TrollEye Security

Menu

Sullivan Rozar

HIPAA Penetration Testing Requirements Article Cover

Does HIPAA Require Penetration Testing? What Security Teams Need to Know

Cybersecurity Frameworks & Compliance / By

Why HIPAA’s Silence on Pen Testing Doesn’t Mean You’re Off the Hook If you work in healthcare IT or security, you’ve likely wrestled with this question: does HIPAA actually require penetration testing? The short answer is not explicitly. But the longer, more important answer is that HIPAA’s Security Rule creates strong expectations around risk management […]

Does HIPAA Require Penetration Testing? What Security Teams Need to Know Read More »

GitHub Notifications Are Being Weaponized to Deliver Malware at Scale

Cyber News / By

Attackers Are Exploiting GitHub’s Own Notification System to Target Developers A coordinated, large-scale campaign is actively targeting developers on GitHub, using fake Visual Studio Code (VS Code) security alerts posted in the Discussions section of thousands of repositories to trick users into downloading malware. The campaign was first detailed by application security company Socket on

GitHub Notifications Are Being Weaponized to Deliver Malware at Scale Read More »

Dark Web Analysis vs Dark Web Monitoring Article Image

Dark Web Analysis vs. Dark Web Monitoring: What the Difference Means for Your Security Team

Threat Intelligence / By

Why Alerts Alone Aren’t Enough, and What to Do Instead Most security teams that think they have dark web coverage don’t. They have dark web alerting. That’s not the same thing, and the gap between the two is exactly where threat actors operate. Dark web monitoring tools are widely deployed. They scan breach databases, paste

Dark Web Analysis vs. Dark Web Monitoring: What the Difference Means for Your Security Team Read More »

Poland’s Nuclear Research Centre Repels Cyberattack, Potential Iran Attribution

Cyber News / By

Iranian Threat Actors Suspected After Failed Attack on Polish Nuclear Facility Poland’s National Centre for Nuclear Research (NCBJ) disclosed this week that hackers targeted its IT infrastructure in an attempted breach. The attack was detected and blocked before any damage was done, and the institute confirmed that operations continued without interruption. In a statement released

Poland’s Nuclear Research Centre Repels Cyberattack, Potential Iran Attribution Read More »

Microsoft Threat Intelligence Warns AI Has Become a Core Weapon in the Attacker’s Toolkit

Cyber News / By

Hackers Using AI For Everything From the First Email to Covering Their Tracks Somewhere right now, a North Korean worker is on a video call with a Western company’s hiring manager, interviewing for an IT job. The resume looks real. The headshot looks real. The identity documents look real. All of it was fabricated using

Microsoft Threat Intelligence Warns AI Has Become a Core Weapon in the Attacker’s Toolkit Read More »

How to Measure ROI from Your Penetration Testing Program

Security Leadership / By

How to Measure Penetration Testing ROI: A Practical Framework Penetration testing ROI is one of the most underreported metrics in cybersecurity, not because the value isn’t there, but because most organizations aren’t measuring it correctly. Too often, security teams track outputs: reports delivered, findings identified, audits passed. But those are activity metrics. Real penetration testing

How to Measure ROI from Your Penetration Testing Program Read More »

APT37 Deploys “Ruby Jumper” Malware to Breach Air-Gapped Networks

Cyber News / By

New Multi-Stage Toolkit Leverages Removable Media to Bridge Air-Gapped Systems Air-gapped environments are often treated as the highest form of segmentation-based defense. But a newly uncovered campaign attributed to North Korean threat group APT37 challenges that assumption. The operation, dubbed Ruby Jumper, demonstrates how removable media workflows and staged malware loaders can be weaponized to

APT37 Deploys “Ruby Jumper” Malware to Breach Air-Gapped Networks Read More »

TrollEye Security Recognized in the Gartner® Journey Guide to Choosing Software Engineering Security Tools Report

Press Releases / By

TrollEye Security Has Been Recognized in the 2026 Gartner® Journey Guide to Choosing Software Engineering Security Tools Report February 26th, 2026 – TrollEye Security today announced it has been identified in the Journey Guide to Choosing Software Engineering Security Tools by Gartner as a Representative Vendor in the Penetration Testing as a Service (PTaaS) category

TrollEye Security Recognized in the Gartner® Journey Guide to Choosing Software Engineering Security Tools Report Read More »

How to Approach SOC 2 Compliance In a Way That Improves Security

Cybersecurity Frameworks & Compliance / By

Using SOC 2 as a Framework for Operational Discipline and Risk Management SOC 2 has become a business necessity for organizations that handle customer data, especially in SaaS and fintech environments where trust directly impacts revenue. Enterprise buyers, investors, and partners often view a SOC 2 report as proof of operational maturity and risk management

How to Approach SOC 2 Compliance In a Way That Improves Security Read More »

This Content Is Gated