Blog

OSTIF selected CVE-2025-31484 from 7ASecurity’s conda-forge audit as its 2025 Bug of the Year, recognizing Szymon Grzybowski’s high-impact supply-chain finding.

Finding a security flaw is only half the battle; knowing how to fix it before it’s exploited is the real goal of a web application penetration test.  Web applications handle sensitive customer data, process payments, and manage internal tasks daily. This makes them massive targets for cybercriminals. Yet many companies think running a basic software …

A thorough IoT pentest is the only reliable way to ensure your connected devices are safe from cybercriminals.  A smart thermostat might seem harmless. A connected security camera appears to be a basic operational tool. But to a cybercriminal, these devices represent an unguarded backdoor into your network. We surround ourselves with internet-connected hardware. Just …

Your approach to SOC 2 penetration testing will dictate how easily you pass your compliance audit. Maybe you’ve got a checklist of everything passing a SOC 2 audit requires. Unfortunately, ticking off action items doesn't verify how your security works under pressure. If your business handles any sensitive data, you must assure your clients that …

Do you know why mobile penetration testing is the only reliable way to find the security gaps in your apps?  Your app is safe, right? After all, it passed Apple's review process. Google Play accepted it without any issues. Your automated security scanner even gave you a clean report. It's natural to assume you're secure. …

7ASecurity shares results of a security audit of Stork (ISC’s admin interface for Kea servers): 7 security-impact findings (2 high) and all fixes verified, plus threat modeling, SLSA review, and an SBOM.

How do you protect what you don't know exists? With external penetration testing. It’s how you find the "unknown unknowns" that threaten your business. It doesn’t matter how careful you are or how sophisticated your dev team is; somewhere in your organisation's digital footprint sits a forgotten test server. Maybe it's an old marketing microsite …

PCI penetration testing is how you ensure you keep credit card data safe from attackers.  Unfortunately, the reality is that compliance doesn't guarantee security, and cybersecurity (check this) doesn't automatically mean compliance. You need both. And right now, plenty of organisations have neither. The fines for PCI DSS non-compliance can reach $100,000 per month. But …

7ASecurity shares results of a holistic security audit of zlib: 10 security-impact findings (1 high) and all fixes verified, plus hardening recommendations and a custom threat model.

Noghteha engaged 7ASecurity for an independent Android security and privacy assessment strengthening an offline-first mesh messenger for high-risk connectivity.