top of page
ALL POSTS
Criminal IP Unveils AITEM at Infosecurity Europe 2026: Next-Generation Attack Surface Management Platform
Key Findings Criminal IP introduced AITEM (AI-based Threat Exposure Management), a framework extending Attack Surface Management beyond asset discovery to include AI-driven threat prioritization, owner attribution, and remediation Traditional ASM tools excel at visibility but struggle with actionability; security teams now face a critical gap between detecting threats and responding to them effectively AI is lowering the barrier for attackers through automated scanning and pu
Jun 113 min read
CISA Updates Active Exploit Catalog: Cisco, Arista, and Chromium Vulnerabilities Added
Key Findings CISA added three actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog, requiring immediate remediation across federal and enterprise networks Cisco Catalyst SD-WAN Manager flaw (CVE-2026-20245) allows authenticated attackers to execute commands as root through improper input encoding Google Chromium V8 memory vulnerability (CVE-2026-11645) enables remote code execution via malicious HTML pages with a critical 8.8 CVSS score Arista EOS
Jun 102 min read
Apache HTTP/2 Critical Double-Free Vulnerability (CVE-2026-23918) Enables RCE and DoS Attacks
Key Findings Apache HTTP Server 2.4.66 contains CVE-2026-23918, a critical double-free vulnerability in HTTP/2 handling with a CVSS score of 8.8 The flaw enables both denial-of-service attacks and remote code execution under certain conditions Affected versions are patched in Apache 2.4.67 Exploitation requires minimal effort for DoS but RCE demands specific server configurations with APR mmap allocator MPM prefork mode is not affected, but HTTP/2's widespread deployment sign
May 62 min read
OpenAI Expands Cyber Defense Program: GPT-5.4-Cyber Now Available to Security Teams
Key Findings OpenAI unveiled GPT-5.4-Cyber, a cybersecurity-focused variant of its flagship GPT-5.4 model optimized for defensive security operations The company is expanding its Trusted Access for Cyber (TAC) program to thousands of individual defenders and hundreds of security teams GPT-5.4-Cyber has already contributed to over 3,000 critical and high-severity vulnerability fixes through the Codex Security application Access will be controlled through Know-Your-Customer ver
Apr 152 min read
Citrix NetScaler Critical Vulnerability Enables Unauthenticated Data Leaks - Immediate Patching Required
Key Findings Citrix released patches for two critical NetScaler vulnerabilities affecting ADC and Gateway products CVE-2026-3055 (CVSS 9.3) is a memory overread flaw allowing unauthenticated attackers to leak sensitive data from appliance memory Vulnerability only affects systems configured as SAML Identity Providers, not default configurations CVE-2026-4368 (CVSS 7.7) is a race condition causing session mix-ups in gateway and AAA server deployments No public exploits current
Mar 242 min read
bottom of page
