 that has led to empty shelves has been described as a “

 to all organisations” by the UK National Cyber Security Centre. 🚨

Harrods, the luxury London department store has just become the 

 were also targeted. Marks & Spencer (or M&S) has suffered the most calamitous consequences. A suspected ransomware infection, which has been linked to the hacking collective Scattered Spider, has 

 and led to gaps on store shelves as well as disruption to loyalty scheme and gift card payments. The clothing, homeware and food retailer’s stock value has plummeted by around £650 million. Cybersecurity expert Graham Cluley 

 that “attacks involving the DragonForce ransomware” – the suspected virus involved – “

usually start with exploitation of known vulnerabilities

” – illustrating the importance once again of robust vulnerability identification and management and the prompt application of security patches. 🔒

SaaS systems ‘dismantle essential security boundaries’

An overreliance on the software-as-a-service (SaaS) model is “creating single points of failure with potentially catastrophic system-wide consequences”, according to the CISO of JPMorganChase. ⚠️

 to third-party suppliers, Patrick Opet also warned that “fierce competition among software providers” has incentivised “

rushed product releases without comprehensive security built in

”. In an excoriating critique, Opet said strict segmentation between internal resources and untrusted external interactions had been abandoned in favour of “unchecked interactions between third-party services and firms’ sensitive internal resources”. The security exec suggests rejecting “these integration models without better solutions” – or at least providing “continuous, demonstrable evidence that controls are working effectively, not simply relying on annual compliance checks.” 🛡️

In the third story of our latest monthly roundup of news of interest to CISOs and security teams, the cybersecurity industry recently breathed a collective sigh of relief after an 

 expressed alarm when MITRE, the not-for-profit, revealed that its government contract to operate the CVE program had not been renewed – sparking fears that it had fallen prey to Elon Musk’s cost-cutting drive. ✂️ Thankfully, funding for this index of known security flaws, such an invaluable resource for security teams, was 

A coalition of blue-chip CISOs has called for 

greater harmonisation of global cybersecurity regulations

. 🌍 Some 43 security execs – including CISOs from GitHub, Microsoft, AWS, Mastercard and Siemens – sent a 

 (PDF) to the G7 and OECD urging them to take steps to address “growing fragmentation” that “is adding complexity to our companies’ operational cyber defense and ability to defend against growing cyber threats”. 🚨

The rapid digitisation of the modern economy has left civilisation increasingly vulnerable to cyber-attacks and prompted the US, UK, EU, Australia, Singapore and others to overhaul ageing cyber laws. However, the CISO signatories believe current regulatory divergence – across borders and sectors – is intolerable as they contend with fundamentally 

Their call to action argues that increasing regulatory misalignment “creates difficulty in implementing consistent security measures across different jurisdictions, complexity to time-sensitive incident response activities, potential negative impact on reporting due to conflicting requirements, delays in cybersecurity regulatory implementation due to the need of managing multiple regulatory landscapes and exacerbates the cybersecurity talent shortage.” 🧠

Presumably these CISOs were no fans of Brexit given the regulatory divergence entailed by the UK-EU divorce. Perhaps slightly reassuringly for them, a UK government policy statement has indicated that the 

align with the EU’s NIS 2 regulation “where appropriate”

. While the statement hints at a lighter touch approach (referencing the need for “agile, pro-innovation regulation”), the need to minimise compliance burdens and facilitate cross-border information-sharing will hopefully ensure significant convergence with NIS 2. 

Perhaps it’s unsurprising that organisations are only managing to remediate one in five (21%) 

 uncovered by pentests, as revealed by a 

. As we’ve explained in our article on 

mitigating AI cybersecurity risks with Bug Bounty Programs

, the ‘black-box’ nature of AI models and their non-deterministic behaviour makes it particularly difficult to distinguish intended/benign behaviour from unintended/insecure outputs, as well as to fashion workable fixes for validated vulnerabilities. 🤖

Nearly three in four security leaders polled by Cobalt (72%) ranked 

 as their primary worry, eclipsing risks associated with third-party software, insider threats and nation state threat actors. Only 64% professed to be “well equipped to address all security implications of genAI.” 

