Vulnerability Management

So much of appsec’s efforts can be consumed by vuln management and a race to patch security flaws. But that’s more a symptom of the ease of scanning and the volume of CVEs. Erik Nost walks through the principles behind proactive security, why the concept sounds familiar to secure by design, and why organizations still struggle with creating effecti...

Enterprises ship code continuously, while most security validation still happens in snapshots. In this interview, Novee CEO and co-founder Ido Geffen explains what “AI penetration testing” actually means, why it’s different from automated scanning, and why it’s becoming essential as attackers adopt AI to move faster and continuously. He then breaks...

AI-driven pen-testing tools replicate the red-teaming process by mapping attack paths, changing techniques and validating vulnerabilities.

CVE-2026-33017 could enable an unauthenticated attacker to execute arbitrary Python code on the server.

Intrusions exploiting the high-severity stored cross-site scripting flaw in Zimbra Collaboration, tracked as CVE-2025-66376, have been launched against Ukraine by a Russian advanced persistent threat operation suspected to be APT28, also known as Fancy Bear, Sofacy Group, BlueDelta, and STRONTIUM, according to Security Affairs.

The "PolyShell" vulnerability stems from how Magento's REST API handles file uploads for cart item custom options.

The most severe vulnerability, tracked as CVE-2026-22557, impacts UniFi Network application versions 10.1.85 and earlier.

Macbeth, Ahab, Peewee Herman, Microsoft, Zoom, Vibe Hacking, SharePoint, Meta, AgeID, Josh Marpet, and More on this episode of the Security Weekly News.