|
By James Drew
Microsoft has released an emergency out of band update for.NET to address a critical security vulnerability affecting ASP.NET Core applications. The issue, tracked as CVE-2026-40372, relates to improper verification of cryptographic signatures within the ASP.NET Core Data Protection framework. The vulnerability was introduced as a regression in earlier.NET 10 releases and has prompted the release of.NET 10.0.7 to mitigate risk.
|
By Theklis Stefani
In April 2026, Microsoft disclosed and patched a critical remote code execution vulnerability affecting the Windows Internet Key Exchange Service Extensions. Tracked as CVE-2026-33824, the issue was addressed as part of Microsoft’s April 2026 Patch Tuesday release. The affected component forms part of the Windows IPsec and IKEv2 stack, which is widely used to provide secure network connectivity.
|
By Adam King
For organisations working towards SOC 2, penetration testing is often one of the more visible and scrutinised components of the audit process. While SOC 2 is not prescriptive in how controls must be implemented, it does require clear evidence that risks are identified, assessed, and addressed through effective security practices. SOC 2 penetration testing plays a key role in demonstrating this.
|
By Tom Keech
The JavaScript ecosystem experienced a significant supply chain incident on 31 March 2026 when two newly published Axios versions were found to contain a malicious dependency. Axios is one of the most widely used HTTP clients in both browser and Node.js environments, with weekly downloads ranging from 80 to over 100 million. The compromise impacted organisations across sectors that rely on the package for service integration and automation.
|
By Adam King
For organisations pursuing SOC 2, demonstrating effective security controls is central to the audit process. While the framework does not prescribe specific technologies or testing frequencies, it does require evidence that risks are identified, assessed, and mitigated through appropriate controls. This is where SOC 2 penetration testing becomes particularly relevant.
|
By Tim Reed
In March 2026, a critical severity vulnerability was disclosed in the GNU InetUtils telnetd service. The flaw, tracked as CVE-2026-32746, impacts all versions up to and including InetUtils 2.7. Telnetd is a legacy remote access service that establishes interactive shell sessions over the Telnet protocol. The vulnerability enables remote unauthenticated attackers to achieve arbitrary code execution with root privileges.
|
By Adam King
For SaaS providers, trust is a core part of the offering. Customers rely on software platforms to process data, support business operations, and integrate with wider technology ecosystems. As a result, demonstrating effective security and governance controls using frameworks like SOC 2 has become an increasingly important requirement when selling to enterprise customers. SOC 2 has emerged as one of the most widely recognised frameworks for demonstrating product security assurance.
|
By Adam King
Ecommerce platforms represent one of the most consistently targeted areas of the modern digital estate. They process payment data, store personal information, integrate with logistics and marketing systems, and underpin revenue for many large businesses. The combination of financial value and sensitive data makes ecommerce security vulnerabilities an attractive target for attackers.
|
By James Drew
Microsoft is making a fundamental change to how outbound internet connectivity works for virtual machines within Azure Virtual Networks. From March 2026, default outbound access will be retired for new virtual networks, requiring organisations to explicitly design and configure outbound connectivity for their workloads.
|
By Phil Condon
OAuth is a commonly used authorisation framework, that allows websites and web applications to request limited access to a user’s account on another application. Users can grant this limited access to their account, without ever needing to expose their password with the requesting website or application. This is commonly seen with sites that allow you to log in with popular accounts such as a social media login, Microsoft or Google account.
- April 2026 (3)
- March 2026 (6)
- February 2026 (7)
- January 2026 (5)
- December 2025 (6)
- November 2025 (4)
- October 2025 (3)
- September 2025 (2)
- May 2024 (1)
- April 2024 (3)
- March 2024 (2)
- February 2024 (3)
- January 2024 (2)
- November 2023 (1)
- June 2023 (1)
- November 2022 (1)
- October 2022 (1)
- July 2022 (1)
- June 2022 (1)
- January 2022 (1)
- November 2021 (2)
- October 2021 (3)
- September 2021 (2)
- July 2021 (1)
- June 2021 (2)
- May 2021 (2)
- April 2021 (1)
- January 2021 (1)
Sentrium is a CREST-Approved cyber security consultancy, powered by a combination of extensive business and technical expertise that provides you with the services you need to reduce your risk.
We are committed to global cyber security advancement, equipping businesses around the world with the awareness of their technical environment so they can be secure in the ever-changing threat landscape.
Our transparent, consultative approach reaches further into your organisation’s security posture to achieve impactful, valuable results.
- Application: Protect sensitive information stored in your web and mobile applications by meticulously identifying vulnerabilities and recommending remediations before they can be exploited.
- Cloud: Alleviate risks to your cloud security controls with rigorous analysis, assessment and recommendations that ensure the security of your cloud environment.
- Infrastructure: Methodically target your technology’s security controls to uncover weaknesses in your technical environment and secure your network’s infrastructure.
Securing your technology, information and people.