We were recently on @BBCMorningLive, helping pet owners understand how they’d ended up paying for microchip services they didn’t remember signing up for. But there was a lot more behind the story. 📌We’ve written up our findings in full: #CyberSecurity

Deleted a folder? Shellbags is the accessory you need. They’re one of the most valuable forensic artifacts for tracing user activity in Windows, even if the folders are gone. This blog post by our @jwdfir walks through how Shellbags work, how to analyse them with tools like

Some proposal forms for cyber insurance miss the point. Instead of asking if controls exist, we should be asking where they don’t and why. This blog post looks at why exception-based questions (like “Which systems aren’t patched, and what compensating controls are in place?”)

Most Android apps don’t expose much through services. But system apps? That’s where things get interesting. This blog post by @tautology0 explains how Android services work and looks into the security risks of AIDL (Android Interface Definition Language) services. They’re

Attackers aren’t always bringing their own tools. More and more, they’re using what’s already on your systems, like PowerShell and Rundll32, to stay off the radar. In this video, our @CyberTibiAtya explains how to catch them with chain detections and why prevention tools like

A live blood sugar feed. An open cloud bucket. And a slightly panicked Sunday in Colorado. We found real-time blood glucose data from continuous glucose monitors, editable and exposed in an S3 bucket. The kind of data that, if changed, could trigger dangerous insulin doses in a

Can AI help you examine leaked data safely?.If you do it right, it can. In this blog post, our @CyberTibiAtya looks at how internal chatbot systems, built on private large language models, can support forensic investigations. He shows how AI can help find important

A few years back, we looked at the security of kids’ GPS tracker watches. They were meant to keep children safe, but we found the opposite. It was possible to spoof locations, activate microphones, and even use the watches to send premium-rate SMS and influence the outcome of

At the WiTCH - Women in Tech & Cyber Hub event, our Shelley Booker joined the panel to talk about what a path into cybersecurity looks like. It wasn’t about perfect CVs. It was about real experiences, career changes, building trust, and finding your way in a fast-moving

🔧 Right to repair, but not to fix security?. Framework’s philosophy empowers users to open, upgrade, and repair their devices. But with great openness comes a security catch. On the Framework 13, pressing the chassis intrusion switch 10 times resets the BIOS, removing

A critical vulnerability in old Telerik software gave an attacker remote code execution on an SFTP-only Windows server. That meant they didn’t need credentials, antivirus didn’t trigger, and default log sizes meant almost nothing useful was captured. From there? PowerShell

One weakness in a single device could affect thousands. That could put real pressure on the grid. To comply, manufacturers must meet the ETSI EN 303 645 cybersecurity standard as a baseline by late 2026 or early 2027. 📌Read More: #SmartHeatPumps

Weak or compromised passwords are still one of the most common ways attackers get into an organisation’s network. That’s why running password audits in Active Directory is so important. But smaller companies often don’t have the time, budget, or resources to do them regularly.

Pet owners were asked to pay renewal fees, but to a site they’d never signed up to. The emails looked convincing because they included real details about their pets and themselves. We traced it back to weaknesses in some UK microchip databases. Shared vet logins. No MFA.

For years, maritime systems weren’t built with cybersecurity in mind because they didn’t need to be. Ships weren’t connected. That changed with VSAT and SATCOM, bringing always-on internet access at sea. Connectivity exposed deep technical debt. Critical onboard systems like

Our latest blog post explains the wide-reaching impact of the UK Cyber Security & Resilience Bill and shows why it demands attention now—not in 2026. The bill significantly extends existing regulations like NIS. It brings managed service providers, large data centres, and

We turned a car into a Mario Kart controller! 🏎️🎮. At PTP Cyber Fest, attendees used the steering wheel, pedals, and brakes of a real Renault Clio to play SuperTuxKart. We tapped into the CAN bus with cheap wire splicers. Mapped the signals using Python. We even wrote our

Our @TheKenMunroShow recently spoke at the @ISACAWinchester Chapter’s 15th anniversary AGM, presenting various topics in the world of transport cybersecurity. Real-world vulnerabilities, such as those in ships, planes, and cars, often go unnoticed when software interacts with

A strict-looking content security policy isn’t always a secure one. During a recent engagement, we came across a policy that had all the right bits on paper including nonces, locked-down sources, and everything you'd expect. But one missing directive "base-uri" was all it took

Android AI UX is great until it leaks your data. In our latest blog post, David Lodge looks at how features like Circle to Search can accidentally capture and upload sensitive information from your Android phone. It is a reminder that security controls like FLAG_SECURE are no