Insights

    Blog and Knowledge

    Insights from ethical hackers on the front lines of cybersecurity. Practical guidance, threat intelligence, and lessons learned from real security engagements.

    AI Security

    Agentic AI Supply Chain Security: When Your Agent's Skills Become the Attack Path

    Agent skills, plugins and MCP servers are executable code, not passive configuration. CVE-2026-25253 was the first CVE ever assigned to an agentic AI system. Here is how to test and harden the supply chain behind your agents.

    July 2026
    Read more
    AI Security

    Your AI Agent Can Reach Your Production Database. Have You Tested That?

    Coding agents and MCP servers hold real access to your code, CRM, and production. A prompt is not a permission layer. Here is what to test and why it matters.

    June 2026
    Read more
    AI Security

    Is Your Vibe-Coded App Leaking Data? Why AI-Built Dashboards Need a Pentest

    Anyone can now build a working app from a text prompt with tools like Lovable or Bolt, and those apps reach production with broken authorisation and exposed data. Scanners miss it. Here is what a pentest on a vibe-coded app finds, and why the platform's own checks will not save you.

    June 2026
    Read more
    Cloud Security

    Cloud IAM Pentesting: The Identity Misconfigurations Attackers Actually Exploit

    A cloud IAM pentest and configuration audit reveal whether role assignments, PIM gaps, conditional access scope, and service principal sprawl in Entra ID, AWS, and GCP can actually be exploited.

    June 2026
    Read more
    Social Engineering

    Deepfake Vishing: When Employees Can No Longer Trust a Familiar Voice

    AI voice cloning can now convincingly impersonate an executive or IT support call. We look at how deepfake vishing works and what actually stops it.

    June 2026
    Read more
    AI Security

    How to Discover Shadow AI in Your Organisation

    Shadow AI hides across identity, SaaS, endpoints, code and cloud, and no single tool sees all of it. Here is how to discover unapproved AI tools with the logs you already have, and where a one-time audit stops and human validation begins.

    June 2026
    Read more
    Pentesting

    From a Misconfigured Grafana to 507 Private Meta Repos: A Bug Worth $157K

    A routine recon flag on a public Meta IP running an open Grafana grew into a five-hop chain that ended at 507 private Meta repositories. We proved impact without cloning a single file. Meta awarded $157K.

    May 2026
    Read more
    Pentesting

    Retest included in every pentest

    A pentest without a retest is only half the job. Here is what a retest is, why verifying your fixes matters, and why Sectricity always includes the retest and report in the price.

    May 2026
    Read more
    CEO Fraud

    What is CEO Fraud? Executive Impersonation Attacks Explained for Finance Teams

    CEO fraud is a targeted form of Business Email Compromise where criminals impersonate senior executives to trick finance or HR staff into making urgent payments or sharing sensitive data. This guide explains how the attacks work, why they succeed, and which concrete procedures reliably stop them in 2026.

    May 2026
    Read more
    Hacked

    Am I Hacked? 10 Warning Signs and What to Do Next

    Think you might be hacked? Learn the 10 most reliable warning signs of compromise, the first 5 actions to take in order, and when to call professional incident response support.

    May 2026
    Read more
    Pentesting

    What is a Vulnerability Assessment?

    A vulnerability assessment scans for known weaknesses, but scanning alone never tells the whole story. Here is what it covers, where it stops, and why human validation turns a raw list into real risk.

    April 2026
    Read more
    Awareness

    What is Swishing?

    Most phishing training is forgotten within weeks. Swishing turns phishing awareness into a game, so people practise catching attacks in realistic scenarios and actually keep what they learn.

    April 2026
    Read more
    Phishing

    What is Smishing?

    Smishing is phishing via SMS or WhatsApp. This article explains what smishing is, why it works so well, typical attack scenarios, and how companies protect their employees with simulations, processes and awareness training.

    April 2026
    Read more
    Social Engineering

    What is Social Engineering?

    Social engineering is the most effective attack technique in modern cybercrime because it targets people instead of systems. This article explains what social engineering is, the main variants, why it works so well, and what companies can concretely do to make their people resilient.

    April 2026
    Read more
    Phishing

    What is Phishing?

    Phishing does not succeed because of technology, but because of timing, context and human reflex. This article explains what phishing is, which types exist and how companies reduce successful attacks.

    April 2026
    Read more
    Red Teaming

    Red Teaming: When Your Organisation Needs More Than a Pentest

    A penetration test tells you where vulnerabilities exist. A red team exercise tells you whether your organisation can detect, contain, and respond to a real attack. This guide explains what red teaming is, when you need it, and how it differs from a standard pentest.

    March 2026
    Read more
    AI Security

    Prompt Injection Explained: How Attackers Manipulate Your AI Systems

    Prompt injection is the most common attack against AI systems in production. This guide explains how it works, why standard security controls miss it, and what you can do to reduce the risk before the EU AI Act deadline hits.

