|
By Adam King
AI-assisted development tools are changing how software is built. From code generation and automated testing to rapid prototyping and full-stack application scaffolding, Large Language Models (LLMs) are increasingly being used to accelerate software delivery across startups, SaaS providers, and engineering teams. In many cases, these tools are delivering genuine operational value.
|
By Adam King
As organisations continue integrating AI capabilities into customer-facing applications, internal tooling, and operational workflows, the security implications of these systems are becoming increasingly important. Large Language Models (LLMs), AI assistants, and automated decision-making features are now appearing across SaaS platforms, support systems, and enterprise applications, often connected directly to sensitive data and business processes.
|
By Adam King
Understanding the difference between penetration testing and vulnerability assessment is an important part of building an effective security programme. While the terms are often used interchangeably, they serve distinct purposes and provide different types of insight into an organisation’s risk profile. For technology-led organisations, particularly those operating complex SaaS platforms or cloud environments, both approaches have a role to play.
|
By Phil Condon
In late April 2026, a critical authentication bypass vulnerability was disclosed in cPanel and WHM, tracked as CVE-2026-41940. The issue affects the login flow of these widely deployed hosting control panels and allows a remote, unauthenticated attacker to gain administrative access. Given the prevalence of cPanel across shared and dedicated hosting environments, the vulnerability represents a significant management plane risk.
|
By James Drew
Microsoft has released an emergency out of band update for.NET to address a critical security vulnerability affecting ASP.NET Core applications. The issue, tracked as CVE-2026-40372, relates to improper verification of cryptographic signatures within the ASP.NET Core Data Protection framework. The vulnerability was introduced as a regression in earlier.NET 10 releases and has prompted the release of.NET 10.0.7 to mitigate risk.
|
By Theklis Stefani
In April 2026, Microsoft disclosed and patched a critical remote code execution vulnerability affecting the Windows Internet Key Exchange Service Extensions. Tracked as CVE-2026-33824, the issue was addressed as part of Microsoft’s April 2026 Patch Tuesday release. The affected component forms part of the Windows IPsec and IKEv2 stack, which is widely used to provide secure network connectivity.
|
By Adam King
For organisations working towards SOC 2, penetration testing is often one of the more visible and scrutinised components of the audit process. While SOC 2 is not prescriptive in how controls must be implemented, it does require clear evidence that risks are identified, assessed, and addressed through effective security practices. SOC 2 penetration testing plays a key role in demonstrating this.
|
By Tom Keech
The JavaScript ecosystem experienced a significant supply chain incident on 31 March 2026 when two newly published Axios versions were found to contain a malicious dependency. Axios is one of the most widely used HTTP clients in both browser and Node.js environments, with weekly downloads ranging from 80 to over 100 million. The compromise impacted organisations across sectors that rely on the package for service integration and automation.
|
By Adam King
For organisations pursuing SOC 2, demonstrating effective security controls is central to the audit process. While the framework does not prescribe specific technologies or testing frequencies, it does require evidence that risks are identified, assessed, and mitigated through appropriate controls. This is where SOC 2 penetration testing becomes particularly relevant.
|
By Tim Reed
In March 2026, a critical severity vulnerability was disclosed in the GNU InetUtils telnetd service. The flaw, tracked as CVE-2026-32746, impacts all versions up to and including InetUtils 2.7. Telnetd is a legacy remote access service that establishes interactive shell sessions over the Telnet protocol. The vulnerability enables remote unauthenticated attackers to achieve arbitrary code execution with root privileges.
- May 2026 (4)
- April 2026 (3)
- March 2026 (6)
- February 2026 (7)
- January 2026 (5)
- December 2025 (6)
- November 2025 (4)
- October 2025 (3)
- September 2025 (2)
- May 2024 (1)
- April 2024 (3)
- March 2024 (2)
- February 2024 (3)
- January 2024 (2)
- November 2023 (1)
- June 2023 (1)
- November 2022 (1)
- October 2022 (1)
- July 2022 (1)
- June 2022 (1)
- January 2022 (1)
- November 2021 (2)
- October 2021 (3)
- September 2021 (2)
- July 2021 (1)
- June 2021 (2)
- May 2021 (2)
- April 2021 (1)
- January 2021 (1)
Sentrium is a CREST-Approved cyber security consultancy, powered by a combination of extensive business and technical expertise that provides you with the services you need to reduce your risk.
We are committed to global cyber security advancement, equipping businesses around the world with the awareness of their technical environment so they can be secure in the ever-changing threat landscape.
Our transparent, consultative approach reaches further into your organisation’s security posture to achieve impactful, valuable results.
- Application: Protect sensitive information stored in your web and mobile applications by meticulously identifying vulnerabilities and recommending remediations before they can be exploited.
- Cloud: Alleviate risks to your cloud security controls with rigorous analysis, assessment and recommendations that ensure the security of your cloud environment.
- Infrastructure: Methodically target your technology’s security controls to uncover weaknesses in your technical environment and secure your network’s infrastructure.
Securing your technology, information and people.