%term

You're Not Watching MCPs. Anthropic's Vulnerability Shows Why You Should Be.

Apr 22, 2026 By Roey Eliyahu In Salt Security

Last week, researchers at OX Security published findings that should stop every security leader in their tracks. They discovered a critical vulnerability baked directly into Anthropic's Model Context Protocol SDK, affecting every supported language: Python, TypeScript, Java, and Rust. The result: remote code execution on any system running a vulnerable MCP implementation, with direct access to sensitive user data, internal databases, API keys, and chat histories. Over 7,000 publicly accessible servers.

Read Post

Salt Security

Read more about You're Not Watching MCPs. Anthropic's Vulnerability Shows Why You Should Be.

A Comprehensive Guide to OWASP Penetration Testing

Apr 22, 2026 By Keshav Malik In Astra

OWASP Penetration Testing is a specialized type of security testing that focuses on attack vectors and vulnerabilities listed in OWASP Top 10. An organization’s security landscape is complex, and thus it is essential to test the organization’s security measures to ensure that they are working correctly. OWASP’s (Open Web Application Security Project) compiled a list of the top 10 attacks named OWASP Top 10 for multiple technologies such as Web Applications, Cloud, Mobile Security, etc.

Read Post

Astra

Read more about A Comprehensive Guide to OWASP Penetration Testing

How Internal Scanning works: Q&A with Detectify's product expert

Apr 21, 2026 By Detectify In Detectify

Security doesn’t stop at the perimeter. The “inside” of your network often harbors many overlooked risks. To address this, ealier this year we launched Detectify Internal Scanning, designed to bring our world-class vulnerability research directly into your private ecosystems.

Read Post

Detectify

Read more about How Internal Scanning works: Q&A with Detectify's product expert

Anthropic Delays Mythos: The Implications for Your Security Stack

Apr 21, 2026 By Martin Jartelius In Outpost 24

On April 7, 2026, Anthropic fundamentally altered the AI landscape by announcing it would withhold its next-generation artificial intelligence (AI) model, Claude Mythos, from public release.

Read Post

Outpost 24

Read more about Anthropic Delays Mythos: The Implications for Your Security Stack

From Panic to Playbook: Modernizing ZeroDay Response in AppSec

Apr 21, 2026 By Shannon Davis In Mend

Why the next Log4Shell will be won or lost in the first 72 hours—and what a modern zero‑day workflow looks like. Every security team remembers where they were when Log4Shell dropped. A quiet Friday afternoon in December 2021 turned into a weekend of war rooms, emergency patches, and executive updates. Years on, the Log4j fallout still shows up in breach reports—a stubborn reminder that zero‑days don’t end when the news cycle does.

Read Post

Mend

Read more about From Panic to Playbook: Modernizing ZeroDay Response in AppSec

If "stdio" is a Vulnerability, So Is "git clone" - Notes on Riding the AI Vulnerability Trend

Apr 21, 2026 By Ben Hirschberg In ARMO

A developer clones a repository and opens it in VS Code at 10:47 a.m. Before their cursor blinks, six different configuration file formats on disk have a chance to execute shell commands on the host. A.vscode/tasks.json with runOn: folderOpen. A.devcontainer/devcontainer.json with initializeCommand. A post-checkout hook already sitting in.git/hooks/. A postinstall line waiting in package.json for the next dependency install. A.envrc in the project root.

Read Post

ARMO

Read more about If "stdio" is a Vulnerability, So Is "git clone" - Notes on Riding the AI Vulnerability Trend

CVE-2026-34839: CORS Vulnerability in Glances

Apr 20, 2026 By Ephrim Holyson In Astra

The CVE-2026-34839 was discovered during a manual analysis of the application’s API and network behavior. This flaw is very dangerous on office/home networks where Glances is commonly run, and IPs are easy to find through simple scanning.

Read Post

Astra

Read more about CVE-2026-34839: CORS Vulnerability in Glances

AI Penetration Testing: Protecting LLMs From Cyber Attacks

Apr 20, 2026 By David Ketler In Outpost 24

88% of organizations now regularly use artificial intelligence (AI) in at least one business function. While adoption of AI technologies has accelerated rapidly, security measures often lag. The rush to roll out AI has, in many cases, overshadowed essential testing and safety protocols. This is particularly a worry when AI and Large Language Models (LLMs) become deeply embedded within organizational workflows and systems in a way that most software isn’t.

Read Post

Outpost 24

Read more about AI Penetration Testing: Protecting LLMs From Cyber Attacks

Claude Mythos Just Killed Exploitability as a Security Signal

Apr 19, 2026 By Seemplicity In Seemplicity

The game has changed. For years, security teams used exploitability to decide what to patch first. If a vulnerability had a known exploit, it went to the top of the list. If not, it waited. But with the arrival of next-gen AI models like Claude Mythos, that strategy is officially broken. In this video, we discuss how Claude Mythos has collapsed the barrier to building working exploits. What used to take real skill and significant time can now be weaponized in minutes. When everything is exploitable, exploitability becomes noise.

View Video

Seemplicity

Read more about Claude Mythos Just Killed Exploitability as a Security Signal

Multiple Cross-Site Scripting (XSS) Vulnerabilities in Mailcow

Apr 17, 2026 By Jorian Woltjer In Aikido

Mailcow is a widely used self-hosted and open source email server that hosts everything you'd need to manage mailboxes yourself. To assess its security, we set up a local instance and ran our AI pentesting agents against it. We found three XSS vulnerabilities, including a critical vulnerability that allowed unauthenticated attackers to take over administrator accounts while looking at their logs in the UI. Gaining access to a mailbox can have a serious security impact.

Read Post