Linux, 2nd Edition Read More »
Kali Linux 2025.2 delivers Bloodhound CE, CARsenal, 13 new tools 2025-06-14 at 12:17 By Zeljka Zorz OffSec has released Kali Linux 2025.2, the most up-to-date version of the widely used penetration testing and digital forensics platform. KDE Plasma 6.3 in Kali Linux 2025.2 (Source: OffSec) New in Kali Linux 2025.2 As per usual, the newest
Kali Linux 2025.2 delivers Bloodhound CE, CARsenal, 13 new tools Read More »
Researchers warn of ongoing Entra ID account takeover campaign 2025-06-12 at 19:50 By Zeljka Zorz Attackers are using the TeamFiltration pentesting framework to brute-force their way into Microsoft Entra ID (formerly Azure AD) accounts, Proofpoint researchers have discovered. “Proofpoint’s research indicates that while simulated intrusions using TeamFiltration date back nearly to the tool’s initial release
Researchers warn of ongoing Entra ID account takeover campaign Read More »
Build a mobile hacking rig with a Pixel and Kali NetHunter 2025-06-12 at 08:32 By Mirko Zorz A cybersecurity hobbyist has built a compact, foldable mobile hacking rig that runs Kali NetHunter on a Google Pixel 3 XL. It’s called the NetHunter C-deck, and it packs serious functionality into a small, 3D-printed shell. NetHunter C-deck
Build a mobile hacking rig with a Pixel and Kali NetHunter Read More »
Red Teaming Around the World (UK and Europe vs. US) 2025-06-02 at 20:36 By Philip Pieterse Regional Nuances: Explore the key differences in Red Teaming approaches across the UK, Europe, and the US, including regulatory frameworks and threat modeling. Red Team vs. Penetration Testing: Understand the distinct objectives, scopes, and durations of Red Team engagements compared to pen
Red Teaming Around the World (UK and Europe vs. US) Read More »
Product showcase: Smarter pentest reporting and exposure management with PlexTrac 2025-06-02 at 09:03 By Help Net Security The threat landscape is evolving faster than ever. Staying ahead means going beyond automated scans and check-the-box assessments. It demands continuous, hands-on testing through a security approach that proactively identifies, prioritizes, and mitigates threats in real time. To
Product showcase: Smarter pentest reporting and exposure management with PlexTrac Read More »
From Simulation to Strategy: Evolving Your Red and Purple Teaming Approach 2025-05-13 at 16:01 By Red and Purple Teaming: Strategic Evolution – Discover how modern security assurance programs are shifting from one-off simulations to strategic, continuous improvement. Real-World Insights from Security Leaders – Learn from Trustwave experts on leveraging red and purple team testing to uncover security
From Simulation to Strategy: Evolving Your Red and Purple Teaming Approach Read More »
Autorize: Burp Suite extension for automatic authorization enforcement detection 2025-05-07 at 08:02 By Help Net Security Autorize is an open-source Burp Suite extension that checks if users can access things they shouldn’t. It runs automatic tests to help security testers find authorization problems. Autorize installation To use Autorize, you’ll need Burp Suite and Jython. Here’s
Autorize: Burp Suite extension for automatic authorization enforcement detection Read More »
GoSearch: Open-source OSINT tool for uncovering digital footprints 2025-04-28 at 08:01 By Help Net Security GoSearch is an open-source OSINT tool built to uncover digital footprints linked to specific usernames. Designed for speed and accuracy, it lets users quickly track someone’s online presence across multiple platforms. GoSearch incorporates data from Hudson Rock’s Cybercrime Database, offering
GoSearch: Open-source OSINT tool for uncovering digital footprints Read More »
Terra Security Raises $8M for Agentic AI Penetration Testing Platform 2025-04-23 at 11:57 By Ionut Arghire Cybersecurity startup Terra Security has raised $8 million in seed funding from SYN Ventures, FXP Ventures, and Underscore VC. The post Terra Security Raises $8M for Agentic AI Penetration Testing Platform appeared first on SecurityWeek. This article is an
Terra Security Raises $8M for Agentic AI Penetration Testing Platform Read More »
Review: The Ultimate Kali Linux Book, Third Edition 2025-04-10 at 07:31 By Mirko Zorz Packed with real-world scenarios, hands-on techniques, and insights into widely used tools, the third edition of the bestselling Ultimate Kali Linux Book offers a practical path to learning penetration testing with Kali Linux. About the author Glen D. Singh, a seasoned
Review: The Ultimate Kali Linux Book, Third Edition Read More »
APTRS: Open-source automated penetration testing reporting system 2025-04-09 at 07:46 By Mirko Zorz APTRS is an open-source reporting tool built with Python and Django. It’s made for penetration testers and security teams who want to save time on reports. Instead of writing reports by hand, users can create PDF and Excel files directly in the
APTRS: Open-source automated penetration testing reporting system Read More »
Exegol: Open-source hacking environment 2025-03-31 at 08:02 By Mirko Zorz Exegol is a community-driven hacking environment, which helps users deploy hacking setups quickly and securely. It’s made for penetration testers, CTF players, bug bounty hunters, researchers, defenders, and both new and experienced users. Exegol offers clean, secure environments. Each project can have its own Docker
Exegol: Open-source hacking environment Read More »
The Crucial Role Trustwave Red Team Exercises Play in Enhancing Cybersecurity 2025-03-28 at 15:09 By Uncover Critical Cybersecurity Gaps: Learn how Trustwave SpiderLabs’ Red Team identified vulnerabilities in a US-based healthcare system. Real-World Red Team Insights: Explore key findings from simulated attacks that reveal how adversaries could compromise sensitive data. Healthcare Cybersecurity Trends: Access exclusive
The Crucial Role Trustwave Red Team Exercises Play in Enhancing Cybersecurity Read More »
Kali Linux 2025.1a drops with theme refresh, Kali NetHunter updates 2025-03-20 at 09:32 By Help Net Security Kali Linux 2025.1a is now available. This release enhances existing features with improvements designed to streamline your experience. 2025 theme refresh Kali Linux 2025.1a introduces an annual theme refresh, maintaining a modern interface. This year’s update debuts a
Kali Linux 2025.1a drops with theme refresh, Kali NetHunter updates Read More »
Hetty: Open-source HTTP toolkit for security research 2025-03-10 at 08:17 By Help Net Security Hetty is an open-source HTTP toolkit designed for security research, offering a free alternative to commercial tools like Burp Suite Pro. Built with the needs of penetration testers, security professionals, and bug bounty hunters in mind, Hetty provides a set of
Hetty: Open-source HTTP toolkit for security research Read More »
Dalfox: Open-source XSS scanner 2025-02-26 at 08:20 By Mirko Zorz DalFox is an open-source tool for automating the detection of XSS vulnerabilities. With powerful testing capabilities and a wide range of features, it makes scanning, analyzing parameters, and verifying vulnerabilities faster and easier. “The uniqueness of Dalfox lies in its speed and ability to easily
Dalfox: Open-source XSS scanner Read More »