As AI tools fill submission queues with low-value findings, VDP teams are being overwhelmed by trivial duplicates, automated XSS reports, and submissions that don’t help security teams fix real issues. As a result, important findings are increasingly delayed, missed, or buried in

🛜 Pentesting Bluetooth: A few blogs on Hacking Bluetooth Low Energy 1. https://t.co/nGlSkQBecs 2. https://t.co/eDT98wGGRz 3. https://t.co/h9BvPuPwZt authors: @hacktricks_live / @attifyme

Our Ross Donald took a look at Eurostar’s public AI chatbot and found four security issues, including guardrail bypass, prompt injection, weak conversation binding, and HTML injection. The chatbot UI suggested strong controls, but server side enforcement was incomplete. By

Misconfigured Kubernetes clusters are still one of the easiest ways attackers get in. In this blog post, Craig Dowey breaks down the common Kubernetes misconfigurations we see in testing and shows how to lock down access, harden workloads, and enforce pod security admission

Eurostar AI vulnerability: when a chatbot goes off the rails - https://t.co/u015cLOlq6 by @PenTestPartners TL;DR > Found four issues in Eurostar’s public AI chatbot including guardrail bypass, unchecked conversation and message IDs, prompt injection leaking system prompts, and

We investigated a macOS infostealer variant that, at the time, had not been recorded in the wild. Delivered via a single copy and paste terminal command disguised as a Homebrew installer, the malware harvested credentials, staged user data, and attempted exfiltration using only

Nothing says “I work @PenTestPartners” more than standing in front of an audience & having a huge butt plug on the slide behind you! 🤣😉

One team, one brewery, and a year’s worth of stories to share at #PTPCON 2025. 🎉 #ptpcon #companyevent #cybersecurity #teamculture #alcoholfreeoptionsrock

Exploiting Copilot AI for SharePoint https://t.co/Ah4d3hEkw6 KQL Monitor: https://t.co/ltNa29pBsJ

It’s that #5pmFriday time again & today has been a great day for meeting up with colleagues & hanging out with G-BOAC another bad ass #GenX babe! Looking forward to our @PenTestPartners party this evening.

Hg's Digital Forum began this AM with 150 leaders focusing on ‘Business Agility in Uncertain Conditions’. So far: modern data stacks @jthandy; diversity in tech w.@awscloud & @E2ONA; and how smart dolls can be hacked to swear at your kids from Ken Munro of @PenTestPartners!

Pentesting Bluetooth: The Practical Guide to Hacking Bluetooth Low Energy 1. https://t.co/nGlSkQBecs 2. https://t.co/kkUqYO4Syk 3. https://t.co/h9BvPuPwZt #infosec #bluetooth

Every day a different floor at the cosmo. Thanks for having me over @PenTestPartners & @SecureAerospace!

We often find built-in Windows defences disabled or misconfigured during assessments. Those same controls can help stop credential theft, boot-level malware, and memory attacks when properly configured. In our latest blog post, Nicole walks through five Windows security features

“Certification is a real learning point. Researchers have to learn the process & understand that following a typical disclosure timeline of 90 days does not work when recertifying those systems can take up to 2 years replace those with aircraft” @TheKenMunroShow, @PenTestPartners

Well there we have it @TheKenMunroShow @PenTestPartners you end up in the Deutsche Espionage Museum and you find the filthy mouthed doll #Cayla and a few toys too #cybersecurity

Bypassing MFA on Microsoft Azure Entra ID https://t.co/X33jjOTIxp #Pentesting #Bypassing #Azure #CyberSecurity #Infosec

𝗖𝗼𝗻𝗳𝗲𝗿𝗲𝗻𝗰𝗲 - 𝗥𝗲𝘀𝗶𝗹𝗶𝗲𝗻𝘁 𝗜𝗼𝗧 + 𝗧𝗿𝘂𝘀𝘁𝗮𝗯𝗹𝗲 𝗔𝗜 𝗦𝗽𝗲𝗮𝗸𝗲𝗿 𝗦𝗽𝗼𝘁𝗹𝗶𝗴𝗵𝘁𝘀 & 𝗦𝗲𝘀𝘀𝗶𝗼𝗻 𝗜𝗻𝘀𝗶𝗴𝗵𝘁𝘀 Ken Munro, Founder and Partner at @PenTestPartners, will explore the growing privacy risks in IoT devices — where data collection

Oh look we're building cyber security unicorns again 🦄 @PenTestPartners do you still have the stickers?