wizlynx group

Name: wizlynx group
Address: Hauptstrasse 11, Binningen, 4102, CH
Telephone: +41618239050

Startseite
Schweiz
Binningen
wizlynx group

Welcome to the official wizlynx group page - your global Cyber Security provider for Penetration Tes PROFESSIONAL PORTFOLIO
We live and breathe Cyber Security!

wizlynx group is an ethical, trustworthy, and vendor agnostic global Cyber Security provider. Headquartered in Switzerland, you can rely on us to effectively protect your business and trade secrets against any form of cybercrime. Our vision is to be a best-in-class global Cyber Security company, enabling customers to focus on their core business by providing high-quality, value added and innovativ

e Cyber Security services. wizlynx group is one of the few globally accredited CREST Penetration Testing service providers, employing CREST registered Penetration Testers. This highly recognized certification is proof to our customers that wizlynx maintains the highest quality of technical capabilities, policies, processes and procedures. For this reason, we have designed a service portfolio that covers the entire risk management lifecycle to ensure our customer benefits from our passion and experience, but primarily to maximize their protection. Our vast and flexible portfolio encompasses various security assessments and penetration test to meet every customer’s need, whether large or small. Our Cyber Defense Consulting Services provide design and integration of security products, spanning all layers (i.e. network, host, system, and application) for a 360° protection. Additionally, our Cyber Defense Consulting Services are complemented by our Cyber Defense Operations Services to securely manage security infrastructure by security experts 24 hours a day, 7 days a week, 365 days a year. wizlynx has extensive experience in protecting 2000+ customers, some part of the Fortune 100, against various cyber threats, including thousands of security assessments, penetration tests, incident responses, and breach root cause analyses for companies in various sectors. Leave no stone unturned with wizlynx – the perfect partner to ensure high-quality services and assessments giving you a true sense of security!

19/06/2026

The Business Layer Is Under Attack | Weekly Cyber Risk Brief

This week reminded us that attackers are not always breaking down doors. Sometimes they are just walking through ones that were left open. Here is what happened.

💉 | A weight-loss drug giant had visitors for two months. Nobody noticed. — A hacking group calling itself FulcrumSec claims it spent over two months inside Novo Nordisk's network — the company behind Ozempic and Wegovy — quietly copying around 1.3TB of data. We're talking source code, drug research, clinical trial records, even AI models. They asked for $25 million. Novo Nordisk said no. Two months is a long time for nobody to notice someone going through your files.

🔥 | 74,000 firewalls got hacked. Not with a fancy exploit, but with old passwords. — Researchers uncovered a massive campaign nicknamed "FortiBleed," where attackers cracked old, leaked passwords and used them to access roughly 74,000 firewalls and VPN devices across 194 countries. No clever trick. No new vulnerability. Just credentials that were stolen somewhere else, never changed, and reused. A good reminder that the password you forgot to update years ago might still be working — just maybe not for you anymore.

🛠️ | Microsoft just released its biggest update ever. And one bug was already being used by hackers. — This month's Patch Tuesday fixed over 200 security issues, including six zero-days. One of them, an Exchange email vulnerability, was already being actively exploited before the fix was even available. With that many updates at once, the real challenge for IT teams is not just patching everything — it is figuring out what to patch first.

Three very different stories. One same lesson: attackers are not always doing anything fancy. They are finding the door nobody locked, the password nobody changed, or the update nobody got to yet.

Curious how prepared your organization really is against this kind of thing?

👉 https://www.wizlynxgroup.com/contact

Sources: Reuters, TechCrunch, Dark Reading, BleepingComputer

18/06/2026

Trusted systems are becoming part of the attack path.

Across our recent Cyber Risk Briefs, one pattern keeps showing up: Attackers are using valid accounts, trusted devices, remote access tools, security platforms, and normal business workflows to move quietly through organizations.

That is what makes the risk harder to detect.

A login may look approved.
A tool may look trusted.
A system may look legitimate.

But that does not always mean the activity is safe.

A red team assessment helps test how your people, processes, technology, and detection capabilities respond to realistic attacker behavior.

Because the real issue is not always one missing control.

Sometimes, it is what happens between controls.

🚩 Learn more about wizlynx group Red Team Assessment Services:
https://bit.ly/4n9Kr82

16/06/2026

Not every cyberattack looks like a “break-in.”

Sometimes attackers use what companies already trust:

✅ Real accounts
✅ Approved tools
✅ Normal-looking logins
✅ Familiar systems

That is why these attacks are hard to spot.

