The cloud isn't secure by default: what containers changed about risk

The cloud isn't secure by default: what containers changed about risk

Containers made it easier to ship fast — and easier to ship risk. Intruder's VP of Product breaks down where container risk comes from across the full security lifecycle, and what
Charlie Yianni
|
min read
March 24, 2026
|
min read
Overconfident and under resourced: navigating the midmarket security gap

Overconfident and under resourced: navigating the midmarket security gap

Olya Osiagina
|
min read
March 23, 2026
Registry vs. runtime: where to scan your container images

Registry vs. runtime: where to scan your container images

Container image scanning should happen at the registry level, not at runtime inside clusters. Centralized registry scanning gives teams full visibility, reduces operational overhea
Manuel Morejon
|
min read
March 19, 2026
Why attack surface reduction is your first line of defense

Why attack surface reduction is your first line of defense

Proactive attack surface reduction is about reducing unnecessary internet exposure before it becomes a problem.
Daniel Andrew
|
min read
March 3, 2026
The Vulnerabulletin Issue #5

The Vulnerabulletin Issue #5

Issue 5 of our monthly newsletter, packed with research, industry news and Intruder updates.
Dann Moore
|
min read
March 18, 2026
The Vulnerabulletin Issue #4

The Vulnerabulletin Issue #4

Issue 4 of our monthly newsletter, packed with research, industry news and Intruder updates.
Dann Moore
|
min read
February 18, 2026
Beyond Compliance: What Actually Builds Customer Trust

Beyond Compliance: What Actually Builds Customer Trust

Compliance frameworks help you pass an audit; continuous compliance helps you keep customer confidence.
Ashley Hyman
|
min read
February 18, 2026
See TODAY’S CVE TRENDS

Our latest research

more research
Secrets in your Bundle(.js) - The Gift Attackers Always Wanted

Secrets in your Bundle(.js) - The Gift Attackers Always Wanted

Our scan of 5M apps uncovered 42k+ tokens in JavaScript bundles, from code repo tokens to project management API keys. Learn why traditional scanners miss them, and how Intruder’s new secrets detection method catches what others can’t.
Benjamin Marr
December 11, 2025
AI Vibe Coding: When Convenience Turns Into a Security Liability

AI Vibe Coding: When Convenience Turns Into a Security Liability

When we used AI to help code a honeypot, it introduced a vulnerability of its own. What transpired was a fascinating, if uncomfortable, lesson in AI complacency - how easily trust in automation can make us miss what’s right in front of us. We share what we learned and what it means for anyone using AI to code.
Sam Pizzey
December 2, 2025
How We’re Using AI to Write Vulnerability Checks (and Where It Falls Short)

How We’re Using AI to Write Vulnerability Checks (and Where It Falls Short)

Intruder’s security team is experimenting with agentic AI to accelerate vulnerability checks. Discover what’s working, what isn’t, and why AI isn’t the silver bullet it’s made out to be.
Benjamin Marr
September 11, 2025

Cyber explainers

more guides
9 best DevSecOps tools for 2026

9 best DevSecOps tools for 2026

DevSecOps tools help identify security vulnerabilities early in your development process. Explore our list of the best tools for 2025.
Christian Gonzalez
November 29, 2023
AWS Cloud Security Explained: What’s Left Exposed?

AWS Cloud Security Explained: What’s Left Exposed?

Think AWS has your security covered? Not entirely. This blog breaks down what AWS doesn’t secure, real-world risks you’re responsible for, and key actions you can take.
Daniel Andrew
March 20, 2025
AWS Security Services: What They Do and Don’t Do

AWS Security Services: What They Do and Don’t Do

AWS security services help protect your cloud, but they don’t secure everything. See what’s missing and how Intruder goes further to simplify cloud security.
Daniel Andrew
March 6, 2025
The State of Exposure Management in 2025
Insights from 3,000+ companies
get the report
Clear all filters
What’s the point in phishing assessments?

What’s the point in phishing assessments?

As news is released that PhishMe made £45 million last year, it’s clear that phishing assessments have become very popular. But it begs the…
Chris Wallis
|
min read
July 29, 2016
|
min read
Insights
I’m a startup, what should I do about security?

I’m a startup, what should I do about security?

Being a startup is difficult. You don’t have the budget to do everything like a big corporate, but if you don’t appear to be doing things…
Chris Wallis
|
min read
June 20, 2016
|
min read
Insights
Days of Cyber: What’s an SME to do? (Threat Landscape)

Days of Cyber: What’s an SME to do? (Threat Landscape)

This will be the first in a series of blog posts exploring the world of cyber security, with a specific view on how it applies to SMEs; and…
Chris Wallis
|
min read
May 6, 2016
|
min read
Insights
Badlock Vulnerability — Pre-Release Analysis

Badlock Vulnerability — Pre-Release Analysis

It seems that merely releasing a vulnerability with a cool logo and marketing budget isn’t enough these days. Like the movie studio behind…
David Robinson
|
min read
April 11, 2016
|
min read
Vulnerabilities and Threats
DROWN Vulnerability — More Like A Doggy Paddle

DROWN Vulnerability — More Like A Doggy Paddle

You may have heard of the new DROWN vulnerability as it’s been in the news a fair bit over the past couple of days.
David Robinson
|
min read
March 4, 2016
|
min read
Vulnerabilities and Threats
Should the data on my server be encrypted?

Should the data on my server be encrypted?

Over the last few days I’ve heard a lot of questions in the media asking why TalkTalk didn’t have their customer data encrypted.
Chris Wallis
|
min read
October 25, 2015
|
min read
Insights
VENOM Explained

VENOM Explained

Over the last few days there’s been a lot of hype surrounding the recently released (and patched) VENOM vulnerability. This post hopes to…
David Robinson
|
min read
May 15, 2015
|
min read
Vulnerabilities and Threats
GregAI: Your Intruder AI Security Analyst

GregAI: Your Intruder AI Security Analyst

We’re excited to introduce GregAI, your AI security analyst copilot that streamlines security workflows by prioritizing issues, validating findings, and more.
David Koke
|
min read
|
min read
Product
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Sign up for your free 14-day trial

Start today