"The gap between what you defend and what's actually exposed is where every breach begins."
— K. Ellabban
Independent OSINT research and published threat analyses across critical infrastructure, healthcare, cloud, and software supply chains. These are recent breach analyses.
IRGC-CEC-linked actors exploiting internet-facing Rockwell PLCs across U.S. critical infrastructure. Operational disruption and financial loss confirmed.
FBI's DCS-3000 pen register system compromised via ISP vendor supply chain. Surveillance target phone numbers and PII exposed.
LinkedIn deployed hidden JavaScript scanning visitors for 6,236 browser extensions - including 200+ competitors - while harvesting device telemetry.
ShinyHunters claims 3M Salesforce records, 300+ GitHub repos, and AWS data from three breach vectors in a triple-vector extortion against Cisco.
North Korea's UNC1069 social-engineered the lead Axios maintainer, hijacking npm and GitHub accounts to deploy the WAVESHAPER.V2 RAT via 100M weekly downloads.
A Russian-speaking actor deployed GlassWorm across 433 components in four developer ecosystems using invisible Unicode payloads and Solana blockchain C2.
Security research operating under zero-trust principles. Never trust, always verify.
Passive external reconnaissance to identify exposed assets, leaked credentials, and misconfigured services before adversaries do.
External attack surface analysis from an adversary's perspective.
Vendor inventory mapping, third-party risk scoring, and supply chain exposure analysis for organizations relying on external data and infrastructure access.
Coordinated vulnerability disclosure with verified remediation. We document, we notify, we follow through.
Post-breach forensic analysis and timeline reconstruction. Understanding the kill chain to prevent recurrence.
Independent open-source intelligence research on cyber threats. We investigate, analyze, and publish breach reports on our Cyber Threats page.
One breach exposes every client. We assess the attack surface your partners create.
A subsidiary's exposure is yours. We map risk across your portfolio.
Critical infrastructure under persistent threat. We verify what internal programs miss.
The costliest breach sector for 14 consecutive years. We quantify the exposure.
Banks, insurers, and payment platforms across three continents. We find what compliance audits miss.
Millions of records, hundreds of vendors. We test the boundaries.
Zero Tolerance is a security research firm built on one principle: Breaches are inevitable, but negligence isn't.
We conduct passive external reconnaissance - no intrusion, no exploitation. We observe what's already exposed and document what organizations fail to protect.
Every disclosure is responsible. Every remediation is confirmed. Every analysis is published to raise the standard of accountability in cybersecurity.
Responsible disclosure, advisory engagement, or media inquiries.
We do not use web forms. Your message is sent directly from your own email client - no data passes through or is stored on our servers. For sensitive disclosures, encrypt with our PGP key.
RESPONSE WITHIN 48 HOURS