wp2shell chains a REST API batch-route confusion flaw with a SQL injection in WordPress core’s WP_Query, letting an unauthenticated attacker run code on a default install and take over the site.
A missing authentication flaw in on-premises Microsoft SharePoint Server lets an unauthenticated attacker escalate privileges over the network, a zero-day Microsoft confirms is already under active exploitation.
I sat down with Gadi Evron, CEO of Knostic and CISO-in-Residence for AI at the Cloud Security Alliance, to talk about why the assumptions behind most security programs are breaking, and what defenders do now that agents changed the game.
A missing authentication check in Apache Tomcat lets attackers bypass GSSAPI-bound directory logins, gaining unauthorized access to any application behind that Realm.
Today we’re announcing continuous AI pentesting. It runs always-on across your full external surface, using AI agents to spot overlooked weaknesses, reason through context, and chain the multi-step moves a skilled adversary would. It has already uncovered real exposures in live environments. Here’s how it works.
Most organisations don’t know what’s on their external attack surface. Richard Stiennon joins our CEO Rob Gurzeev to unpack why attackers always find what defenders miss, and how AI is making that gap harder to close.
The instinctive reaction to Mythos is: we need to patch faster. That instinct is understandable. It is also exactly the wrong frame. The real question isn’t how many CVEs are in your queue. It’s how many of your exposed assets can actually be exploited right now, by anyone with an API key and an afternoon.
The latest GigaOm Radar for Attack Surface Management highlights the shift from inventory to contextual prioritization and actionable validation across 32 vendors. CyCognito was named a Leader for the third year in a row and, for the first time, an Outperformer.
Modern security frameworks often fail by surfacing endless vulnerabilities without context. This blog explores how the CTEM framework’s Validation stage provides “permission to ignore” theoretical risks, allowing teams to focus engineering resources exclusively on confirmed, evidence-based, and exploitable threats.