    March 2026
    Read more
    Social Engineering

    Social Engineering Assessment: What We Test and Why It Matters

    Phishing filters and endpoint protection stop most automated attacks. Social engineering targets the one thing no filter can block: your people. This guide explains what a social engineering assessment tests, how each technique works, and what your organisation learns from it.

    March 2026
    Read more
    Phishing

    How to Solve Phishing Structurally: Identity, Telecom and Payments

    Phishing keeps working because the underlying systems still allow impersonation. This article looks at identity, telecom and payment-side controls in the EU and shows which interventions actually reduce damage structurally.

    March 2026
    Read more
    Awareness

    Security Awareness Training: Why It Matters and How to Build a Programme That Works

    Most breaches start with human error. Security awareness training reduces that risk, but only if it goes beyond annual e-learning. This guide covers what works, what does not, and how to build a programme your staff will actually remember.

    March 2026
    Read more
    Compliance

    AI, NIS2, and the EU AI Act: What Security and Compliance Teams Need to Do After the May 2026 Digital Omnibus Agreement

    NIS2, the EU AI Act, and DORA now converge on organisations deploying AI. After the May 2026 Digital Omnibus agreement, deadlines shifted to 2 December 2027 (Annex III) and 2 August 2028 (Annex I). This guide maps where the three frameworks overlap and how a single integrated assessment satisfies all three.

    February 2026
    Read more
    Compliance

    EU AI Act: What Does It Mean for Your Security and Compliance after the Digital Omnibus Agreement (May 2026)?

    The May 2026 Digital Omnibus agreement moved EU AI Act high-risk deadlines to 2 December 2027 (Annex III) and 2 August 2028 (Annex I). What does that mean for your AI security, compliance, and governance?

    February 2026
    Read more
    Compliance

    Incident Response Plan: What to Do in the First 72 Hours After a Cyberattack

    NIS2 and DORA require you to report significant incidents within 24 hours. Most organisations have no plan for the first 72 hours. This guide covers what an incident response plan must contain, who does what, and how to meet your regulatory reporting obligations under pressure.

    February 2026
    Read more
    Compliance

    Penetration Testing in the EU: What You Need to Know in 2026

    NIS2, DORA, the EU AI Act, and ISO 27001 all require security testing. This guide explains what each regulation demands, where they overlap, and how to build one testing programme that satisfies all four.

    February 2026
    Read more
    Compliance

    NIS2 Penetration Testing Checklist: What your auditor really wants to see in 2026

    Discover which penetration testing and security testing auditors really expect for NIS2 compliance across Belgium, the Netherlands and the EU. Includes a practical checklist, audit pitfalls and concrete steps to become provably compliant and audit-ready.

    February 2026
    Read more
    Pentesting

    Pentest Subsidies in Belgium: How the kmo-portefeuille and VLAIO Cut Your Security Costs

    Flanders now reserves its SME advisory subsidy exclusively for cybersecurity. What that means in practice: 45% off a pentest for small companies, and up to 50% for larger improvement tracks.

    February 2026
    Read more
    AI Security

    AI Systems Penetration Testing: How to Test the Security of an AI System

    AI systems introduce attack surfaces that standard penetration testing does not cover. This guide explains how to test the security of an AI system, what the EU AI Act requires, and how AI pentesting differs from conventional application security testing.

    January 2026
    Read more
    Cyber Insurance

    Cyber Insurance in 2026: What Insurers Require and How a Pentest Helps

    Cyber insurers are tightening requirements. Organisations without documented security testing, MFA, and incident response plans are facing higher premiums or outright exclusions. This guide explains what insurers actually assess and how a penetration test strengthens your position.

    January 2026
    Read more
    AI Security

    MCP Security: the new attack chain targeting AI Tools

    The Model Context Protocol (MCP) creates a new attack surface for AI agents and internal tools. Discover how attackers exploit MCP and how to protect your organization with AI security testing.

    January 2026
    Read more
    Pentesting

    How much does a Pentest cost? Realistic Security Costs in Belgium, the Netherlands and the EU

    Discover what a pentest really costs in 2026. See realistic EU price ranges, key cost drivers, and how pentesting supports compliance with NIS2, DORA and other.

    January 2026
    Read more
    Pentesting

    Pentest Checklist: what should you include in a Pentest engagement?

    Complete pentest checklist for companies. Learn what to include in a pentest engagement to test real risks and avoid critical blind spots.

    January 2026
    Read more
    Hacking

    What does a Hacker really do? From OSINT to Pentesting

    Hackers work deliberately, starting with public information and human behavior. This article shows how OSINT and realistic pentesting safely reveal how attackers would approach a company.

    December 2025
    Read more
    Awareness

    What do we mean by effective Security Awareness?

    Effective security awareness goes beyond knowing what phishing is. It is about how employees in companies respond under pressure, dare to report mistakes, and make the right decisions in realistic situations.

