|
By Stacey Nosan
The emergence of the CRINK axis—a coordinated cyber-threat nexus comprised of China, Russia, Iran, and North Korea—has dramatically impacted the 2026 global risk landscape. As these nation-states utilize AI-driven scale and living-off-the-land (LOTL) tactics to target critical infrastructure, SafeBreach’s new content series provides essential intelligence on their evolving motivations and methods.
|
By SafeBreach
Dirty Frag (comprising CVE-2026-43284 and CVE-2026-43500) is a high-impact Linux kernel vulnerability chain that enables deterministic, reliable local privilege escalation (LPE) to root across major enterprise distributions. Unlike previous race-condition exploits, this logic flaw in the IPsec ESP and RxRPC subsystems offers a near 100% success rate, allowing attackers to escalate from a minor foothold to full system control without triggering typical kernel panics.
|
By Uzi Galili
CVE-2026-31431— the “Copy Fail” vulnerability—is a critical local privilege escalation (LPE) flaw in the Linux kernel’s cryptographic subsystem that allows unprivileged users to gain root access with near-perfect reliability. Boasting a CVSS score of 7.8 and affecting nearly every mainstream distribution since 2017 (including Ubuntu, RHEL, and Amazon Linux), Copy Fail has been added to the CISA KEV catalog due to its active exploitation and portable, low-footprint nature.
|
By SafeBreach
SafeBreach Helm is a pioneering AI agent designed to operationalize the complete Continuous Threat Exposure Management (CTEM) lifecycle by unifying SafeBreach’s industry-leading adversarial exposure validation (AEV) capabilities with data and insights from across an organization’s existing security ecosystem.
|
By Yossi Attas
In the fifth installment of SafeBreach’s AI-First series, VP of Development Yossi Attas explores how the development team’s AI-First philosophy is being extended to the customer frontier and improved upon through the Anti-Hallucination Protocol.
|
By Yossi Attas
In the fourth installment of SafeBreach’s AI-First evolution series, VP of Development Yossi Attas and Principal Software Design Engineer Guy Ephraim explore how test-driven development (TDD) serves as the essential “safety net” for high-speed AI code generation.
|
By Yossi Attas
In the third installment of SafeBreach’s AI-First development series, VP of Development Yossi Attas explores the resurgence of the Product Requirements Document (PRD) as the foundational “control surface” for AI-assisted engineering.
|
By Tova Dvorin
SafeBreach Senior Product Marketing Manager Tova Dvorin explores the critical necessity of continuous validation in Zero Trust architectures, specifically focusing on the integration of SafeBreach and Akamai Guardicore. While microsegmentation is a foundational element in the defense against lateral movement and ransomware propagation, dynamic infrastructure and policy drift often create “blind spots” that compromise security posture.
|
By Yossi Attas
In this second installment of a series on the transformation of SafeBreach’s development organization, VP of Development Yossi Attas details a structured operational workflow that integrates Jira, BitBucket, and Claude Code to turn AI usage from ad-hoc prompting into a rigorous engineering methodology.
|
By Uzi Galili
The new SafeBreach extension for VS Code integrates Breach Studio’s powerful custom attack development capabilities directly into the world’s most popular IDE to enable security teams to engineer custom attack simulations with unprecedented speed and precision. Security engineers can leverage Git-native version control, AI-assisted authoring, and real-time IntelliSense linting to eliminate friction and reduce failed executions.
|
By SafeBreach
Most organizations have no idea how many MCP servers are running in their environment—and attackers are counting on that. In this clip, Adrian Culley breaks down the exact steps security teams need to take now: run the network scan, apply stringent code review to every MCP server project you find, and mandate authentication. Authorization may be optional in the MCP spec—but it doesn't have to be optional in your deployment.
|
By SafeBreach
In a multi-agent AI workflow, one agent's output becomes the next agent's input. That's the design. It's also the attack surface. Researchers have demonstrated that a single poisoned output can cascade across an entire pipeline — triggering unauthorized behavior, data exfiltration, and control flow hijacking across chained MCP processes. The attack class is called toxic flows. And every one of them passes classical zero trust checks.
|
By SafeBreach
A security researcher introduced a malicious MCP server into an environment that already had a legitimate WhatsApp integration—and watched it silently expose message history without any user approval. The technique is called a rug pull. The server advertised one behavior at installation. On second usage, it switched to something else entirely. The approval was real. The thing you approved was not. This is what trust decay looks like in practice—and it passes every classical security check.
|
By SafeBreach
Most enterprises assume their Zero Trust architecture covers their AI agents. It doesn't. Hosts Tova Dvorin and Adrian Culley break down why zero trust breaks against the Model Context Protocol (MCP)—and why "verified" no longer means "safe." They unpack trust decay, the WhatsApp and GitHub MCP exploits, rug-pull tool poisoning, CVE-2025-49596, and the rise of "zero standing trust," then close with three moves for CISOs this quarter: inventory your MCP estate, mandate authentication, and validate your controls.
|
By SafeBreach
AI just handed attackers a new front door — and most security teams don't even know it exists. Model Context Protocol (MCP) is the emerging standard that lets AI agents talk to your tools, your data, and each other. It's also the most significant new attack surface to emerge in years. The NSA noticed. Your adversaries already have.
|
By SafeBreach
The NSA just published a rare advisory on the Model Context Protocol (MCP)—the plumbing under nearly every agentic AI deployment of the last 18 months—and the verdict is stark: optional authentication, no token lifecycle, silent behavior changes, and no logging to catch any of it. Host Tova Dvorin sits down with defensive cybersecurity expert Adrian Culley to unpack the eight risk categories, the WhatsApp and GitHub MCP exploits, and why MCP is now a testable validation surface.
