2026-04-17 AI创业新闻

Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation

A recently disclosed high-severity security flaw in Apache ActiveMQ Classic has come under active exploitation in the wild, per the U.S. Cybersecurity and Infrastructure Security Agency (CISA). To that end, the agency has added the vulnerability, tracked as CVE-2026-34197 (CVSS score: 8.8), to its Known Exploited Vulnerabilities ( KEV ) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by April 30, 2026. CVE-2026-34197 has been described as a case of improper input validation that could lead to code injection, effectively allowing an attacker to execute arbitrary code on susceptible installations.

According to Horizon3.ai’s Naveen Sunkavally, CVE-2026-34197 has been ”hiding in plain sight” for 13 years. “An attacker can invoke a management operation through ActiveMQ’s Jolokia API to trick the broker into fetching a remote configuration file and running arbitrary OS commands,” Sunkavally added. “The vulnerability requires credentials, but default credentials (admin:admin) are common in many environments. On some versions (6.0.0–6.1.1), no credentials are required at all due to another vulnerability, CVE-2024-32114, which inadvertently exposes the Jolokia API without authentication.

In those versions, CVE-2026-34197 is effectively an unauthenticated RCE.” The vulnerability impacts the following versions - Apache ActiveMQ Broker (org.apache.activemq:activemq-broker) before 5.19.4 Apache ActiveMQ Broker (org.apache.activemq:activemq-broker) 6.0.0 before 6.2.3 Apache ActiveMQ (org.apache.activemq:activemq-all) before 5.19.4 Apache ActiveMQ (org.apache.activemq:activemq-all) 6.0.0 before 6.2.3 Users are advised to upgrade to version 5.19.4 or 6.2.3, which addresses the issue. There are currently no details on how CVE-2026-34197 is being exploited in the wild, but SAFE Security, in a report published this week, revealed that threat actors are actively targeting exposed Jolokia management endpoints in Apache ActiveMQ Classic deployments. The findings once again demonstrate that exploitation timelines continue to collapse as attackers pounce upon newly disclosed vulnerabilities at an alarmingly faster rate and breach systems before they can be patched. Apache ActiveMQ is a popular target for attack , with flaws in the open-source message broker repeatedly exploited in various malware campaigns since 2021.

In August 2025, a critical vulnerability in ActiveMQ (CVE-2023-46604, CVSS score: 10.0) was weaponized by unknown actors to drop a Linux malware called DripDropper. “Given ActiveMQ’s role in enterprise messaging and data pipelines, exposed management interfaces present a high-impact risk, potentially enabling data exfiltration, service disruption, or lateral movement,” SAFE Security said . “Organizations should audit all deployments for externally accessible Jolokia endpoints, restrict access to trusted networks, enforce strong authentication, and disable Jolokia where it is not required.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic

Cybersecurity researchers have warned of an active malicious campaign that’s targeting the workforce in the Czech Republic with a previously undocumented botnet dubbed PowMix since at least December 2025. “PowMix employs randomized command-and-control (C2) beaconing intervals, rather than persistent connection to the C2 server, to evade the network signature detections,” Cisco Talos researcher Chetan Raghuprasad said in a report published today. “PowMix embeds the encrypted heartbeat data along with unique identifiers of the victim machine into the C2 URL paths, mimicking legitimate REST API URLs. PowMix has the capability to remotely update the new C2 domain to the botnet configuration file dynamically.” The attack chain begins with a malicious ZIP file, likely delivered via a phishing email, to activate a multi-stage infection chain that drops PowMix.

Specifically, it involves a Windows Shortcut (LNK) that’s used to launch a PowerShell loader, which then extracts the malware embedded within the archive, decrypts it, and runs it in memory. The never-before-seen botnet is designed to facilitate remote access, reconnaissance, and remote code execution, while establishing persistence by means of a scheduled task. At the same time, it verifies the process tree to ensure that another instance of the same malware is not running on the compromised host. PowMix’s remote management logic allows it to process two different kinds of commands sent from the C2 server.

Any non #-prefixed response causes PowMix to shift to arbitrary execution mode, and decrypt and run the obtained payload. #KILL, to initiate a self-deletion routine and wipe traces of all malicious artifacts #HOST, to enable C2 migration to a new server URL. In parallel, it also opens a decoy document with compliance-themed lures as a distraction mechanism. The lure documents reference legitimate brands like Edeka and include compensation data and valid legislative references, potentially in an effort to enhance their credibility and trick recipients, like job aspirants.

Talos said the campaign shares some level of tactical overlap with a campaign dubbed ZipLine that was disclosed by Check Point in late August 2025 as targeting supply chain-critical manufacturing companies with an in-memory malware called MixShell. This includes the use of the same ZIP-based payload delivery, scheduled task persistence, and the abuse of Heroku for C2. That said, no final payloads have been observed beyond the botnet malware itself, leaving questions about its exact motives unanswered. “PowMix avoids persistent connections to the C2 server,” Talos said.

“Instead, it implements a jitter via the Get-Random PowerShell command to vary the beaconing intervals initially between 0 and 261 seconds, and subsequently between 1,075 and 1,450 seconds. This technique attempts to prevent detection of C2 traffic through predictable network signatures.” The disclosure comes as Bitsight sheds light on the infection chain associated with the RondoDox botnet, highlighting the malware’s evolving capabilities to illicitly mine cryptocurrency on infected systems using XMRig on top of the existing distributed denial-of-service (DDoS) attack functionality. The findings paint the picture of an actively maintained malware that offers improved evasion, better resilience, aggressive competition removal, and an expanded feature set. RondoDox is capable of exploiting over 170 known vulnerabilities in various internet-facing applications to obtain initial access and drop a shell script that performs basic anti-analysis and removes competing malware before dropping the appropriate botnet binary for the architecture.

