%term

How Internal Scanning works: Q&A with Detectify's product expert

Apr 21, 2026 By Detectify In Detectify

Security doesn’t stop at the perimeter. The “inside” of your network often harbors many overlooked risks. To address this, ealier this year we launched Detectify Internal Scanning, designed to bring our world-class vulnerability research directly into your private ecosystems.

Read Post

Detectify

Read more about How Internal Scanning works: Q&A with Detectify's product expert

Anthropic Delays Mythos: The Implications for Your Security Stack

Apr 21, 2026 By Martin Jartelius In Outpost 24

On April 7, 2026, Anthropic fundamentally altered the AI landscape by announcing it would withhold its next-generation artificial intelligence (AI) model, Claude Mythos, from public release.

Read Post

Outpost 24

Read more about Anthropic Delays Mythos: The Implications for Your Security Stack

From Panic to Playbook: Modernizing ZeroDay Response in AppSec

Apr 21, 2026 By Shannon Davis In Mend

Why the next Log4Shell will be won or lost in the first 72 hours—and what a modern zero‑day workflow looks like. Every security team remembers where they were when Log4Shell dropped. A quiet Friday afternoon in December 2021 turned into a weekend of war rooms, emergency patches, and executive updates. Years on, the Log4j fallout still shows up in breach reports—a stubborn reminder that zero‑days don’t end when the news cycle does.

Read Post

Mend

Read more about From Panic to Playbook: Modernizing ZeroDay Response in AppSec

If "stdio" is a Vulnerability, So Is "git clone" - Notes on Riding the AI Vulnerability Trend

Apr 21, 2026 By Ben Hirschberg In ARMO

A developer clones a repository and opens it in VS Code at 10:47 a.m. Before their cursor blinks, six different configuration file formats on disk have a chance to execute shell commands on the host. A.vscode/tasks.json with runOn: folderOpen. A.devcontainer/devcontainer.json with initializeCommand. A post-checkout hook already sitting in.git/hooks/. A postinstall line waiting in package.json for the next dependency install. A.envrc in the project root.

Read Post

ARMO

Read more about If "stdio" is a Vulnerability, So Is "git clone" - Notes on Riding the AI Vulnerability Trend

CVE-2026-34839: CORS Vulnerability in Glances

Apr 20, 2026 By Ephrim Holyson In Astra

The CVE-2026-34839 was discovered during a manual analysis of the application’s API and network behavior. This flaw is very dangerous on office/home networks where Glances is commonly run, and IPs are easy to find through simple scanning.

Read Post

Astra

Read more about CVE-2026-34839: CORS Vulnerability in Glances

AI Penetration Testing: Protecting LLMs From Cyber Attacks

Apr 20, 2026 By David Ketler In Outpost 24

88% of organizations now regularly use artificial intelligence (AI) in at least one business function. While adoption of AI technologies has accelerated rapidly, security measures often lag. The rush to roll out AI has, in many cases, overshadowed essential testing and safety protocols. This is particularly a worry when AI and Large Language Models (LLMs) become deeply embedded within organizational workflows and systems in a way that most software isn’t.

Read Post

Outpost 24

Read more about AI Penetration Testing: Protecting LLMs From Cyber Attacks

Claude Mythos Just Killed Exploitability as a Security Signal

Apr 19, 2026 By Seemplicity In Seemplicity

The game has changed. For years, security teams used exploitability to decide what to patch first. If a vulnerability had a known exploit, it went to the top of the list. If not, it waited. But with the arrival of next-gen AI models like Claude Mythos, that strategy is officially broken. In this video, we discuss how Claude Mythos has collapsed the barrier to building working exploits. What used to take real skill and significant time can now be weaponized in minutes. When everything is exploitable, exploitability becomes noise.

View Video

Seemplicity

Read more about Claude Mythos Just Killed Exploitability as a Security Signal

Multiple Cross-Site Scripting (XSS) Vulnerabilities in Mailcow

Apr 17, 2026 By Jorian Woltjer In Aikido

Mailcow is a widely used self-hosted and open source email server that hosts everything you'd need to manage mailboxes yourself. To assess its security, we set up a local instance and ran our AI pentesting agents against it. We found three XSS vulnerabilities, including a critical vulnerability that allowed unauthenticated attackers to take over administrator accounts while looking at their logs in the UI. Gaining access to a mailbox can have a serious security impact.

Read Post

Aikido

Read more about Multiple Cross-Site Scripting (XSS) Vulnerabilities in Mailcow

CVE-2026-34197: Apache ActiveMQ Jolokia RCE Vulnerability

Apr 17, 2026 By Deepak Kumar Choudhary In Indusface

Apache ActiveMQ Classic, widely used as a messaging backbone in enterprise environments, carries a high-severity vulnerability tracked as CVE-2026-34197. What makes this particularly alarming is its roots. The underlying behavior enabling this vulnerability has existed for nearly 13 years, silently present across countless enterprise deployments.

Read Post

Indusface

Read more about CVE-2026-34197: Apache ActiveMQ Jolokia RCE Vulnerability

Windows IKE Service Extensions Vulnerability Enables Remote Code Execution (CVE-2026-33824)

Apr 16, 2026 By Theklis Stefani In Sentrium

In April 2026, Microsoft disclosed and patched a critical remote code execution vulnerability affecting the Windows Internet Key Exchange Service Extensions. Tracked as CVE-2026-33824, the issue was addressed as part of Microsoft’s April 2026 Patch Tuesday release. The affected component forms part of the Windows IPsec and IKEv2 stack, which is widely used to provide secure network connectivity.

Read Post