Portugal’s Article 7 and the UK’s proposed statutory defence mark major steps toward protecting good-faith security research. Explore how these reforms reduce risk and strengthen coordinated vulnerability disclosure.

Security Research

Hai

3 Signals You Can’t Ignore from the 2025 Hacker-Powered Security Report

November 4th, 2025

AI is reshaping cybersecurity. Explore key findings from experts on how researchers, automation, and human insight are redefining defense in 2025.

Return on Mitigation

Security Research

A New Approach to Proving Cybersecurity Value (That Isn’t ROI)

February 14th, 2025

Over the past 8 months, Luke (hakluke) Stephens and I have spoken with 10 security...

Security Research

Welcome, Hackbots: How AI Is Shaping the Future of Vulnerability Discovery

February 3rd, 2025

What are Hackbots and how are they impacting vulnerability discovery and the researcher community?

Ethical hacker finding broken access control vulnerabilities

Exposure Management

Security Research

How To Find Broken Access Control Vulnerabilities in the Wild

September 30th, 2024

Learn the ins and outs of broken access control vulnerabilities and how to find them in your security research.

Security Research

100 Hacking Tools and Resources

August 20th, 2024

Whether you’ve just started hacking or are a real pro, we’ve created the ultimate list of 100 hacking tools for your toolkit!

Exposure Management

Security Research

How a GraphQL Bug Resulted in Authentication Bypass

July 29th, 2024

Experienced security researchers explain how a GraphQL bug resulted in authentication bypass — and how to avoid it.

An ethical hacker finding an XSS vulnerability

Code Security

Security Research

How to Find XSS

June 25th, 2024

Security researcher Haoxi Tan breaks down the best practices and tools for finding the different types of XSS vulnerabilities.

Security Research

Offensive Security

Crowdsourced Security

Setting Up an Environment for Web Hacking

May 7th, 2024

Security researcher Haoxi Tan provides all the tips and tricks for setting up the ultimate web hacking environment.