Bishop Fox
AIMap: Open-source tool finds and tests exposed AI endpoints
Public-facing Ollama servers, MCP endpoints, and inference proxies have multiplied across the internet over the past year, often deployed without authentication or rate …
Critical Fortinet FortiClient EMS bug under active attack (CVE-2026-21643)
A critical SQL injection vulnerability (CVE-2026-21643) in Fortinet FortiClient Endpoint Management Server (EMS), a management server for FortiClient endpoint agents on …
5,000+ SonicWall firewalls still open to attack (CVE-2024-53704)
5,000+ SonicWall firewalls are still vulnerable to attack via a high-severity vulnerability (CVE-2024-53704) that, according to SonicWall, should be considered “at …
AI framework vulnerability is being used to compromise enterprise servers (CVE-2023-48022)
Attackers are leveraging a vulnerability (CVE-2023-48022) in Anyscale’s Ray AI software to compromise enterprise servers and saddle them with cryptominers and reverse …
CloudFoxable: Open-source AWS penetration testing playground
CloudFoxable is a capture-the-flag (CTF) style learning platform you can deploy to your playground AWS account. It primarily targets current penetration testers seeking to …
Bishop Fox expands social engineering adversarial emulation services
Bishop Fox has expanded its social engineering testing services, which are an integral part of the company’s Red Team portfolio. In contrast to narrow and rudimentary security …
Red teaming can be the ground truth for CISOs and execs
This year, against the backdrop of attacks on everyone from healthcare institutions and schools to financial services organizations, as well as the introduction of legislation …
The most frequently reported vulnerability types and severities
Bishop Fox collected and analyzed publicly disclosed reports from January to July 2022 to better understand the most frequently reported vulnerability types, the …
Bishop Fox appoints Patty Wright as SVP and GM of consulting
Bishop Fox announced the appointment of accomplished industry executive, Patty Wright, as senior vice president and general manager of consulting. Wright brings a wealth of …
How micro-segmentation creates an uphill battle for intruders
The past few years have seen a major shift in security strategies from looking outward for external threats to detecting and defending against adversaries that have already …
Red teaming: Why a forward offense is the best defense
Companies are under constant threat. Opportunistic attackers scan the internet for weak points, motivated attackers target specific organizations for susceptibility to a scam …
Is your perimeter inventory leaving you exposed? Why it’s time to switch from IP to DNS
Historically, security teams and tools have used IP addresses to define their targets and scopes. But in a world where applications and networks are increasingly cloud-hosted …
Featured news
Resources
Don't miss
- Microsoft May 2026 Patch Tuesday: Many fixes, but no zero-days
- Stealthy hackers exploit cPanel flaw in active backdoor campaign (CVE-2026-41940)
- Amazon Quick authorization bypass let users reach blocked AI chat agents
- Download: The IT and security field guide to AI adoption
- JetBrains TeamCity vulnerability allows privilege escalation, API exposure (CVE-2026-44413)