Advertisement · 728 × 90

Posts by Bishop Fox

Post image

We’ll be at #SparkCon this weekend ⚡️

Come talk real-world threats, meet the team, and grab some swag: bishopfox.com/events/meet-...

3 days ago 0 0 0 0
Post image

AI is supposed to “automate” security, but what does that actually mean?

That's what we're exploring with a panel of AI security experts today at 2 p.m. ET

Save a seat: bishopfox.com/resources/ai...

4 days ago 0 1 0 0
Video

Good security conversations shift to what teams do next.

AVP of Consulting Zach Moreno on how evolving threats are changing priorities, especially around external attack surface and dependency risk.

Full episode: bishopfox.com/resources/pr...

6 days ago 0 0 0 0
Post image

ICYMI: FortiClient EMS Auth Bypass (CVE-2026-35616)

Unauthenticated attackers can bypass cert-based auth via header spoofing + weak validation.

Exploitation confirmed in the wild.

Patch now or upgrade to 7.4.7.
We also released a safe detection tool: bishopfox.com/blog/api-aut...

1 week ago 0 0 0 0
Preview
Delivered by Trust: What the Axios Supply Chain Attack Means for… The Axios supply chain attack reveals hidden risks in trusted dependencies—and what security leaders must do to defend against them.

Breakdown + next steps: bishopfox.com/blog/deliver...

1 week ago 0 0 0 0
Post image Post image Post image Post image

The Axios supply chain attack is a reminder that trusted software can still introduce risk.

Malicious package versions were distributed through normal install workflows, leading to remote access and potential compromise.

1 week ago 0 0 1 0
Post image

Thank you Brian Donohue and Tony Lambert for taking the time to come on the WedOff to lead a fantastic discussion about RMM threats!

Next week we have @alethe.bsky.social from @bishopfox.bsky.social

See you there 🔗 redsiege.com/wedoff

#hacking #infosec #cybersecurity

1 week ago 2 1 0 0
Preview
Tactics of Deception: Protecting Trust and Purpose Explore modern social engineering threats using AI, deepfakes, and impersonation, and learn how to protect organizations from deception-driven attacks.

🔴 LIVE NOW

Social engineering isn’t just phishing anymore. It's evolved to deepfakes, voice cloning, and real-time impersonation.

Join Senior Security Consultant II @alethe.bsky.social in Tactics of Deception: Protecting Trust and Purpose: bishopfox.com/resources/ta...

1 week ago 0 0 0 0
Malvertising, Trusted Tools, Real-Time Attacks & Shrinking Windows
Malvertising, Trusted Tools, Real-Time Attacks & Shrinking Windows YouTube video by Bishop Fox

From Initial Access: youtu.be/FNrIFZwwFzU

1 week ago 0 0 0 0
Video

A fake Zoom call.
A quick “update.”
And the user does the rest.

1 week ago 1 0 1 0
Advertisement
Post image

Part 1 gave the foundation. Part 2 goes deeper.

Inside Cirro: Schemas and Extensible Identity Graphs
April 7 | 2 p.m. ET

Leron Gray breaks down how Cirro approaches extensibility and identity risk at scale.

Register: bishopfox.com/resources/wo...

2 weeks ago 0 0 0 0
Post image

🔴 Happening now: Mapping Attack Paths in Azure

We’re live with Part 1 of our Inside Cirro workshop.

If you’re looking to better understand how identity, roles, and resources connect and how attack paths actually form in Azure join us now.

You can still jump in: bishopfox.com/resources/wo...

2 weeks ago 0 0 0 0
Preview
Workshop Series: Inside Cirro Explore the Cirro workshop series covering Azure attack path mapping and extensible identity graphs, plus access the tool and register for sessions.

Register on our site or join via Discord: bishopfox.com/resources/wo...

3 weeks ago 0 0 0 0
Post image

Happening Tomorrow: Mapping Attack Paths in Azure

In Part 1 of our Inside Cirro workshop series, Leron Gray walks through how graph-based modeling helps uncover:

• Attack paths
• Privilege propagation
• Identity-driven risk in Azure and Entra ID

3 weeks ago 0 0 1 0
Preview
Workshop Series: Inside Cirro Explore the Cirro workshop series covering Azure attack path mapping and extensible identity graphs, plus access the tool and register for sessions.

