NetSPI

We are proud to share that NetSPI CISO Joe Evangelisto has been named a finalist for the 2026 CarolinaCISO ORBIE Awards... for the second year in a row! The ORBIE Awards recognize CISOs who set the standard for security leadership, and Joe's recognition reflects the impact he brings to NetSPI and the broader security community every day. Congratulations, Joe! See all 2026 finalists here: https://ow.ly/xaXu50Z7H2i

NetSPI Labs Researcher, Scott Weston is speaking today at fwd:cloudsec! Learn about OCInferno, an enumeration and graphing framework, just one tool in the OCI security toolkit, that uses OpenGraph for BloodHound-style attack path analysis. You can lives tream his session happening today at 11:40am PT: https://lnkd.in/gAcBvNCf

NetSPI's VP of Research, Karl Fosaaen, weighs in on what organizations should be doing. Check out the full article in CSO Online. https://ow.ly/Jr0k50Z5zYb

Confirmed. Documented. Financially motivated threat actors conducting physical, in-person social engineering attacks against real businesses. Real criminals walking through real doors. This is exactly why NetSPI offers on-site social engineering engagements. We send real people to test whether your employees, your facilities, and your physical access controls hold up against the tactics actual threat actors are now confirmed to be using. If you've never tested your organization's physical attack surface, now is a very good time to start.

Team NetSPI recently came together to make tie blankets for Project Linus, an incredible organization that has delivered over 10 million handmade blankets to children ages 0–18 across the United States. Learn more about Project Linus: www.projectlinus.org #TeamNetSPI #ProjectLinus #GivingBack #MadeWithLove

What if your office break room snacks were a phishing attack? NetSPI's social engineering team brought a box of custom fortune cookies that contained a URL pointing to a fake corporate promotions site promising a $50 Amazon gift card into an office. The result? Of 48 cookies placed, 10 resulted in harvested employee credentials. Read the full story from Lucas Zahorik and Tyler Aldous: https://ow.ly/9G2z50Z4PEK #SocialEngineering #Phishing #pentesting

Hack Responsibly Newsletter – May edition, 2026 This month covers a UEFI buffer over-read that exposes sensitive memory before your OS ever loads, critical vulnerabilities in Palo Alto PAN-OS and cPanel, and how continuous pentesting helps your organization keep pace with rapidly changing attack surfaces. Plus a conversation with James Albany on how AI is compressing offensive security timelines, Scott Weston's new Oracle Cloud attack-path framework OCInferno, and a data center break-in story you'll want to hear. 

NetSPI's continuous external penetration testing keeps pace with that reality. We continuously identify all internet-facing assets that could serve as entry points, detect misconfigurations, open services, and exposed data across public-facing systems and web applications, and validate real risk through human-confirmed findings, not a list of theoretical issues to sort through. No more waiting for the annual wrap-up report to find out what you missed six months ago. Learn more: https://ow.ly/ZYmA50Z1aJn #Pentesting #NetSPI #ExternalSecurity #ContinuousTesting

We're incredibly proud of Team NetSPI in Pune for their heartfelt support of the Seva Sahyog Foundation, an organization dedicated to uplifting underserved communities and creating lasting impact. A huge thank you to every team member who contributed. #TeamNetSPI #SevaSahyogFoundation #CommunityImpact #GivingBack

PATCH NOW! CVE-2026-9082 – Drupal Core PostgreSQL SQL Injection  This critical vulnerability affecting Drupal deployments using a PostgreSQL database allows unauthenticated attackers to perform arbitrary SQL queries via crafted JSON:API or search queries. Successful exploitation may result in full database compromise or remote code execution.  This vulnerability has been actively exploited in the wild, and immediate remediation is essential for all organizations running vulnerable versions.    To learn more, please visit our website: https://lnkd.in/e4sSrzSf