Appears on
Articles13
WordPress Webshell Attack WP-SHELLSTORM
An exposed criminal server reveals exactly which plugin flaws powered a mass WordPress webshell attack. Use this checklist to check your own sites now.
Bug Bounty vs Penetration Testing: A Decision Checklist for Businesses
Not sure whether to commission a penetration test or start a bug bounty programme? A practical checklist covering compliance, cost and timing for UK businesses.
North Korea’s npm Supply Chain Attack Hit Rollup Developer Tools
Researchers at JFrog traced a fresh npm supply chain attack to North Korea's Lazarus group, six lookalike packages built to steal developer credentials and cloud keys.
Black Box vs White Box Testing: How to Scope Your Next Penetration Test
Black box vs white box testing comes down to how much access you give your penetration testers. Here's how each approach, plus grey box testing, affects realism, depth, cost and which to choose.
Ransomware Without Encryption: A $1m Lesson From a US Government Hack
A US county paid roughly $1 million to a group that never encrypted a single file, exposing how far data-theft extortion has moved beyond classic ransomware.
Thick Client Penetration Testing: What to Expect
What happens during a thick client penetration test, what testers find most often, and how to choose a provider.
PTaaS vs Traditional Testing: How to Choose Penetration Testing as a Service
Penetration testing as a service and a traditional scoped engagement solve different problems. A side-by-side comparison and a simple way to decide which your business needs.
Stop Treating the Hypervisor as a Wall You Never Test
A 16-year-old hypervisor escape vulnerability in Linux KVM shows guest isolation is an assumption, not a fact. Here's why that should change how you scope security testing.
What to Do About the BeyondTrust Remote Access Bug
BeyondTrust has fixed two pre-authentication bypass flaws in Remote Support and Privileged Remote Access. Here is a practical checklist for IT teams still running self-hosted appliances.
GhostLock Exposes a Deeper Linux Kernel Patching Problem
GhostLock's real lesson isn't the bug, it's the eleven weeks most businesses spent unpatched after the fix shipped. Linux kernel patching needs urgency.
RoguePlanet: The Windows Defender Vulnerability Microsoft Left Open for a Month
A local Windows Defender vulnerability, CVE-2026-50656, let any logged-in user reach SYSTEM for nearly 29 days before Microsoft shipped a fix.
Lieber Studies Making and Shaping LOAC Volume – Between War and the Text: The Pedagogical Life of IHL
The post Lieber Studies Making and Shaping LOAC Volume – Between War and the Text: The Pedagogical Life of IHL appeared first on Lieber Institute West Point .
Beyond Compliance Symposium – What’s in the frame? Understanding everyday lived experiences of armed conflict through a lens of ‘harm+need’
The post Beyond Compliance Symposium – What’s in the frame? Understanding everyday lived experiences of armed conflict through a lens of ‘harm+need’ appeared first on Lieber Institute West Point .

