PlexTrac Blog

In the world of cybersecurity, AI is the perpetual topic du jour, and more specifically Generative AI. The use of LLMs for all kinds of use cases is the craze and the AI ecosystem continues to move at a rapid pace. When it comes to pentesting, the job of every tester is to keep up…

Breaking Down the New RFC-0012 Standard Under FedRAMP and How It Can Change Your Daily Security Operations If you work in vulnerability management or penetration testing for cloud systems under FedRAMP, buckle up because the new RFC-0012: FedRAMP Continuous Vulnerability Management Standard is going to change how your work is scoped, tracked, and prioritized. The…

As I write this from the airport, the desert heat of Las Vegas is finally fading and I’m reflecting on the whirlwind that was Black Hat USA 2025. For me, this conference is always about two things: the people and the ideas. We hosted our annual Customer Appreciation Night and ran a Pentest Reporting Bootcamp,…

Organizations today are living in a fragmented reality—trapped in outdated prioritization and remediation workflows. Prioritization and remediation orchestration often relies on spreadsheets and decentralized coordination.

Deliver professional, client-ready penetration test reports using our proven structure and expert tips. If you hack in your free time and run penetration tests without a sweat, but dread the pentesting report, this blog is for you. Not everyone is as passionate about pentest reporting as we are. But there’s something about the fresh ink…

Introduction As promised in the original Digital Operational Resilience Act (DORA) timeline, the regulation is now in effect across the European Union. This marks a significant step forward in how financial institutions and their technology partners are expected to manage and mitigate cybersecurity risk. But DORA is more than just another regulation, it’s a mandate…

Exploring NodeZero, Pentera, and PlexTrac for next-gen threat management. Let’s be honest, the cybersecurity tools in your belt keep growing. Then again, so do the cyber threats. How do you find the best tools for your organization and ensure they keep your threat levels at an all-time low and your security posture at your all-time…

Penetration testing is a crucial part of cybersecurity and involves finding and exploiting vulnerabilities in networks, applications, systems, or physical environments before the bad actors can. Penetration testing also plays a key role in continuous threat exposure management. Point-in-time testing is no longer enough, and continuous penetration testing is key to effectively identifying and mitigating…

If you’ve spent any amount of time in cybersecurity, you’ve likely encountered the CVE (Common Vulnerabilities and Exposures) Program. It’s a foundational piece of how we identify and talk about security vulnerabilities as an industry. Over the past 24–36 hours, the cybersecurity world has been buzzing with updates about the future of this essential program. …

The CVE program is vital, but recent events are a reminder that security strategies must go far beyond known vulnerabilities. The potential defunding of the CVE (Common Vulnerabilities and Exposures) program over the past 24 hours sparked widespread concern — and understandably so. While I was fairly confident this situation would be resolved, the reaction…

Gartner’s Continuous Threat Exposure Management (CTEM) framework is all the rage right now. Everyone’s talking about the need for continuous security testing and tossing around “CTEM” as the buzzword. But what is CTEM?  As described in our Conversational Continuous Threat Exposure Management eBook written by Derek A. Smith (CCISO, CISSP) and our founder, Dan DeCloss,…

Risk-based prioritization turns your pile of vulnerability data into clear, actionable insights that help you make smarter decisions.