The report also revealed that organisations are fixing 48% of all types of exploitable vulnerabilities that they’re aware of, although this number rises to 69% for high and critical severity findings. Perhaps reflecting the success of the software development industry’s ‘shift left’, the 

median time to remediate serious vulnerabilities

 has plummeted since 2017 – from 112 days down to 37 days last year. 🐛

Cert scheme highlights value of VDPs and Bug Bounty

Back to compliance now: a new EU certification programme demonstrates that Bug Bounty Programs and vulnerability disclosure policies (VDPs) are invaluable for 

showing customers that you take security seriously

. Vulnerability management and disclosure guidelines for the 

, which certifies digital products that adhere to stringent security standards, are based on ISO standards that prescribe the implementation of VDPs. Moreover, Bug Bounty Programs are cited by these guidelines among best-practice methods for obtaining information about potential vulnerabilities 🛡️

What’s the best way to scale up security testing for fast-evolving telco services used by 121 million customers? And how can you do this without slowing software deployment down? 🤔 Our 

 reviews a presentation delivered by a security executive at 

, which outlined why the Qatari multinational embraced Bug Bounty and whether the model had lived up to its promise so far. 📶

A code of practice designed to tackle the 

proliferation and irresponsible use of cyber intrusion tools

. Fortunately, the accord, a British-French initiative, urges governments to clearly define their lawful use – helping to protect our hunters’ efforts to strengthen digital security. Our CEO, Guillaume Vassault-Houlière, represented the ethical hacking and Bug Bounty industry at a Paris conference where the accord was signed earlier this month. 🐱‍💻

With Springtime now in full swing, the InfoSec conferences are coming thick and fast. Here’s where you can meet the YesWeHack team and learn about our Bug Bounty and vulnerability management platform in the coming weeks:

 – Singapore, 22-23 May, Bug Bounty Kampung (Village)

More conferences and live hacking events will be announced in due course! 📅

Read this monthly roundup even sooner by subscribing to 

 – our LinkedIn newsletter curating news, insights and inspiration around offensive security topics like Bug Bounty, vulnerability disclosure and management, pentest management and attack surface protection.

Are you a bug hunter or do you have an interest in ethical hacking? Check out our ethical hacking-focused sister newsletter, 

 – offering hunting advice, interviews with hunters and CTF-style challenges, among other things.

UK retail cyber-attacks a ‘wake-up call’, SaaS overreliance ‘creating single points of failure’, calls for global regulatory alignment – OffSec roundup for CISOs

Kudos to research duo Allam Rachid and Allam Yasser for the discovery and 

 related to CVE-2025-29927, a critical vulnerability in the 

 web development framework that potentially enables attackers to bypass authorisation checks. The potential impact means it’s a worthy intro to our latest roundup of ethical hacker news and notable security research. Next.js generates more than nine million weekly npm downloads, all versions were affected by the issue and there were “no preconditions for exploitability”. 💥 

Some good news for hunters with the right skillset for finding AI-specific bugs: it’s an increasingly lucrative area, with 

 from $20,000 to $100,000. Comparatively generous payouts for AI-specific flaws are among the topics covered in a wide-ranging article we recently published on how 

 and vulnerability management (while it’s aimed more at CISOs and security teams, hunters may nevertheless find value). Relatedly, hunting seems to be getting more potentially lucrative for hunters of the highest calibre when you consider Google’s explanation for 

 last year by the same ratio – a factor of five. The tech giant said greater financial incentives were needed because bugs were becoming so hard to find in its increasingly secure products. 🤖

The promise of generous bounties did not insulate 

 from the discontent of one vulnerability analyst who objected to the Microsoft Security Response Center’s (MSRC’s) request for a Proof of Concept (PoC) video to support his vulnerability report. As 

, an unimpressed Will Dormann was mystified as to why the screenshots he sent did not suffice. “To request a video that now captures (beyond my already-submitted screenshots) the act of me typing, and the Windows response being painted on the screen adds what of value now?" he said. Dormann apparently sent MSRC a 

 that was about 14.5 minutes too long, which was soundtracked by thumping techno and featured a fleeting still from comedy classic Zoolander of the sign: “Center for Kids Who Can't Read Good”. 😮

The cybersecurity industry has breathed a collective sigh of relief after an 

 expressed alarm when MITRE, the not-for-profit org, revealed that its government contract to operate the CVE program had not been renewed – sparking fears that it had fallen prey to Elon Musk’s cost-cutting drive. ✂️ Thankfully, funding for this index of known security flaws, such an invaluable resource for security teams, was 