    December 2025
    Read more
    Phishing

    How to prevent Business Email Compromise (BEC): a Practical Guide

    Business Email Compromise (BEC) is a targeted scam where attackers impersonate executives or suppliers. Learn practical steps like MFA, verification procedures, and phishing testing to reduce risk.

    December 2025
    Read more
    Human Security

    Phishing Awareness: Practical Risk Reduction for Your Team

    Phishing awareness is a key part of cybersecurity awareness training. Phishing attacks exploit human behaviour through social engineering techniques such as appeals to urgency, authority, and trust.

    November 2025
    Read more
    Pentesting

    What is a full-scope Pentest?

    A full-scope pentest by ethical hackers demonstrates how a company can be truly attacked. Far more than automated scans alone: abuse scenarios, business logic flaws, attack chains, and clear, actionable reporting.

    November 2025
    Read more
    Red Teaming

    What is Red Teaming?

    Red teaming has moved from niche cybersecurity practice into the regulatory mainstream. This article explains what red teaming actually is, the six techniques red teamers use, how engagements unfold, three concrete examples, and which sectors should treat red teaming as essential rather than optional.

    October 2025
    Read more
    Pentesting

    API Security Testing: Why Your APIs Are Your Weakest Link

    APIs are the fastest-growing attack surface in modern applications. Most organisations test their web interfaces but leave their APIs inadequately assessed. This guide explains what API security testing covers, why APIs are disproportionately vulnerable, and what findings to expect.

    October 2025
    Read more
    Pentesting

    Web Application Penetration Testing: What Gets Tested and What It Reveals

    A web application penetration test goes beyond automated scanning. Human testers chain vulnerabilities, test business logic, and find what scanners miss. This guide explains what a web application pentest covers, how it differs from a vulnerability scan, and what findings to expect.

    October 2025
    Read more
    Threat Intelligence

    The Rise of AI-Powered Attacks: What Ethical Hackers Are Seeing

    Attackers are leveraging AI to craft more convincing phishing emails and automate reconnaissance. Here's what organisations should watch for.

    October 2025
    Read more
    PTaaS

    Annual Pentest or PTaaS? A Realistic Cost Comparison

    Should you choose an annual pentest or PTaaS with continuous security validation? This article compares costs, ROI and practical differences, helping companies make a realistic, risk-based decision.

    October 2025
    Read more
    Physical Pentest

    Physical Penetration Testing: What Testers Actually Find Inside Your Building

    Physical penetration testing tests whether the physical controls protecting your systems, data, and people actually work. Locked doors and access card systems fail more often than organisations expect. This guide explains what physical penetration testing covers and what assessors consistently find.

    September 2025
    Read more
    Pentesting

    Why Ethical Hacking makes companies stronger: 5 concrete benefits

    Ethical hacking gives companies insight into real attack paths, helps set the right priorities, and reduces incident risk. Discover 5 concrete benefits and how an ethical hacker strengthens your security.

    September 2025
    Read more
    Pentesting

    Penetration Testing vs. Vulnerability Scanning: Know the Difference

    Many organisations confuse automated scanning with real penetration testing. We explain the differences and when you need each approach.

    September 2025
    Read more
    Cloud Security

    Cloud Security Assessment: What Gets Reviewed and What Assessors Consistently Find

    Cloud misconfigurations are among the most common causes of data breaches. Most organisations have a well-tested on-premises environment and an undertested cloud environment. This guide explains what a cloud security assessment covers and what assessors consistently find.

    September 2025
    Read more
    Awareness

    Building a Security-Aware Culture: Beyond Annual Training

    Compliance checklists alone do not make an organisation secure. Policies, tools, and one-off training sessions help, but they do not change behaviour.

    August 2025
    Read more
    Zero Trust

    Zero Trust Security: What It Actually Requires and How to Test It

    Zero Trust means no user, device, or connection is trusted by default. This guide explains what Zero Trust actually requires in practice, how it maps to NIS2, and how penetration testing reveals whether your controls work as intended.

    August 2025
    Read more
    Social Engineering

    Social Engineering in the Remote Work Era

    Social engineering remains one of the most effective attack methods because it targets human behaviour. The shift to remote work has expanded both the attack surface and the need for stronger employee security awareness.

    July 2025
    Read more
    Awareness

    Security Awareness on Wheels

    Our exciting Security Escape Truck brings cybersecurity awareness directly to your doorstep, offering a unique combination of learning and collaboration.

    June 2025
    Read more
    Compliance

    Understanding NIS2: What European Organizations Need to Know

    The NIS2 directive expands cybersecurity requirements across the EU. Learn what's changing and how to prepare your organization for compliance.

    December 2024
    Read more

    Stay Informed

    Get the latest security insights delivered to your inbox. No spam, just practical guidance from ethical hackers.

    Subscribe to Updates

    Need Security Expertise?

    Our ethical hackers are ready to help secure your organisation.