3,911 Photos and videos
MFA was a strong control in the environment. It was also the key to breaking it.
Legacy NIS Duo Auth Proxy a RADIUS shared secret = full domain compromise.
New technical blog walks the full attack chain from unauthenticated Apache NiFi RCE to DCSync: ow.ly/1qCO50Z92mM
3
4
508
NetSPI Labs Researcher, @WebbinRoot, talks today at 11:40am PT. Live stream his session on OCInferno, an enumeration and graphing framework using OpenGraph for BloodHound-style attack path analysis: lnkd.in/gAcBvNCf
May 31
Tomorrow (June 1) is fwd:cloudsec North America! If you can't be there, watch the live stream:
Day 1, Room 1: youtube.com/live/w4FxLj4Bm3o
Day 1, Room 2: youtube.com/live/o5xM78udB64
Day 2, Room 1: youtube.com/live/cw4O7wJsvRM
Day 2, Room 2: youtube.com/live/EM5SzIjOgik
1
198
Employees are trained to be skeptical of suspicious emails, but physical phishing vectors are a blind spot. Attackers are getting creative. See how a fortune cookie in a breakroom led to harvested employee credentials: ow.ly/ICJ250Z4PE0
1
3
438
Your external attack surface changes every time you deploy something new. Attackers notice. NetSPI's continuous external pentesting identifies and validates real risk across your internet-facing assets as they change, not months later: ow.ly/uNMQ50Z1aL1
119
Critical Drupal PostgreSQL SQL injection critical vulnerability. Unauthenticated attackers can run arbitrary SQL queries, leading to full database compromise or RCE. Actively exploited in the wild.
Patch now. ow.ly/NuyZ50Z4sCw
#Drupal #CVE #proactivesecurity #PatchNow
1
259
Finding vulnerabilities is only half the battle. Getting them to the right team fast enough is where most programs break down.
NetSPI's agentic MCP integrations automate that handoff, no manual data entry required.
Learn more: ow.ly/3aik50Z1aHr
111
UEFI flaws hide before your OS even loads. NetSPI's Larry 'Patch' Trowell built a blueprint for finding them without physical hardware. Read more: ow.ly/nzg250Z2Rfr
1
2
222
New Hack Responsibly podcast episode 🎧
@kfosaaen talks to James Albany. Topics: continuous testing, AI in pentesting, overlooked attack surfaces, and breaking into a data center with a credit card.
Listen here: ow.ly/jQzZ50Z2Gtb
#podcast #hackresponsibly
3
135
Cloud misconfigurations don't wait for your next scheduled test. Neither should your security program. NetSPI's continuous cloud pentesting catches excessive permissions, exposed services, and misconfigurations as they emerge: ow.ly/rLsE50Z1aCa
#CloudSecurity #Pentesting
1
1
114
Continuous pentesting keeps visibility current as your attack surface evolves. NetSPI finds real risk as it appears, not months later.
Learn more: ow.ly/sN9n50YZ85s
#continuouspentesting #proactivesecurity
127
Automation creates noise. Point-in-time testing leaves gaps. The answer is continuous, human-validated security testing.
NetSPI's Continuous Pentesting finds and validates real risk as your environment changes. Read more: ow.ly/FYCZ50YY9Es
1
1
128
NetSPI launches AI-powered Continuous Pentesting.
Your attack surface never stops evolving. Your security program shouldn't either.
Human-led. AI-accelerated. Continuously validated. Learn more: ow.ly/ixUJ50YY9uK
2
1
193
#WorldPasswordDay: even mature orgs face credential exposure through third-party breaches, password reuse, or social engineering. Prevention matters. NetSPI's dark web monitoring helps you find out faster. ow.ly/vAHB50YW3hh
1
1
160
Palo Alto Networks PAN-OS Buffer Overflow (CVE-2026-0300). This is actively being exploited in the wild and there are no patches available. Mitigations must be applied immediately. ow.ly/TfvC50YVQbR
1
1
1
404
PATCH NOW! CVE-2026-41940 | cPanel & WHM Authentication Bypass. This allows a remote, unauthenticated attacker to gain root-level admin access by injecting arbitrary values into a server-side session file, effectively bypassing all credential checks. ow.ly/59Sm50YTxlu
348
PATCH NOW! CVE-2026-35616 & CVE-2026-21643 – Fortinet FortiClientEMS. These vulnerabilities have been exploited in the wild & allow unauthenticated attackers to bypass API authentication & execute unauthorized code or commands.
Learn more: ow.ly/aWWQ50YF1Lh
1
1
3
567
In the latest Hack Responsibly podcast, @kfosaaen and Thomas Elling discuss proactive cloud defense and mitigating strategic risk from chained vulnerabilities.
Listen to the episode here: ow.ly/fQuL50YzaZo
1
1
544
On March 24, 2026, a severe compromise was identified in LiteLLM, a widely adopted open-source LLM proxy framework. A compromise at this centralized layer exposes your entire LLM provider surface area. Read more: ow.ly/ZOkV50YyoBB
2
4
550