Another heartening update, this time to a story we flagged five editions ago. The Maltese government has 

 for three university students and their lecturer in relation to criminal charges over their seemingly good-faith reporting of a vulnerability in Malta’s largest student application, FreeHour. The charges had seemed particularly absurd when the government has been seeking to encourage good-faith security research by introducing a National Coordinated Vulnerability Disclosure Policy (NCVDP). Prime minister Robert Abela has called the case “unjust” and noted that “we had laws which were not updated to reflect today’s needs and realities,” a situation they were seeking to remedy with a regulatory overhaul. ⚖️

As always, there’s too much good stuff to summarise in any detail – so let’s conclude with a roundup of other notable infosec research we’ve spotted over the past month:

Oracle attempt to hide serious cybersecurity incident from customers in Oracle SaaS service

A tool that tracks AWS documentation changes and uses LLMs to analyse security implications

An analysis of the NSO BLASTPASS iMessage exploit

Hacking the call records of millions of Americans

We’ve published a few more technical articles of our own, but with a particular focus on fairly foundational skills. This quartet of deep dives should be of particular interest to newbies:

 – sleuthing for a web application’s hidden vulnerabilities

 with active and passive techniques such as analysing HTTP headers, default pages and default file structures

 – masking malicious scripts and bypassing defence mechanisms 

with encoding methods, variable expression assignment, arrays in request parameters, JavaScript obfuscation and obfuscation in shell environments

 – basic and advanced techniques, ranging from abusing custom headers to leveraging cache poisoning and reverse proxy misconfigurations

– finding vulnerabilities in this popular, versatile query language via practical techniques that include introspection, query, mutation and batching attacks

From education to inspiration, our latest hunter interview stars 

this video why his favourite bug was an IDOR “at a $1 billion company”

 and offers an interesting response to the question of whether developers have a head start over non-developers when learning how to hack. 💡

A trio of exciting fresh hunting opportunities to highlight now in the form of new public programs:

 – €2,500 max rewards for valid bugs found in two web applications belonging to Europe’s largest sports goods retailer

 – The Swiss online medical appointment platform is offering bounties rising to €5,000 for vulnerabilities in an API or any of three web applications within scope

 up to €7,000 on offer for valid vulnerabilities reported in more than 30 scopes belonging to this lottery, online gaming and sports betting company

, exploring this increasingly popular web security tool’s core features such as HTTP interception, request inspection, parameter fuzzing and workflow automation.

The presenter, ‘Pwnii’, has also just featured in a 

, a French journalist with seven million followers on Tiktok, about what sparked her interest in hacking, her career in Bug Bounty so far and the importance of ethical hacking for securing organisations and protecting their customers. 🎥

Very much a rising star, Pwnii has now climbed to#42 on our all-time leaderboard, having only registered on YesWeHack three years ago. Also demonstrating the frequent replenishment of our talent pool, we’d like to spotlight the achievements so far this year of 

 so far having registered on YesWeHack only last year and already up to a ranking of #60 overall). h0rus3c (#5 in Q2, registered in 2024, #107 overall), goodmanhero1337 (#9 for Q2 and registered this year). Rabhi and Xel, the top two for 2025, are once again locked in a titanic struggle for top spot. 🏆

 – so you can now create your own Capture the Flag (CTF) challenges in Ruby code within a dedicated new sandbox environment! 🏁

Naturally, the latest monthly CTF challenge (merch up for grabs as usual for the winners!) takes advantage of this opportunity: Dojo #41, which is open for competition submissions until 29 May, invites hunters to hack a brand new online shop, ‘

, ‘Hacker Profile’: congrats to owne, 7utu_x and sarju18 for producing the three best writeups. You can read the best overall solution to the challenge, which involved exploiting a prototype pollution issue to trigger a catch exception handler and execute arbitrary JavaScript code, 

The events are starting to come thick and fast. Here’s where you can meet the YesWeHack team, learn about bug hunting on our platform and score yourself some swag in the coming weeks:

– Singapore, 22-23 May, Bug Bounty Kampung (Village)

And that’s it for this month – happy bug-hunting! 👋

Read this monthly roundup of content aimed at ethical hackers even sooner by subscribing to 

Are you a CISO, other security professional or security-conscious dev? Check out our CISO-focused sister newsletter, 

 – bringing you news, insights and inspiration around offensive security topics like Bug Bounty, vulnerability disclosure and management, pentest management and attack surface protection.