We explain this in two recent blogs:

🔎 𝗟𝗶𝘃𝗶𝗻𝗴-𝗼𝗳𝗳-𝘁𝗵𝗲-𝗟𝗮𝗻𝗱 𝗮𝘁𝘁𝗮𝗰𝗸𝘀
How attackers use existing tools inside an organization.
https://www.wizlynxgroup.com/news/living-off-the-land-attacks/

🔐 𝗠𝗼𝗱𝗲𝗿𝗻 𝗰𝗿𝗲𝗱𝗲𝗻𝘁𝗶𝗮𝗹 𝘁𝗵𝗲𝗳𝘁
How valid access can be abused after login.
https://www.wizlynxgroup.com/news/modern-credential-theft/

Can your organization spot a threat when it looks normal?

15/06/2026

We've seen this pattern before.

Attackers aren't always looking for obscure systems. More often, they're targeting the platforms organizations depend on every day.

This weekend brought three examples:

🏛️ | 100+ Organizations Breached Through One Platform — ShinyHunters exploited a PeopleSoft zero-day before Oracle released a fix, compromising more than 100 organizations. Many of the affected institutions were universities. Attackers gained remote access, deployed tools for command ex*****on, and accessed large amounts of sensitive data. CISA added the vulnerability to its Known Exploited Vulnerabilities catalog on June 12.

🔍 | Your SIEM Could Become the Attack Surface — A critical unauthenticated remote code ex*****on vulnerability was disclosed in Splunk Enterprise, and a public proof-of-concept is already available. The concern isn't just the vulnerability itself—it's where it exists. Security teams rely on SIEM platforms to detect and investigate threats. If attackers compromise that visibility layer, they gain a significant advantage.

🤖 | AI Development Tools Are Becoming a New Target — Researchers disclosed a new attack technique called "Agentjacking" that can hijack AI coding assistants and execute attacker-controlled code on developer machines. As AI becomes part of daily development workflows, it is also becoming part of the attack surface.

Different technologies. Same lesson.

The systems we trust most often become the systems attackers focus on. Understanding how these platforms can be abused before a real attacker does is a critical part of reducing risk.

Learn how wizlynx group helps organizations validate critical business systems through pe*******on testing, red teaming, and adversary simulation: https://www.wizlynxgroup.com/contact

Sources: SecurityWeek, Google Threat Intelligence Group, Mandiant, Rapid7

*******onTesting

12/06/2026

Control is the Target | Weekly Cyber Risk Brief

The perimeter was never the target. It was just the starting point.

💼 | They came through finance. — Threat actors exploited an Oracle PeopleSoft zero-day before it was publicly disclosed — gaining access through the systems that run HR, finance, and core operations. These platforms are rarely treated with the same scrutiny as perimeter infrastructure. That gap is exactly what attackers are counting on.

⏱️ | Disclosed Monday. Exploited Tuesday. — A maximum-severity Ivanti Sentry vulnerability was actively exploited within 24 hours of public disclosure. For internet-facing management systems, the window between "advisory published" and "actively under attack" is now measured in hours. Patch schedules built around weeks are no longer a viable defense posture.

🛡️ | They did not beat the Defender. They used it. — Microsoft patched an actively exploited elevation-of-privilege vulnerability in Defender. Attackers did not work around the security tool — they leveraged it to move deeper after initial access. When security software becomes a privilege escalation path, the assumption that protected means hardened needs revisiting.

Three weeks of the same direction. The targets keep moving closer to the core — from perimeter tools to enterprise applications to the security stack itself.

Which of your most trusted systems has never been tested against the scenarios above?

Learn more 👉 https://www.wizlynxgroup.com/contact

Sources: Reuters, SecurityWeek, Dark Reading, The Record, Google, Mandiant

11/06/2026

𝗖𝗼𝗺𝘂𝗻𝗶𝗱𝗮𝗱, 𝘁𝗮𝗹𝗲𝗻𝘁𝗼 𝘆 𝘀𝗲𝗴𝘂𝗿𝗶𝗱𝗮𝗱 𝗼𝗳𝗲𝗻𝘀𝗶𝘃𝗮. | 🇲🇽

Eso fue parte de lo que vivimos en Pwnterrey 2026, en Monterrey, donde dos miembros de nuestro equipo de México, Adán y Rubén, compartieron conocimiento técnico directamente con jóvenes profesionales, empresas y miembros de la comunidad de ciberseguridad.

Su presentación reflejó algo que valoramos mucho en wizlynx group: experiencia práctica, seguridad ofensiva responsable e intercambio continuo con las personas que enfrentan desafíos reales de seguridad.

