External network, web application, internal, API, cloud, social engineering: the types of penetration testing explained, with a practical guide to deciding which your business should commission first.
Rebecca Sutton
Rebecca Sutton
Rebecca is a dedicated cybersecurity writer who specialises in transforming complex technical concepts into clear, accessible content. With a strong background in IT and a passion for digital security, she produces insightful articles, guides, and thought-pieces that bridge the gap between technical experts and wider audiences.
-
-
Three critical Fortinet FortiSandbox vulnerabilities are being actively exploited. Here is what your team needs to check, patch and verify before attackers get there first.
-
Penetration test costs in the UK range from £2,500 to £25,000, but the number depends entirely on scope. This guide helps you work out what you need before you ask …
-
A now-patched Microsoft Copilot vulnerability let attackers steal emails, MFA codes and files with one click. The fix is in, but the underlying dynamic: AI tools with sweeping access inside …
-
A CDN-level supply chain attack backdoored over 1.2 million WordPress sites via OptinMonster, TrustPulse and PushEngage. Here is exactly what to check and how to clean up.
-
Penetration testing is a controlled attack on your own systems to find exploitable weaknesses before real attackers do. This guide covers how it differs from a vulnerability scan, the main …
-
MIT’s Fractal OS found three previously unknown security behaviours in the Apple M1, including the first confirmed Phantom speculation on Apple Silicon. The findings say less about how dangerous the …
-
The Gentlemen ransomware group has claimed 478 victims — including a UK business used to breach a client — by exploiting unpatched VPN appliances and spending weeks inside networks before …
-
ShinyHunters exploited CVE-2026-35273 for nearly two weeks before Oracle published any advisory. The flaw is serious — but the disclosure gap is the structural failure that put 100 organisations at …
-
Velvet Ant’s decade inside a target network reveals a gap that affects most security programmes: the tools used to report security health are not designed to detect a Linux PAM …