Penetration Testing
Find the gaps before they become incidents. Manual, scope-aware testing that prioritises real, exploitable risk over noise.
Security testing & response
Security testing and response for teams that need clear answers.
Penetration testing, incident response, threat hunting, and security consultation built around practical outcomes.
Practical approachMeasurable impactConfidential by defaultClear communication
Services
Four focused services. No filler.
Each engagement is scoped, hands-on, and built to give you answers you can act on.
Incident Response
Contain incidents quickly and recover with confidence. Calm, structured handling from first alert through to root cause.
Threat Hunting
Hunt for threats that automated tools miss. Hypothesis-driven analysis across your environment to surface hidden activity.
Security Consultation
Practical guidance aligned to your business risk. Clear answers and next steps without unnecessary process or jargon.
How we work
A simple, repeatable process.
Step 01
Understand
We map your environment, priorities, and the risks that actually matter to your business.
Step 02
Assess
We test, hunt, or investigate with a clear scope and an eye for real-world impact.
Step 03
Act
We contain, exploit, or advise, then translate findings into concrete next steps.
Step 04
Improve
We help you close gaps and raise your baseline so the same issues don't return.
From the field
Research & analysis.
Practical write-ups on breaches, vulnerabilities, and defensive security.
A Stock Exchange Espionage Campaign Shows Why Executive Mailboxes Are Prime Targets
A Symantec/Broadcom threat-intelligence report details a five-month espionage campaign against a senior executive at a major global stock exchange. Attackers maintained access from October 2025 to March 2026, exfiltrating mailbox data in small batches through personal cloud services while hiding malware inside legitimate-looking Adobe, OneDrive, and Lenovo software components.
Read article
DriveSurge and the Rise of Fake Verification Attacks Against macOS Users
Security researchers at Silent Push published research on DriveSurge, a malware delivery operation using compromised legitimate websites to push fake browser updates and ClickFix-style attacks. The campaign uses clipboard hijacking to trick macOS users into pasting and running malicious commands in Terminal, bypassing browser security entirely by exploiting user trust and habit.
Read article
Cisco's New Vulnerability Disclosure Rhythm: Progress, Pressure, or a Warning Sign?
Starting July 2026, Cisco will move from monthly vulnerability disclosures to twice-monthly releases on the first and third Wednesdays of each month, citing AI-accelerated vulnerability discovery. The change raises practical questions for security teams and harder ones for the industry: is faster disclosure the answer, or does the real problem sit upstream in how software is built?
Read articleConfidentiality
Everything stays between you and us.
We keep a low profile due to the nature of our work. Engagements, findings, and your identity remain strictly between your team and ours.
About
Leveling up, one challenge at a time.
CyberLeveling is an independent cybersecurity initiative founded in Spain by Robert, a security professional with Big Four consulting experience in vulnerability assessments and penetration testing, as well as hands-on experience at small and medium-sized boutique cybersecurity companies. He has been around computers since he was a kid, and that curiosity never really went away.
The name draws from gaming culture: the idea of leveling up your knowledge one challenge at a time.
That same idea has also shaped CyberLeveling as a community. It has allowed us to meet people with different skill levels, backgrounds, and areas of expertise across the cybersecurity field. Our network of partners includes senior to principal-level cybersecurity professionals, giving us access to trusted expertise across areas such as penetration testing, security awareness, incident response, threat hunting, and broader security advisory work.
The platform covers data breaches, CVEs, and emerging vulnerabilities with a practitioner's eye: what happened, why it matters, and what defenders should do. Beyond publishing practical security insights, CyberLeveling also helps organizations navigate the cybersecurity landscape by pointing them toward reliable expertise when they need support.
Request Consultation
Have a security challenge? Let's talk through it.
No obligation. Just a practical conversation about your risks, goals, and next steps.
Request Consultation