Gracias a todos los que se acercaron, conversaron con nuestro equipo y mostraron interés en nuestro trabajo. 🤝

Acompáñennos a reconocer a Adán, Rubén y al resto de nuestro equipo en México por representar a WLX en Pwnterrey 👏

10/06/2026

Pregunta rápida:

Si un usuario iniciara sesión con credenciales válidas, desde un dispositivo conocido y después de aprobar MFA...

¿Tu organización asumiría que todo está bien?

La mayoría de las organizaciones responderían que sí.

Sin embargo, muchos ataques modernos no comienzan rompiendo defensas. Comienzan utilizando sesiones, tokens y accesos legítimos que ya existen dentro de tu entorno.

Por eso una autenticación exitosa no siempre significa que quien está detrás sea el usuario legítimo. 🚩

¿Qué crees que es más difícil hoy para los equipos de seguridad?

Te leemos en los comentarios.

Y si te interesa profundizar en el tema, compartimos más detalles aquí 👉 https://www.wizlynxgroup.com/news/modern-credential-theft/

09/06/2026

Your IT team receives a login alert. 🚩

Valid credentials. Known device. Normal time of day.

But it's an attacker!

Modern credential theft is no longer just about passwords. Today's attackers increasingly abuse trusted sessions, tokens, and identity systems to move through environments without triggering obvious alarms.

Would your organization recognize the difference between a legitimate user and an attacker using legitimate access?

We explore the challenge in our latest article 👇
https://www.wizlynxgroup.com/news/modern-credential-theft/

08/06/2026

Another week, same pattern.

Attackers are not spending their time breaking through defenses. They are targeting the systems organizations already trust to manage networks, support users, and keep operations running.

Here are three signals from this weekend:

🔌 | Cisco SD-WAN just hit its seventh exploited zero-day of 2026.
The latest flaw allows attackers to execute commands and push configuration changes through a platform designed to manage networks at scale. Once attackers reach the control layer, they can influence traffic, establish persistence, and expand their reach far beyond a single device.

📞 | The IT support call was the attack. Silent Ransom Group is targeting organizations through fake helpdesk calls, phishing emails, and remote access requests. No sophisticated exploit was required. Just a convincing conversation and a process that trusted the caller too quickly.

📁 | Sometimes the outage is the objective. CISA warned that attackers are actively exploiting a SolarWinds Serv-U vulnerability that can crash managed file transfer servers. For organizations that depend on these systems for legal, operational, or compliance workflows, availability is part of security.

The common theme?

The systems trusted to manage and protect everything else are becoming the attack surface.

If those systems are trusted by default, they should also be tested by design 👉 https://www.wizlynxgroup.com/contact

Sources: SecurityWeek, BleepingComputer, SC Media, CISA

05/06/2026

Attacker Are Still Abusing The Things You Trust.

Last weekend we highlighted a growing trend: attackers are increasingly using trusted tools and systems against the organizations that rely on them.

This week brought three more examples:

🤖 | Please reset my password. — Attackers discovered they could convince Meta's AI support assistant to reset account passwords, leading to takeovers of high-profile Instagram accounts. No malware. No phishing. Just abuse of an automated support process.

🔑 | Your VPN became their VPN. — Attackers actively exploited a Palo Alto GlobalProtect authentication bypass vulnerability, allowing unauthorized access to internal networks. The issue was serious enough to be added to CISA's Known Exploited Vulnerabilities catalog.

⛽ | Critical infrastructure exposed to the internet. — The FBI warned that attackers are targeting internet-connected fuel tank monitoring systems used at fuel depots, airports, and other facilities. In many cases, default passwords and exposed management interfaces were enough to gain access.

The lesson is becoming difficult to ignore:

Attackers don't always need new malware or advanced exploits. Sometimes they simply abuse trusted systems, weak configurations, or automated processes that organizations assume are secure.

The gap between what we trust and what we verify is often where risk lives.

Learn more about proactive security testing:
https://www.wizlynxgroup.com/contact

Adresse

Hauptstrasse 11
Binningen
4102

Telefon

+41618239050

Webseite

http://www.wizlynxgroup.com/ch/en

Benachrichtigungen

Lassen Sie sich von uns eine E-Mail senden und seien Sie der erste der Neuigkeiten und Aktionen von wizlynx group erfährt. Ihre E-Mail-Adresse wird nicht für andere Zwecke verwendet und Sie können sich jederzeit abmelden.