Register once for both: bishopfox.com/resources/wo...

3 weeks ago 0 0 0 0
Post image

We’re launching a new open-source tool, Cirro, along with a two-part workshop series on how it works!

The sessions cover mapping attack paths in Azure and modeling identity relationships to better understand risk.

March 31 & April 7 | 2 p.m. ET

3 weeks ago 1 0 1 0
Preview
strongSwan CVE-2026-25075: Integer Underflow in VPN Authentication Bishop Fox analyzes a strongSwan vulnerability enabling unauthenticated VPN disruption, with a testing tool and guidance to upgrade to version 6.0.5+.

Full write-up + safe testing tool: bishopfox.com/blog/strongs...

3 weeks ago 0 0 0 0
Post image

🚨 New research from Bishop Fox: CVE-2026-25075

An integer underflow in strongSwan’s EAP-TTLS parser allows unauthenticated attackers to crash VPN services.

The vulnerability affects versions going back over 15 years.

Upgrade to 6.0.5 or disable EAP-TTLS.

3 weeks ago 0 0 1 0
Preview
The Role of AI in Modernizing Enterprise Application Security Learn how AI assisted security testing strengthens enterprise AppSec, expands coverage at scale, and improves protection across application portfolios.

🔴 Now Live

The Role of AI in Modernizing Enterprise Application Security

How do you scale security testing across complex enterprise environments?

Join Zach Moreno as he breaks down how AI is helping teams expand coverage without sacrificing depth.

bishopfox.com/resources/th...

3 weeks ago 0 0 0 0
Video

“If I found an iOS exploit… I might just sell it and retire.”

iOS exploits are rare, expensive, and usually not something you just stumble across.

Leron Gray & Thomas Wilson on:
• why iOS is harder to exploit
• who typically has access
• the tradeoff between security & openness

1 month ago 1 0 0 0
Advertisement
Post image

Some puzzles take time.

Happy Pi Day from Bishop Fox 🥧

1 month ago 0 0 0 0
Post image Post image Post image

Saturday Presentations:

1 month ago 0 0 0 0
Post image Post image Post image Post image

Friday Presentations:

1 month ago 0 0 1 0
Post image Post image

Bishop Fox will be well represented at #HackGDL this week!

Our team is presenting research and workshops on cloud security, hardware hacking, application security, reverse engineering, and career growth in cybersecurity.

bishopfox.com/events/bisho...

1 month ago 0 0 1 0
Post image

AI agents inside developer environments introduce a new trust question:

How much autonomy should they actually have?

In this clip, Shad Malloy explains why applying least autonomy to agents may be the safest approach, essentially extending the idea of least privilege to AI systems.

1 month ago 0 0 0 0
Post image Post image Post image Post image

Introducing CloudFox GCP

A new extension of CloudFox designed to help practitioners assess Google Cloud environments from an attacker’s perspective.

Now on GitHub: bishopfox.com/blog/introdu...

1 month ago 0 0 0 0
Preview
The Role of AI in Modernizing Enterprise Application Security Learn how AI assisted security testing strengthens enterprise AppSec, expands coverage at scale, and improves protection across application portfolios.

bishopfox.com/resources/th...

1 month ago 0 0 0 0
Post image

Enterprise application portfolios are bigger and more complex than ever.

But most testing models were built for a much smaller world.

Join our session with Zach Moreno on how AI-assisted testing can help security teams scale coverage across modern enterprise environments.

March 24 | 2 p.m. ET

1 month ago 1 0 1 0
Video

Most underrated engineering principle?

YAGNI.

If you’re building for a future that doesn’t exist yet, you’re adding complexity.

From our recent tool building workshop on Discord.

1 month ago 10 2 1 0
Advertisement

* Sliver 😉 Thanks for including us!

1 month ago 0 0 0 0