Offensive
Security Blog

Security Perspective

Small Actions, Big Breaches: The Silent Offensive Against Your data

Oct 17, 2025

AI and SaaS have transformed how people work, but security hasn’t kept up. New data shows most data exposure now stems from human behavior—copy, paste, and upload actions inside unmanaged browsers and AI tools.

By Bishop Fox

Security Perspective

SaaS Threats are Escalating: A Follow-Up to Our Recent Analysis

Oct 14, 2025

SaaS attacks are accelerating fast. Our latest research and fireside chat with experts from AppOmni and Bishop Fox expose how threat actors are exploiting OAuth, targeting admins, and moving laterally across cloud apps—and what defenders can do to stop them.

By Christie Terrill

Security Perspective

Burp Variables: A Burp Suite Extension

Oct 10, 2025

Burp Suite has long been the industry standard for web application testing, thanks in large part to its extensibility. Bishop Fox has built on that tradition with Burp Variables, a new extension that fills a major gap in Burp’s workflow: variable handling.  

By Bishop Fox

Advisory

YoSmart YoLink Hub version 0382

Oct 2, 2025

The following document describes identified vulnerabilities in the YoLink Hub smart device version 0382.

By Nick Cerne

Technical Research

How a $20 Smart Device Gave Me Access to Your Home

Oct 2, 2025

Bishop Fox research uncovered zero-day vulnerabilities in the YoLink Smart Hub. Anyone using the YoLink Smart Hub v0382 is at risk.

By Nick Cerne

Security Perspective

What Does “Good” Look Like in Red Teaming

Sep 22, 2025

Most red team exercises fail to deliver real value. They check compliance boxes but don't address actual business risks. Learn the difference between good and bad offensive security, plus the strategic framework that transforms red teaming from expense into ROI.

By Trevin Edgeworth

Security Perspective

State of the SaaS Security Union

Sep 16, 2025

Two threat groups are exploiting SaaS at scale: one with phishing and data theft, the other with nation-state level tactics exploiting integrations and credentials. Here’s what you need to know and how to protect against the next wave.

By Brian Soby Bio

Technical Research

Demystifying 5G Security: Understanding the Registration Protocol

Sep 4, 2025

5G networks face critical security gaps during device registration. Despite improved architecture, unprotected initial messages and weak encryption negotiation create attack windows. Learn how to identify and mitigate these vulnerabilities.

By Drew Jones

Security Perspective

The Top Reasons Security Leaders Choose Red Teaming

Aug 27, 2025

Security leaders are turning to red teaming to test defenses against real-world adversaries. From validating investments to sharpening blue team skills, discover why this strategy is becoming a must-have for organizations serious about cyber resilience.

By Trevin Edgeworth

Security Perspective

From Talent Shortage to Cybersecurity Talent Pipeline

Aug 21, 2025

Cybersecurity faces a paradox: millions of jobs go unfilled while eager newcomers struggle to break in. This blog explores why the gap exists—and how mentorship, realistic hiring, and early-career programs can transform the shortage into a sustainable talent pipeline.

By Alethe Denis

Technical Research

Vulnerability Discovery with LLM-Powered Patch Diffing

Aug 15, 2025

Read our most recent research to see how LLMs can assist in scaling patch diffing workflows, saving valuable time in a crucial race against attackers.

By Jon Williams

Security Perspective

Building Security at Scale: The AppExchange Story

Aug 11, 2025

In our interview hosted by Bishop Fox CEO Vinnie Liu with guests Brendan O’Connor, CEO of AppOmni and James Dolph, CISO at Guidewire, we uncovered the fascinating origin story of Salesforce's AppExchange.

By Bishop Fox Researchers

Technical Research

Next-Level Fingerprinting: Tools, Logic, and Tactics

Aug 6, 2025

Explore how combining AI-assisted research with real-world data and signature normalization can significantly improve fingerprinting capabilities.

By Aaron Ringo

Culture

Fox Den Pull List: Our Favorite Comics

Jul 17, 2025

At Bishop Fox, thinking like an adversary comes naturally. So it’s no surprise that comics—where power, perspective, and outsider thinking collide—resonate deeply with our team. Ahead of Comic-Con 2025, we asked our Foxes: what comics still stick with you?

By Bishop Fox Researchers

Technical Research

You’re Pen Testing AI Wrong: Why Prompt Engineering Isn’t Enough

Jul 9, 2025

Conventional pen testing methods fall short with LLMs. Static prompt tests miss adversarial context manipulation and latent model behaviors. Explore how to test AI systems like an attacker.

By Brian D.

Technical Research

Sitecore Experience Platform Vulnerabilities: Critical Update Needed for Versions 10.1 to 10.3

Jun 26, 2025

Critical vulnerabilities in Sitecore Experience Platform versions 10.1–10.3 could allow unauthenticated attackers to gain full system access through a simple exploit chain. Learn what’s at risk—and how to defend against it.

By Bishop Fox Researchers

Technical Research

Sipping from the CVE Firehose: How We Prioritize Emerging Threats for Real-World Impact

Jun 25, 2025

With tens of thousands of CVEs flooding in each year, how do you spot the ones that actually matter? At Bishop Fox, we’ve built a smarter way to cut through the noise and act fast on real-world threats. Here’s how we prioritize CVEs that truly impact our customers.

By Nate Robb

Technical Research

2025 Red Team Tools – Cloud & Identity Exploitation, Evasion & Developer Libraries

Jun 18, 2025

Explore the next wave of Red Team tools focused on cloud, identity, evasion, and developer libraries—where stealth, creativity, and adaptability matter more than flashy features. Learn how Bishop Fox operators turn techniques into strategic advantage.

By Bishop Fox

Technical Research

2025 Red Team Tools – C2 Frameworks, Active Directory & Network Exploitation

Jun 4, 2025

Explore our top Red Team tools for 2025—from powerful C2 frameworks to Active Directory and network exploitation utilities. Built for real-world adversary emulation, this toolkit is your edge in offensive security. Dive into part one of our expert-curated series.

By Bishop Fox

Technical Research

Before You Red Team: Fix These 5 Common Mistakes

May 9, 2025

Attackers exploit the same 5 mistakes time and again. Red Teams spot the patterns, in this blog you will learn how to fix what adversaries count on.

By Trevin Edgeworth

Advisory

SonicWall Sonicos Versions 7.1.x and 8.0.x

Apr 24, 2025

Bishop Fox staff identified a vulnerability in SonicWall SonicOS 7.1.x and 8.0.x that allowed them to cause an affected NSv virtual appliance to reboot by sending unauthenticated requests to specific API endpoints, resulting in a denial-of-service condition.

By Jon Williams

Security Perspective

The Promise and Perils of AI: Navigating Emerging Cyber Threats - A Dark Reading Panel

Apr 16, 2025

This video showcases leading voices in cybersecurity explaining their examinations into how AI is simultaneously transforming cyber defense and supercharging attacker capabilities. Together, they explored how GenAI is reshaping the threat landscape and what security leaders must do to adapt.

By Rob Ragan

Technical Research

Epic Fails and Heist Tales: A Red Teamer’s Journey to Deadwood

Mar 31, 2025

Bishop Fox's, Alethe Denis, recaps and provides key insights from her talk, Epic Fails and Heist Tales: Red Teaming Toward Truly Tested Security, at Wild West Hackin' Fest.

By Alethe Denis

Technical Research

Rust for Malware Development

Mar 24, 2025

In this blog, Bishop Fox's Nick Cerne, will compare developing malware in Rust compared to its C counterparts and develop a simple malware dropper for demonstration.

By Nick Cerne