Insights
Security research, from the field.
Perspectives on offensive security, vulnerability research, and modern cyber risk from the HacFy team.
Vulnerability Research
Chained low-severity findings and real-world impact
How individually low-risk issues combine into critical exposure across identity, API, and data layers.
Read article
Cloud Security
The IAM misconfigurations we keep finding
Patterns of overly-permissive roles and cross-account trust that create silent lateral movement paths.
Read article
Cyber Risk
Prioritizing a noisy vulnerability backlog
A risk-based approach to translating raw scanner output into a remediation plan you can ship.
Read article
Offensive Security
API authorization: the class of bugs scanners miss
Object-level and function-level authorization flaws remain the most common critical findings in API testing.
Read article
Security Awareness
Phishing simulations that actually change behavior
Why click-rate metrics alone don't move the needle — and what to measure instead.
Read article
Vulnerability Research
Server-side request forgery in modern cloud stacks
Why SSRF remains one of the most dangerous vulnerabilities in cloud-native architectures.
Read article
* sample content — real insights coming soon
