Traditional penetration testing has long been a cornerstone of cyber assurance. For many organisations, structured annual or biannual tests have provided an effective way to validate security controls, support compliance requirements, and identify material weaknesses across infrastructure, applications, and external attack surfaces. However, enterprise environments now change at a pace ... Read More

Cyber insurance is now a routine part of organisational risk management, particularly for organisations with complex IT estates and growing digital exposure. As cyber incidents continue to drive operational disruption and financial loss, insurers are placing greater emphasis on understanding the true level of cyber risk they are underwriting through ... Read More

The Digital Operational Resilience Act (DORA) introduces a unified framework for managing ICT risk across the European financial sector, with key requirements, including penetration testing, coming into force in 2026. Its aim is to ensure that regulated organisations, and the critical third-party providers they rely on, can withstand, respond to ... Read More

The JavaScript ecosystem is dealing with another major supply-chain incident. A second wave of the Sha1-Hulud malware, initially launched in September, has compromised thousands of projects by abusing malicious NPM packages. Over the past week, researchers have confirmed widespread credential theft, large-scale repository compromise, and automated propagation through developer tooling ... Read More

ISO 27001 provides a comprehensive framework to ensure organisations understand and manage their information security risks, and validates that appropriate controls are in place to mitigate those risks. Penetration testing plays a critical role in this process by validating security measures and exposing vulnerabilities before they become incidents. In this ... Read More

On 13 November 2025, IBM published a new security bulletin highlighting four critical vulnerabilities in AIX (also known as IBM VIOS). These issues impact the NIM (Network Installation Manager) infrastructure, which provides unattended operating system installation, configuration, updates and third-party software. As such, NIM is often installed on a highly ... Read More

Penetration testing and auditing are both methods of gaining assurance, but they operate from different angles. A pentest evaluates how well security controls stand up to real-world attack scenarios, while an audit examines whether those controls are designed, implemented, and maintained according to policy or recognised standards.   This article looks ... Read More

In a world where data breaches continue to rise, organisations have become more discerning about who they trust with their information. It is no longer enough to claim that security is a priority — businesses must be able to prove it. Penetration testing, when conducted by qualified professionals, is one ... Read More

Cyber security is a battle that never truly ends. With new and increasingly sophisticated threats emerging all the time, keeping one step ahead of the hackers is challenging.  Penetration testing is an indispensable tool for organisations seeking to bolster their cyber security posture. However, while the testing process is important, ... Read More

Black box penetration testing is one method among many potential approaches to securing systems, applications, networks and cloud environments. As with anything, it has pros and cons. Black box penetration testing involves assessing an asset without any prior knowledge or access to its internals, for example authenticated features, application code, ... Read More