Middleware mayhem, Zoolander banter PoC, Malta to pardon hackers over ‘unfair’ charges – ethical hacker news roundup

Ready to level up your ethical hacking and Bug Bounty skills?

 challenges in Ruby code within a dedicated new sandbox environment! Read on to discover how to leverage the new feature and the bug-hunting benefits of mastering Ruby and its common security pitfalls. Let's dive in!

Step-by-Step: Getting Started with a Ruby CTF

Benefits for Bug Bounty Learners & Challenge Creators

YesWeHack’s Dojo platform is a versatile CTF and learning platform aimed at Bug Bounty hunters and anyone else who wants to sharpen their hacking skills and get involved in the hacking community. It offers 

 with practical labs on common vulnerabilities, as well as monthly 

CTF challenges featuring realistic vulnerabilities

 that boost the bug-hunting skills of both experienced and inexperienced hackers, with swag and leaderboard points awarded to the overall winners.

You can also write your own code in a wide range of programming languages (even wider now!) in order to test attack techniques or create your own CTF challenges (which you can submit to YesWeHack for consideration as a potential monthly CTF challenge).

how to use the recently-revamped Dojo here

At first glance, Ruby might not be the most obvious choice as a language for learning the latest hacking techniques. After all, it’s less prevalent in modern stacks than JavaScript or Python.

But from a hacker’s perspective, Ruby still offers advantages that make it worth knowing about. For instance, Ruby has a mature and battle-tested ecosystem, with a significant number of web applications still relying on it. 

 apps, in particular, have a long history of interesting security issues, from mass assignment and deserialization bugs to SSRF and command injection vulnerabilities. Knowing how Ruby handles data flows, templating and object instantiation gives you an edge when targeting these applications.

You then land on the main challenge page, where you can write your Ruby code, set up filters and test your code!
Start writing your code in the 

 tab at the bottom-centre of the page. Insert user input to your code within the 

 panel on the left-hand side by setting the placeholder 

Now you’re set to start testing out attacks or creating your very own CTF challenges!

Benefits for Bug Bounty learners & challenge creators

If you’re an experienced hacker, then you’ve probably faced web applications running on Ruby – and will surely do so again. Understanding Ruby and the most popular Ruby framework, 

, as well as the pitfalls that lead developers to inadvertently create vulnerabilities in Ruby code, will help you make the most of the hacking opportunities offered by this programming language.

Dojo’s new Ruby integration is a great way for ethical hackers and Bug Bounty hunters to achieve this in a risk-free but realistic way – whether by testing out attack methods, building custom CTF challenges or trying to solve challenges created by others.

Unveiling Dojo v2: Our new CTF and realistic challenge-building framework

New Dojo sandbox environment for creating Ruby CTF challenges

Ever wondered if you’ve overlooked an open port that is hiding a service vulnerable to exploitation?

Port scanning is an invaluable reconnaissance technique for ethical hackers because every undiscovered service is a potential gateway to critical vulnerabilities!

In this article, you will learn passive and active port scanning techniques for revealing open ports and hidden services on a target’s infrastructure.

We’ll explain the advantages of various scanning methods, recommend the most effective port scanning tools, and provide practical examples based on real Bug Bounty targets. Understanding these techniques will empower you to make informed decisions that enhance your recon strategy.

Gathering service information from public databases

Identifying exposed services with banner grabbing

Port scanning is a technique for identifying open ports – virtual endpoints that are configured to accept incoming network traffic – on a target system.

Identifying open ports helps you to determine which services are running and therefore to map the attack surface – a crucial first step before uncovering potential weak points.

Port scanning is typically performed against a specific domain or IP address, or a defined range of IPs. Bug Bounty Programs that permit port scanning should detail clearly what you are allowed to scan. 

It’s essential to verify what is permitted before launching any scans to stay compliant with program rules.

Port scanning is often permitted on self-hosted infrastructure (meaning the company owns the IP ranges), but rarely allowed on third-party services such as cloud-hosted apps, SaaS platforms or where scopes include web applications but not IPs or network infrastructure.

Once you’ve mapped your target’s active services, you can search for vulnerabilities arising from outdated software, misconfigurations, weak authentication mechanisms and so on.

