The entry into force of the Cyber Resilience Act (CRA) introduces a new framework for organisations that develop or deliver digital products in Europe. By 2027, it will be mandatory to ensure that these products meet security requirements throughout their entire lifecycle. …
Vulnerability management is far from being a new problem, but even so, it continues to be one of the weakest points in most organisations. There are numerous tools and alerts, but the number of exposed vulnerabilities continues to grow, and incidents continue to…
The Cyber Resilience Act (CRA) introduces a structural shift in how security is understood within the European context. More than a new regulation, it represents a profound change in the responsibility of organisations that develop or deliver digital products. Until…
In recent years, business continuity has gained prominence within organisations, largely driven by the entry into force of DORA and the strengthening of the NIS2 Directive. Regulatory requirements have made it clear that operational resilience is no longer optional. Nevertheless,…
The entry into force of DORA and NIS2 (Decree-Law no. 125/2025) has placed cybersecurity at the centre of strategic decision-making within organisations. Gradually, it ceases to be viewed as an exclusively technical issue and assumes a structural dimension within operational…
The idea of “zero risk” is not realistic, yet it continues to surface in meetings, strategic plans and, at times, in implicit management expectations. Risk never disappears completely. What can and should exist is a conscious, structured approach to risk…
Companies are increasingly investing in cybersecurity tools such as firewalls, antivirus solutions, EDR, SIEM and monitoring platforms, among other solutions, all of which are essential components of any digital ecosystem. However, it is important to keep in mind that technology,…
A C++ class used for thread synchronization named timed-mutex can be used for sleep evasion in Windows, by delaying execution just enough to trick anti-virus software into declaring a malicious payload as benign. In this article we explore which System…
Although often associated, Pentesting and Red Teaming are distinct methodologies, with different objectives, scopes, and outcomes. The correct application of each can determine whether an organization merely identifies technical vulnerabilities or actually validates its ability to withstand real and persistent…
In the context of cybersecurity, a recurring question about Pentesting is: “Why execute a Pentest on a recurring basis?” At first glance, it may seem only like an additional expense or an obligation resulting from regulatory requirements. However, Pentesting stands…
Introduction Timming attacks are a specific type of side-channel attack, in which extra information/exploitation can be achieved through observing the execution of a given system, instead of trying to actively exploit it.This type of vulnerability is particularly noticeable in capacity…
Generative AI Figure 1 – AI evolution (Synoptek, 2023) In recent years, we have witnessed remarkable advances in the field of Artificial Intelligence (AI), driven by techniques such as Machine Learning (ML), Deep Learning (DL), and Generative Artificial Intelligence (GenAI). ML…