Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Sample of assets impacted by NGINX nginx-poolslip vulnerability, identified by the CyCognito Platform.

AI Pentesting is having a moment. Well, several moments, actually. Every other week, another vendor announces something, or another LLM-driven pentesting tool tops some benchmark on a target nobody's heard of, another deck claims a new "gold standard" being disrupted, at long last... It's been busy.

Don't wait for KEV listing Waiting for CISA KEV may be too late. Across six months of Nucleus research, public PoCs gave defenders a median 5.5 days of runway before KEV listing, every single time.

In May 2026, Arctic Wolf observed a cluster of malicious activity affecting endpoints managed by FortiClient Endpoint Management Server (EMS). The malicious payload was disguised as a fake Fortinet endpoint patch, but it was actually a credential stealer. We named this payload EKZ Infostealer, based on internal symbol names extracted from decrypted code.

NGINX administrators are facing back-to-back emergency patch cycles. Within days of each other, two critical heap buffer overflow vulnerabilities were disclosed in the same NGINX component, both capable of crashing worker processes and enabling remote code execution on systems without ASLR. If your organization runs NGINX in any capacity, these need immediate attention.

The era of "typing into a box" is over. For years, we viewed artificial intelligence as a digital assistant—a sophisticated autocomplete tool that waited for human input. But according to Martin Kraemer, KnowBe4’s CISO Advisor for Europe and the Middle East, that dynamic has shifted. We have moved from asking AI questions to giving AI jobs. In a recent deep-dive webinar, Martin explored the transition from AI tools to AI agents.

A highly critical SQL injection vulnerability in Drupal core has raised concerns across organizations running PostgreSQL-backed Drupal environments. Tracked as CVE-2026-9082, the vulnerability affects Drupal’s database abstraction layer and can be exploited remotely without authentication. The vulnerability was disclosed through Drupal security advisory SA-CORE-2026-004 on May 20, 2026. CVE-2026-9082 is now under active exploitation.

In May 2026, security researchers at Astra identified a Stored Cross-Site Scripting (XSS) Vulnerability in the SVG attachment preview function of nfty, affecting versions up to 2.22.0. Stored Cross-Site Scripting (XSS) is a vulnerability that allows attackers to inject and permanently execute malicious scripts within a web application. If exploited, the threat actor could perform actions on behalf of the victim.

In May 2026, security researchers at Astra identified a stored Cross-Site Scripting (XSS) Vulnerability in HTML ReportGenerator, affecting versions up to 5.5.8. Cross-Site Scripting(XSS) is a general web security vulnerability that allows threat actors to inject malicious scripts into a web application. This type of vulnerability is mostly exploited to perform actions on behalf of the victim or to mine cryptocurrency.