Alert: GitHub Bug Exposed Webhook Secrets to Recipient Endpoints
GitHub notified users on April 14th 2026 of a bug that caused webhook secrets to be leaked to recipient endpoints between September 2025 and January 2026.
Founder of Exploitr. OSCE and OSCP certified. I've spent 12+ years breaking into systems to help UK and international businesses understand their real security risks.
What to Expect During a Web Application Penetration Test
You’ve defined the scope, received a quote, signed off on the statement of work, and agreed on a start date.…
Dependency Pinning for npm: Defending Against Supply Chain Attacks
Supply chain attacks like the Axios compromise exploit unpinned dependencies. Learn how to lock your npm dependency tree, block malicious install scripts, and harden your CI/CD pipeline.
Secure your email with MTA-STS
Mail Transfer Agent Strict Transport Security (MTA-STS) is a security mechanism that enables mail providers to state that they’re able to receive TLS (Transport Layer Security) secured SMTP connections. It also allows recipient mail servers to inform senders to refuse delivery to mail servers that do not offer TLS.
Authentication Security for SaaS Startups: What to Get Right
A practical guide to authentication security for SaaS startups. Passwords, MFA, session management, and the mistakes we find most often in real-world testing.
Is Your Penetration Test Leaking Data to Third-Party AI?
AI penetration testing tools may be sending your sensitive data to third-party LLMs without your knowledge. Before you sign a contract, here are the questions your vendor should be able to answer.
LLMNR (Link-Local Multicast Name Resolution) Poisoning Attack
What is LLMNR? Link-Local Multicast Name Resolution (LLMNR) is a network protocol that acts as a fallback mechanism for DNS…
Scoping a Network Assessment: What to Expect From Your First Pentest
Following on from our previous blog post on scoping a web application assessment, we’ll be taking a look at what…
Scoping a Web App Assessment: What to Expect From Your First Pentest
Your business or organisation is planning to have a penetration test – but you’ve never had one before. Let’s run…