The ScruteX KB: concepts, threats, and how to fix them
A practical cyber security reference for security teams. Plain English explanations of the threats and exposures we see every day, and what you can do about them.
Looking for a specific term? Browse the glossary
About the ScruteX KB
The ScruteX Knowledge Base (KB) is the reference library that sits behind our cyber security platform. It exists for a simple reason: most security questions practitioners ask in real engagements are not novel. They are recurring questions about the same dozen exposure categories — lookalike domains, leaked credentials, exposed services, vulnerable web technologies, supply chain risk, identity weaknesses, and the operational programmes that hold all of this together. The KB collects answers to those questions in plain English and links them back to the controls and detections that matter.
Every KB article is written for a working security professional, not for a search engine. The structure is consistent: what the threat or concept is, why it matters, how attackers actually use it, what defenders typically get wrong, and what good looks like. Where useful, articles include lightweight checklists, comparisons of frameworks (CTEM, ATT&CK, ISO 27001, NIST CSF), and references to the source material we draw from — CISA KEV, MITRE ATT&CK, FIRST EPSS, and primary research from the dark web ecosystem.
Content is organised into six shelves that mirror how security teams actually divide work in practice: attack surface management, data exposure and dark web monitoring, brand protection and impersonation, threat intelligence and threat actors, vendor and supply chain risk, and security operations. Within each shelf, individual books cover a single concept in eight to fifteen minutes of reading. The shelves and the glossary are linked so that an unfamiliar acronym in one article can always be resolved without leaving the KB.
The KB is maintained by the ScruteX research team and updated as the threat landscape changes. New ransomware affiliate models, new CVE exploitation patterns, new takedown tactics for typosquatting domains, and new regulatory requirements (DORA, SOCI, the EU Cyber Resilience Act) all show up here once we have something practical to say. Articles are dated, and significant revisions are flagged on the recently-updated list below.
If you are new to ScruteX, the easiest way to use the KB is to start from a shelf relevant to a current concern, read the overview articles, and follow the related-article links into the deeper material. If you are looking for a specific term, the glossary covers the acronyms and concepts you are most likely to run into in modern security work. The search box above queries titles, descriptions, and summaries across every article in the KB.
Browse by topic
Six shelves covering the topics our customers ask about most.
Attack Surface Management
10 articlesEverything that is exposed to the internet, and the risks that come with it.
Data Exposure and the Dark Web
9 articlesHow sensitive data leaks, where it ends up, and how to find it before attackers do.
Brand Protection
4 articlesLookalike domains, fake apps, and impersonation attacks targeting your brand and customers.
Threat Intelligence
4 articlesWho the attackers are, what they want, and how they operate.
Vendor and Supply Chain Risk
0 articlesThird party risk, security questionnaires, and supply chain attacks.
Security Operations
6 articlesHow security teams prioritise, monitor, and respond to risk in practice.
Human and Identity Threats
7 articlesPhishing, social engineering, account takeover, and the controls that protect identities and access.
Recently updated
Fresh content and revisions to existing articles.
API Security Threats
How modern application architectures put APIs at the centre of the attack surface, what the OWASP API Security Top 10 actually covers, and why traditional WAFs miss API-specific attacks.
9 min read · Updated 2026-04-26Blacklisted IP Addresses
Why IP addresses end up on reputation blocklists, how those listings break mail delivery and outbound traffic, and the practical playbook for monitoring, delisting, and avoiding the problem in the first place.
7 min read · Updated 2026-04-26Cloud Security Misconfigurations
Why cloud misconfigurations have become the dominant cause of public cloud breaches, how they differ from traditional vulnerabilities, and how to find and fix them before attackers do.
8 min read · Updated 2026-04-26Dangling Subdomains and Subdomain Takeover
How abandoned DNS records pointing to deprovisioned cloud resources let attackers claim subdomains under your brand, why this happens constantly, and how to keep DNS hygiene tight.
7 min read · Updated 2026-04-26