Port scans need not directly interact with the target to produce useful results. Passive port scanning gathers valuable intel on your target without alerting its defensive mechanisms, which eliminates the risk of detection. This is achieved by drawing on public sources that have already scanned the internet.

By querying platforms like Shodan, Censys, or SecurityTrails you can access historical records of open ports and associated services across various domains and IP ranges. You can identify:

Services that were once publicly accessible

Hosts that are inadvertently exposing ports

And forgotten assets that are no longer monitored

This information allows you to understand the historical context of a target’s exposure, often revealing legacy systems that might be otherwise overlooked.

A simple Shodan query can reveal open ports on a target domain:

Quickly highlighting which ports are publicly accessible, this query enables you to focus your efforts on potentially vulnerable entry points.

Recon Series #2: Subdomain enumeration – expand attack surfaces with active, passive techniques

After gathering a high-level view with passive methods, it’s time to delve deeper. Active port scanning interacts directly with the target’s network, revealing live services and open ports that might not appear in public records.

These techniques involve sending crafted packets (such as SYN, ACK or UDP probes) to the target host and analysing their responses. Tools such as Nmap, Masscan or Naabu can scan IPs or domains to uncover:

Services that are live but not publicly indexed

Ports that are selectively open to specific IP ranges

Temporary or forgotten services still running internally

Active scanning is more precise and comprehensive than passive scanning, but introduces risk because it can trigger firewall alerts or intrusion detection systems (IDS).

Effective countermeasures include reducing scan speeds to evade rate-based detection, and employing evasion techniques like fragmentation and decoy scans. 

If you’re probing a Bug Bounty target, you should also ensure that you are explicitly authorised to conduct the scans you intend to run.

 in Nmap) is a popular active port-scanning method in part because of its stealthy nature: it sends a SYN packet and awaits a SYN-ACK response without establishing a full connection.

), which does establish a full connection, is a viable alternative when firewalls block SYN packets. This method provides a more definitive answer on port status when stealth is not your primary concern.

UDP scanning is useful for services running over UDP (such as DNS or SNMP) and for bypassing TCP-based defenses. Since UDP is connectionless, it’s also harder to detect than TCP scans that require handshakes.

However, the absence of a handshake mechanism means UDP scans sometimes generate ambiguous responses from closed ports and might be ignored by open ports. Moreover, many UDP services only respond to probes customised to their target, making them harder to detect with generic scans – so hunters need relevant expertise.

Because UDP traffic is often rate-limited or dropped by firewalls, it’s crucial to apply rate limiting and enable retries to improve reliability and accuracy.

Once open ports are identified, banner grabbing is used to extract details about the services running. This technique provides insight into the software version, configuration and potential vulnerabilities that could be exploited.

Banner grabbing involves connecting to a service and reading the initial data it sends back – often a welcome message or banner. Knowing why this matters allows you to quickly assess if a service is using outdated or misconfigured software.

This command prompts the target to reveal its banner, potentially disclosing critical information such as the software name and version.

Nmap can also perform banner grabbing with its version detection feature using the 

 flag. This not only confirms the service’s identity but also provides additional details like SSL support or custom configurations.

This output shows how Nmap identifies exact versions of services – a crucial prerequisite for pinpointing vulnerabilities in outdated or misconfigured software:

For more detailed detection, you can increase the intensity with:

 flag attempts to identify the operating system based on TCP/IP stack behaviour. Knowing the OS can help tailor further exploitation or remediation strategies.

⚠️ Bug hunters beware: Always ensure you have proper authorisation and that your actions comply with a Bug Bounty Program’s rules.

Port scanning can trigger security defences, so employing stealthy scanning techniques is often necessary to avoid detection.

An IDS (intrusion detection system) monitors network traffic to detect suspicious activity, including port scans. Knowing how an IDS might flag your actions as potentially malicious can usefully inform your recon strategy to mitigate these risks.

: Sends fake scan traffic from spoofed IPs along with your real scan, making it harder for detection systems to pinpoint your activity. For example:

This method obscures the true source of your scan, reducing the chance of being blocked.

: Introduces a delay between probes to prevent triggering threshold-based IDS rules. For example:

A slower pace mimics regular traffic, lowering the risk of detection.

