Picus Security

Breaking news from Turin ⚽️ Picus Security joins @juventusfc as the Official Exposure Validation Partner. From simulation drills to cyber drills, this signing is all about strengthening defense the Juventus way. 🖤🤍 Full details: picussecurity.com/resource/press… #PicusSecurity #Juventus #ExposureValidation #CyberResilience #ForzaJuve

A signed driver from a video game was used to kill enterprise antivirus at the kernel level. That's not theoretical. That's BYOVD in the wild. Attackers load a legit, signed, vulnerable driver. Windows trusts it. They exploit it for kernel access. Your EDR goes dark. We break down the full attack chain 👇 Read more: hubs.li/Q046GpYZ0

Healthcare has the highest prevention score of any industry at 83%. But only 13% of simulated attacks triggered an alert. And credential-based attacks succeeded 98% of the time. Strong walls. Blind interior. That's the real risk in healthcare security right now. Read the full analysis: hubs.ly/Q046GdXs0

See all reviews: g2.com/products/picus…

G2 Leader in Breach and Attack Simulation, Winter 2026. What our customers value most: Picus replicates real cyberattacks in a safe setting. No guesswork. No assumptions. Just validated defense. Thank you to everyone who reviewed us.

Pen tests once or twice a year. Attackers every day. Automated penetration testing runs continuously, maps real attack paths, and shows which vulnerabilities actually lead to compromise. Not just what's wrong. What's exploitable. See the full use case: hubs.li/Q046Gdg-0

Book a meeting: events.picussecurity.com/picus-at-rsa-c…

RSAC 2026. Booth #N-4405. March 23-26. We're showing Picus Agentic Exposure Validation live. AI agents that continuously find gaps and validate your controls before attackers do. Stop by for a demo. Or book time with our team ahead of the event.

Some of the biggest findings from this year's data: ↳ Ransomware encryption down 38%. ↳ Malware now uses trigonometry to detect if it's in a sandbox. ↳ C2 traffic running through OpenAI and AWS APIs. Full report: picussecurity.com/red-report

The Red Report 2026 is here. 1.1M+ malicious files. 15.5M+ adversary actions. One clear shift: 80% of the top techniques are now about staying hidden, not causing damage. Attackers aren't breaking down doors anymore. They're logging in and living inside your systems.

Read now: picussecurity.com/resource/sutte…

Sutter Health's red team was spending weeks on manual validation cycles. Now they get full simulation reports in under an hour. Here's how their Red Team Manager, Jaime Rodriguez, and team made the shift 👇 [link in reply]

New from Hong Kong: the Code of Practice for Critical Infrastructure operators doesn't just ask "do you have security controls?" It asks "can you prove they work?" Our compliance guide breaks down every major CoP section and how to meet it with continuous validation. Read more: hubs.ly/Q046Gd780

Frost & Sullivan named Picus the Innovation Index Leader in Automated #SecurityValidation 2026. The reason: agentic AI that actually works because the data behind it is unified. 20+ Fortune 500 accounts joined this year. The market is moving. @su13ym4n's full take: hubs.li/Q046G6NL0 #Cybersecurity #FrostRadar

80% of today's top attack techniques are designed just to stay hidden. 🦠 @su13ym4n breaks down the highest concentration of stealth tactics ever recorded by Picus Labs. Learn more: hubs.li/Q046G5yc0 #ThreatIntelligence #CyberSecurity

CVE-2025-66516 in Apache Tika. CVSS 8.4. The root cause is in tika-core, not the PDF parser. Upgrading the wrong module won't fix it. Attack path: malicious XFA in a PDF → XXE → local file disclosure. Fix: tika-core 3.2.2+ Simulate it in Picus with Threat ID 74403. Full breakdown: hubs.li/Q046G6SK0 #CVE202566516 #XXE

True innovation isn't just another AI wrapper. 🏆 Frost & Sullivan just named Picus the Innovation Index Leader in the 2026 Frost Radar™ for #AutomatedSecurityValidation! Discover how Agentic Exposure Validation is redefining cyber resilience: hubs.li/Q045R5N30 #AgenticAI

Wrapped up two sessions at #eCrime2026 in London. AI adversaries on the main stage. True cyber exposure validation in the breakout. Full rooms both times. Good conversations with the people doing the real work. See you at the next one

@Gartner_inc Full Gartner Emerging Tech report here: picussecurity.com/resource/repor… Worth reading whether you're buying, building, or evaluating. #Cybersecurity #ExposureManagement #CTEM

Gartner core argument: → Fragmented tools = blind spots, slow response, and unvalidated risk → The fix: platforms that unify the full CTEM lifecycle with automation → 8+ major acquisitions in the last 2 years — all moving toward unification This isn't a forecast. It's already happening.

New @Gartner_inc prediction: By 2028, unified exposure management platforms (UEMPs) will capture 60% of the exposure management market — up from less than 5% in 2025 — driven by the need to consolidate fragmented security data and unify siloed exposure management processes. Point solutions are getting displaced. The consolidation is already underway. Here's what the research says 🧵