Threat Brief: Supply-Chain, Trusted Vendor Attack Surfaces Rising
An uptick in third-party and vendor compromises shows how attackers are targeting trust chains. Here’s what to fix right now before your partners become your breach vector.
Security news, explainers, and the craft — built for practitioners
Short, practical writing on hacking, defensive strategy, and operational security.
Latest News
Breaking updates and industry coverage
Threat Brief: Qantas Leak and Oracle Zero‑Day
This week’s brief focuses on two major events: a data leak impacting Qantas and dozens of other companies, and a zero‑day vulnerability exploited in Oracle’s E‑Business Suite
SIM Farm Discovered by Federal Agents
Investigators reference organized crime and possible foreign links, but no public arrests yet.
Cyber Outage Alert: CrowdStrike Hit by Major Disruption
The disruption, stemming from a junior engineer pushing out a bad update, has left many businesses offline, vulnerable and scrambling to secure their systems.
Laundering site Sinbad seized
Cryptocurrency mixers, like Sinbad, allow users to deposit crypto, which is then mixed among various wallet addresses to obscure its traceability.
Not my dearest Okta :(
Cybersecurity month may be over, but the breaches don't stop.
Featured Articles
Deep dives, tutorials, and analysis
Announcing Redteam Relay News
After building Redteam Relay as my practitioner’s notebook, I’m extending it to deliver a focused news feed. The core mission doesn’t change: short, practical writing on hacking, defensive strategy and operational security. This site blends offensive perspective with defensive execution to help you move quickly. Making timely news part of that was the logical next step.
Fending off the Lynx Group Ransomware
A short write-up of how we mitigated an attack for a client
Cyber Warfare in the Middle East: A Growing Concern
This is my way of bringing some of the conflict to light.
Emerging Threat Alert: ShadowSyndicate
Cybersecurity experts have exposed a new cybercrime entity named ShadowSyndicate (formerly Infra Storm), which may have harnessed up to seven different ransomware families in the past year.
Exciting News: October is Cybersecurity Awareness Month!
Get ready to dive deep into the world of digital defenses because October is Cybersecurity Awareness Month!
Enter Snatch: A ransomware-as-a-service (RaaS) operation
They've been active since 2018 and are back in the spotlight this week.
Insider Threat Alert: Meet Gold Melody – The Cybercrime Group Selling Your Company's Secrets!
Today, let's delve into one of the most intriguing threat actors: insiders selling access to your very own organization!
Turning Security Awareness into Security Culture!
Let's take a dive into the culture of security together.
TeamsPhisher Tool Release by Navy's Red Team
You can take a look at the tool and its operation in the picture here.
Explore Topics
Navigate by category
Red Team Commands
250+ adversary simulation commands
Hacking Operating Systems
Kali, Parrot, BlackArch & more
Curated Toolset
100 security tools & automation
Practical Guides
100+ how-to guides & tutorials
Certifications
Your 2025 certification roadmap
Practice Labs
100+ hands-on training platforms
AI/LLM Jailbreaks
2025 prompt injection techniques
Methodologies
Attack frameworks & kill chains
Cheat Sheets
Quick reference for common attacks
Resources
Essential security frameworks
Essential Resources
Curated security frameworks and references
MITRE ATT&CK
Adversary tactics & techniques
OWASP Top 10
Web application security risks
CIS Controls
Critical security controls
NIST Framework
Cybersecurity framework
SANS Top 25
Most dangerous software weaknesses
CVE Database
Common vulnerabilities & exposures
Exploit Database
Public exploit archive
HackerOne Directory
Bug bounty programs
Author Spotlight
Meet the mind behind the content