: Splits TCP packets into smaller fragments, which can bypass simple IDS/IPS that do not reassemble packets properly. For example:

Fragmenting packets can confuse basic detection mechanisms, though it may not work against more advanced systems.

While traditional tools like Nmap might prove too slow for large-scale reconnaissance, there’s generally a trade-off between scan speed and thoroughness. Striking the right balance is therefore key to ensuring you do not miss any open ports.

Masscan, the fastest internet port scanner, sends asynchronous TCP packets, which allows you to scan massive IP ranges quickly – a boon for initial recon. Consider the following example:

 sets scan speed to 10,000 packets per second. This high rate facilitates a rapid assessment, though you may need to recalibrate based on bandwidth and target limitations.

Inevitably, this rapid speed means scans are less thorough. Therefore it’s wise to supplement Masscan probes with Nmap scans in order to gain deeper insights.

Recon series #4: Port scanning – uncovering attack vectors by revealing open ports and hidden services

, challenged the participants to exploit a JavaScript prototype pollution to trigger a catch exception handler and execute arbitrary JavaScript code to capture the flag.

Want to create your own monthly Dojo challenge? Send us a message on X!

 feeds to be notified of upcoming challenges.

Read on to find out how one of the winners managed to solve the challenge.

We want to thank everyone who participated and reported to the Dojo challenge. 

There where a ton of great reports this time. 

You find the best write-up overall below:

The application allows a user to build a hacker profile combining the details of a random Profile (if all details of a hacker not provided) and the user input by the hacker. However, the application suffers from the prototype pollution and unsafe code evaluation. The vulnerable code path allows an attacker to modify JavaScript's Object prototype and inject malicious code that is subsequently executed via an 

 function. This occurs due to the improper validation or sanitization of the user-supplied JSON data. This vulnerability enables unauthorized access to sensitive information, including environment variables, and potential complete system compromise.

We are presented an application that allows a user to build a profile using the JSON input. A thorough code analysis was performed during the initial reconnaissance phase which revealed the underlying tech-stack. The application uses JavaScript, Node JS and EJS templating. Various utility functions are implemented to handle the user input and manage application.

The first step in analyzing the user input handling is to examine the entry point where the input is processed. In this case, the user input undergoes a transformation by a Web Application Firewall (WAF), which URL-encodes the input to mitigate any malicious payloads.

 function. This essentially reverses the encoding performed by the WAF, converting URL-encoded characters back to their original form. If the decoded input is empty (i.e., the user does not provide any input), the 

 variable is set to a default value of an empty JSON object (

). This ensures that the application always operates on a valid object. The decoded and validated input is then parsed using 

. This step implies that the input is expected to be a valid JSON string.

In the next step, a random Profile is selected with a 

 function call which selects a random profile from the 

 variable as provided in the set up code. The selected random profile is assigned to 

 method then combines the properties of the 

 input to create the final user object. It iterates over each key in the 

The YesWeHack Blog

UK retail cyber-attacks a ‘wake-up call’, SaaS overreliance ‘creating single points of failure’, calls for global regulatory alignment – OffSec roundup for CISOs

UK retail cyber-attacks a ‘wake-up call’, SaaS overreliance ‘creating single points of failure’, calls for global regulatory alignment – OffSec roundup for CISOs

Middleware mayhem, Zoolander banter PoC, Malta to pardon hackers over ‘unfair’ charges – ethical hacker news roundup

New Dojo sandbox environment for creating Ruby CTF challenges

UK retail cyber-attacks a ‘wake-up call’, SaaS overreliance ‘creating single points of failure’, calls for global regulatory alignment – OffSec roundup for CISOs

Recon series #4: Port scanning – uncovering attack vectors by revealing open ports and hidden services

Dojo challenge #40 - Hacker profile winners & writeup

‘Continuous testing and a real-time understanding of my threat exposure’ – Ooredoo exec on the benefits of Bug Bounty

Recon series #4: Port scanning – uncovering attack vectors by revealing open ports and hidden services

UK publishes proposals for NIS 2-equivalent Cyber Security and Resilience Bill

HTTP header hacks: basic and advanced exploit techniques explored

Spyware pact draws distinction between malicious and legitimate use of cyber-intrusion tools

UK publishes proposals for NIS 2-equivalent Cyber Security and Resilience Bill

Don't wait for threats to strike

Products

Researchers

Resources

Company

Follow us