"The gap between what you defend and what's actually exposed is where every breach begins."
— K. Ellabban
Independent OSINT research and published threat analyses across critical infrastructure, healthcare, cloud, and software supply chains. These are recent breach analyses.
Triple-vector extortion campaign targeting Salesforce CRM data, source code repositories, and AWS infrastructure simultaneously.
Investigation into how threat actors exploit legitimate government email infrastructure to target trademark filers.
Analysis of Oracle's dual breach affecting cloud SSO and healthcare systems - and the denial that collapsed under evidence.
The largest US government data breach via an 84-day ransomware dwell time affecting 25 million citizens.
Healthcare supply chain breach persisting for 11 months before detection, exposing millions of patient records.
State-sponsored supply chain attack leveraging social engineering to compromise one of npm's most popular packages.
Security research operating under zero-trust principles. Never trust, always verify.
Passive external reconnaissance to identify exposed assets, leaked credentials, and misconfigured services before adversaries do.
External attack surface analysis from an adversary's perspective. No agents, no access needed - just what's already visible.
Vendor inventory mapping, third-party risk scoring, and supply chain exposure analysis for organizations relying on external data and infrastructure access.
Coordinated vulnerability disclosure with verified remediation. We document, we notify, we follow through.
Post-breach forensic analysis and timeline reconstruction. Understanding the kill chain to prevent recurrence.
Independent open-source intelligence research on cyber threats. We investigate, analyze, and publish breach reports on our Cyber Threats page.
One breach exposes every client. We assess the attack surface your partners create.
A subsidiary's exposure is yours. We map risk across your portfolio.
Critical infrastructure under persistent threat. We verify what internal programs miss.
The costliest breach sector for 14 consecutive years. We quantify the exposure.
Multi-jurisdictional regulatory exposure. Every report maps fines to specific provisions.
Millions of records, hundreds of vendors. We test the boundaries.
Zero Tolerance is a security research firm built on one principle: Breaches are inevitable, but negligence isn't.
We conduct passive external reconnaissance - no intrusion, no exploitation. We observe what's already exposed and document what organizations fail to protect.
Every disclosure is responsible. Every remediation is confirmed. Every analysis is published to raise the standard of accountability in cybersecurity.
Responsible disclosure, advisory engagement, or media inquiries.
We do not use web forms. Your message is sent directly from your own email client - no data passes through or is stored on our servers. For sensitive disclosures, encrypt with our PGP key.
RESPONSE WITHIN 48 HOURS