%term

How to scan your code bases using AI for vulnerabilities with Jeff McJunkin

Apr 23, 2026 By LimaCharlie In LimaCharlie

Join us for this week's Defender Fridays as Jeff McJunkin, Founder of Rogue Valley Information Security, walks through how he built an AI-powered pipeline to scan large codebases for real, exploitable vulnerabilities, using the Linux kernel as his proving ground. At Defender Fridays, we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.

View Video

LimaCharlie

Read more about How to scan your code bases using AI for vulnerabilities with Jeff McJunkin

JPMorgan Just Published a Cyber To-Do List and Snyk Covers 8 of the 10 Items. How do you stack up?

Apr 23, 2026 By John Carione In Snyk

JPMorganChase's Global Technology Leadership published "Fortifying the enterprise: 10 actions to take now for AI-ready cyber resilience" on April 17, 2026. It's a CISO mandate for every large enterprise. Snyk directly addresses 8 of those 10 actions — out of the box, in the developer workflow, with one platform.

Read Post

Snyk

Read more about JPMorgan Just Published a Cyber To-Do List and Snyk Covers 8 of the 10 Items. How do you stack up?

Hardcoding Security into Every Commit: The Future of Snyk Secrets

Apr 23, 2026 By Kate Powers Burke In Snyk

In the modern software development lifecycle, the speed of innovation is often at odds with the security of our most sensitive data. As organizations embrace cloud-native development and AI-generated code, they face a phenomenon known as “secret sprawl”, aka, the uncontrolled and widespread distribution of API keys, passwords, and tokens across repositories, CI/CD logs, and developer collaboration tools.

Read Post

Snyk

Read more about Hardcoding Security into Every Commit: The Future of Snyk Secrets

Emerging Threat: (CVE-2026-40372) ASP.NET Core Privilege Escalation via Signature Bypass

Apr 23, 2026 By Igal Zeifman In CyCognito

CVE-2026-40372 is an elevation of privilege vulnerability in ASP.NET Core caused by improper verification of cryptographic signatures in the Data Protection library. The flaw sits in the HMAC validation routine of the managed authenticated encryptor, where a defective comparison lets an attacker submit a forged payload that the application accepts as legitimately signed. The vulnerability carries a CVSS v3.1 base score of 8.1 (Important), as assigned by Microsoft in the official advisory.

Read Post

CyCognito

Read more about Emerging Threat: (CVE-2026-40372) ASP.NET Core Privilege Escalation via Signature Bypass

A RedSun Rises

Apr 23, 2026 By WatchGuard Technologies In WatchGuard

Corey and Marc break down RedSun, a researcher-disclosed vulnerability that can escalate privileges to full system access, plus a major DDoS-for-hire takedown and Microsoft’s latest RDP security updates.

View Video

WatchGuard

Read more about A RedSun Rises

Navigating Cyber Essentials v3.3: A Guide to Compliance

Apr 23, 2026 By Dominique Adams In Outpost 24

On 27 April 2026, the National Cyber Security Centre (NCSC) will officially implement Cyber Essentials v3.3, delivered through a new self-assessment question set known as Danzell, which replaces the previous Willow set. The foundational five technical controls remain the bedrock of the scheme, but this latest iteration tightens wording, scoping, and marking criteria in ways that have immediate consequences.

Read Post

Outpost 24

Read more about Navigating Cyber Essentials v3.3: A Guide to Compliance

The "Vuln-pocalypse" Looms: Are We Cooked?

Apr 23, 2026 By CrowdStrike In CrowdStrike

Many cybersecurity conversations of late are discussing the impending “vuln-pocalypse” — a term used to describe a scenario in which AI-powered tools are used to discover and exploit vulnerabilities faster than defenders can patch them.

View Video

CrowdStrike

Read more about The "Vuln-pocalypse" Looms: Are We Cooked?

OWASP Defines AI Agent Risk. Behavioral Analytics Detects It

Apr 22, 2026 By Exabeam In Exabeam

The OWASP Top 10 for Agentic Applications defines the most common AI agent risks, but real attacks unfold across multiple stages of behavior. Behavioral analytics detects those risks by modeling how users, AI agents, and their interactions change over time. By observing deviations across inputs, processing, and outputs, security operations teams can identify insider‑driven and agent‑driven threats that traditional, event‑based detection misses.

Read Post

Exabeam

Read more about OWASP Defines AI Agent Risk. Behavioral Analytics Detects It

You're Not Watching MCPs. Anthropic's Vulnerability Shows Why You Should Be.

Apr 22, 2026 By Roey Eliyahu In Salt Security

Last week, researchers at OX Security published findings that should stop every security leader in their tracks. They discovered a critical vulnerability baked directly into Anthropic's Model Context Protocol SDK, affecting every supported language: Python, TypeScript, Java, and Rust. The result: remote code execution on any system running a vulnerable MCP implementation, with direct access to sensitive user data, internal databases, API keys, and chat histories. Over 7,000 publicly accessible servers.

Read Post

Salt Security

Read more about You're Not Watching MCPs. Anthropic's Vulnerability Shows Why You Should Be.

A Comprehensive Guide to OWASP Penetration Testing

Apr 22, 2026 By Keshav Malik In Astra

OWASP Penetration Testing is a specialized type of security testing that focuses on attack vectors and vulnerabilities listed in OWASP Top 10. An organization’s security landscape is complex, and thus it is essential to test the organization’s security measures to ensure that they are working correctly. OWASP’s (Open Web Application Security Project) compiled a list of the top 10 attacks named OWASP Top 10 for multiple technologies such as Web Applications, Cloud, Mobile Security, etc.

Read Post