|
By SafeBreach
When a tired EU diplomat clicks "connect" on an airport Wi-Fi portal, his briefing—and his government's secrets—end up in Chengdu. Hosts Tova Dvorin and Adrian Culley unpack Mustang Panda (APT27 / Bronze President), the Chinese threat group running the long con against NGOs, ASEAN ministries, and Tibetan and Uyghur activists. Inside: captive-portal Wi-Fi Pineapples that bypass MFA, PlugX side-loading through legitimate apps, and the USB worm that jumps air-gapped military networks.
|
By SafeBreach
In the finale of our Russian intelligence and proxy threat series, SafeBreach engineer Adrian Culley joins host Tova Dvorin to turn five episodes of analysis into concrete, actionable defense. The threat is real—now here's how you stop it.
|
By SafeBreach
China's cyber shadow has already reached your software. APT 41 — known as Double Dragon — isn't just stealing state secrets. They've pioneered a new generation of supply chain attacks, trojanizing the shared code libraries that thousands of organizations trust without question. And their latest splinter unit, UAT 7290, has been inside North American developer environments for over a year — not triggering anything, just watching, learning, and waiting to strike in a way that looks completely native.
|
By SafeBreach
In Part 4 of our Russian intelligence series, host Tova Dvorin and Adrian Culley map the proxy bridge between Western teenage hackers and Moscow. BlackCat (ALPHV) ransomware-as-a-service is the operational hinge: Scattered Spider breaks in, BlackCat encrypts, and the FSB watches the dashboard. Hear how the Kremlin earns plausible deniability, why a $115M extortion stream self-funds Russian intelligence, and what MI6's new "hybrid shadow war" warning means for defenders simulating Rust-based ransomware in their own networks.
|
By SafeBreach
Today's CISOs and security teams must constantly validate security controls to identify gaps, remediate misconfigurations, and optimize performance against a rapidly increasing threat landscape. Breach and attack simulation (BAS) solutions-designed to continuously test the effectiveness of security controls and identify potential vulnerabilities-have emerged as a powerful tool to help organizations navigate this new reality. But not all BAS platforms are created equal.
|
By SafeBreach
The mission of today's security teams is clear: protect the company from emerging cyber threats. What's less clear is how to ensure stakeholders understand the impact of their programs. Traditional security reporting focuses on threats and vulnerabilities and how many were stopped and prevented, but non-technical stakeholders-who are concerned with the business's bottom line and how these threats can impact business continuity-need to know how these activities translate to tangible business values. As risk is tied to revenue, security teams need a simple way to understand and share the real efficacy of their programs with their stakeholders.
|
By SafeBreach
Starting a red-team program but not sure where to begin? Looking to improve your existing red-team operation? Before getting too far in the cyber weeds, go back to the basics with "The Fundamentals of Modern Cybersecurity Red Teaming."
|
By SafeBreach
There are a number of security validation methods available on the market today, but each has different uses and functions. And, not all of them are appropriate in every IT environment. As a result, many organizations waste time and resources on technologies or approaches that may work well for others, but aren't a good fit for their specific use case.
|
By SafeBreach
2022 saw a dramatic increase in the prevalence, severity, and impact of cyberattacks, presenting a striking new reality for CISOs and their security teams. They were-and continue to be-in a constant race against time to improve security and performance.
|
By SafeBreach
Modern SOCs are complex environments with dozens of tools, overlapping teams, and a constantly growing attack surface to protect. To combat these challenges and keep up with the rapidly evolving threat landscape, security leaders must constantly strive to improve SOC efficiency and keep team members engaged.
- June 2026 (6)
- May 2026 (7)
- April 2026 (11)
- March 2026 (9)
- February 2026 (8)
- January 2026 (9)
- December 2025 (15)
- November 2025 (4)
- October 2025 (11)
- September 2025 (4)
- August 2025 (7)
- July 2025 (3)
- June 2025 (2)
- May 2025 (2)
- April 2025 (1)
- March 2025 (1)
- February 2025 (2)
- January 2025 (2)
- November 2024 (1)
- October 2024 (3)
- September 2024 (3)
- August 2024 (8)
- July 2024 (3)
- June 2024 (3)
- May 2024 (7)
- April 2024 (4)
- March 2024 (5)
- February 2024 (5)
- January 2024 (2)
- December 2023 (9)
- November 2023 (8)
- October 2023 (4)
- September 2023 (7)
- August 2023 (11)
- July 2023 (4)
- June 2023 (8)
- May 2023 (13)
- April 2023 (7)
- March 2023 (3)
- February 2023 (4)
- January 2023 (2)
- December 2022 (5)
Combining the mindset of a CISO and the toolset of a hacker, SafeBreach is the pioneer in breach-and-attack simulation (BAS) and is the most widely used platform for continuous security validation. SafeBreach continuously executes attacks, correlates results to help visualize security gaps, and leverages contextual insights to highlight remediation efforts.
With its Hacker’s Playbook™, the industry’s most extensive collection of attack data enabled by state-of-the-art threat intelligence research, SafeBreach empowers organizations to get proactive about security with a simple approach that replaces hope with data.
Unleash the power of your security controls to drive down risk.
- Attack with Purpose: Execute real-world attacks safely and continuously to identify what your security controls will prevent, detect, or miss.
- Analyze with Real-Time Data: Gain a quantitative view of your security posture by visualizing security-control performance data that’s not available anywhere else.
- Remediate with Intention: Review actionable data to quickly identify gaps, expedite remediation, and efficiently reduce risk.
- Report with Confidence: Communicate to key stakeholders with clear insights to quantify risk, prioritize investments, and ensure strategic alignment.
Gain visibility across the entire cyber kill chain.