The malware “does multiple checks and implements techniques to hinder analysis, which include the usage of nanomites, renaming/removing files, killing processes, and actively checking for debuggers during execution,” Bitsight Principal Research Scientist João Godinho said . “The bot is able to run DoS attacks at the internet, transport and application layer, depending on the command and arguments issued by the C2.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories

You know that feeling when you open your feed on a Thursday morning and it’s just… a lot? Yeah. This week delivered.

We’ve got hackers getting creative in ways that are almost impressive if you ignore the whole “crime” part, ancient vulnerabilities somehow still ruining people’s days, and enough supply chain drama to fill a season of television nobody asked for. Not all bad though. Some threat actors got exposed with receipts, a few platforms finally tightened things up, and there’s research in here that’s genuinely worth your time. Grab your coffee and keep scrolling.

Targeted wallet breach Zerion Hack Likely Linked to North Korea Cryptocurrency wallet service Zerion has disclosed that one of its team member’s devices was compromised, resulting in the theft of approximately $100K in stolen funds from internal company hot wallets. The company noted that user funds, Zerion apps, or infrastructure were not impacted by the breach. The team member is said to have been the target of an artificial intelligence (AI)-enabled social engineering attack carried by a North Korean threat actor tracked as UNC1069 . The hacking group was recently attributed to the poisoning of the popular Axios npm package.

“This allowed the attacker to gain access to some of the team members’ logged-in sessions and credentials as well as private keys to company hot wallets used for testing and internal purposes,” Zerion said. “This was not an opportunistic attack. The actor is clearly sophisticated and well-resourced. They planned the attack thoroughly.” Anonymous age checks E.U.

Plans Bloc-Wide Age Verification App The European Union has announced that it will soon roll out a new online age verification app to allow users to prove their age when accessing online platforms. Users can set it up by downloading the app on their Android or iOS device using a passport or ID card. The Commission has emphasized that the app will respect users’ privacy. “Users will prove their age without revealing any other personal information,” President of the European Commission, Ursula von der Leyen, said .

“Put simply, it is completely anonymous: users cannot be tracked. Third, the app works on any device – phone, tablet, computer, you name it. And, finally, it is fully open source – everyone can check the code.” The development comes as countries around the world are undertaking various stages of regulatory action to keep cyberspace a safer place for children and minors and protect them from serious harm. New Defender zero-day BlueHammer Author Releases RedSun Exploit A researcher using the alias “Chaotic Eclipse” released a zero-day exploit called BlueHammer earlier this month following Microsoft’s handling of the vulnerability disclosure process.

Although the issue appears to have been fixed as of this month’s Patch Tuesday release (CVE-2026-33825), the researcher has since disclosed a new unpatched Microsoft Defender privilege escalation vulnerability . The exploit has been codenamed RedSun . “This works 100% reliably to go from unprivileged user to SYSTEM against Windows 11 and Windows Server with April 2026 updates, as well as Windows 10, as long as you have Windows Defender enabled,” security researcher Will Dormann said . Legacy Excel RCE active 17-Year-Old Critical Excel flaw Under Exploit The U.S.

Cybersecurity and Infrastructure Security Agency (CISA) has added an old remote code execution vulnerability impacting Microsoft Office to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to remediate the shortcoming by April 28, 2026. The vulnerability in question is CVE-2009-0238, which has a CVSS score of 8.8. “Microsoft Office Excel contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system if a user opens a specially crafted Excel file that includes a malformed object,” CISA said . sudo now requires password Raspberry Pi Disables Passwordless sudo Raspberry Pi has released version 6.2 of its Raspberry Pi OS, which introduces one significant change: it disables passwordless sudo by default.

As a result, users who run a sudo command for administrator-level access will be prompted to enter the current user’s password. The change affects only new installations; existing setups are untouched. “Given the ever-increasing threat of cybercrime, we continually review the security of Raspberry Pi OS to ensure it is sufficiently robust to withstand potential attacks,” Raspberry Pi said . “This is always a tricky balance, as anything that makes the operating system more secure will invariably inconvenience legitimate users to some extent, so we try to keep such changes to a minimum.

This particular security update is one that many users may not even notice, but it will affect some.” Stealth C2 frameworks uncovered ObsidianStrike and ArchangelC2 Frameworks Discovered A previously undocumented command-and-control (C2) framework dubbed ObsidianStrike has been deployed on infrastructure belonging to a Brazilian law firm. “Only two instances of ObsidianStrike exist on the entire internet,” Breakglass Intelligence said . “The framework has zero presence on GitHub, zero samples on VirusTotal or MalwareBazaar, and near-zero vendor detection. This is a fully private, Portuguese-language C2 built for targeted Windows operations, hidden behind a victim organization’s domain.” Also discovered by the security vendor is ArchangelC2 , a C2 panel behind an industrial-scale ScreenConnect remote-access fraud campaign that has been operational since November 2024.

Fake app drains $9.5M Apple Removes Fake Ledger App A fake Ledger app managed to slip onto the Apple App Store, draining $9.5 million in cryptocurrency from more than 50 victims between April 7 and April 13, 2026. The app, named Ledger Live , was released by a developer, “SAS Software Company,” and published under “Leva Heal Limited.” Users who downloaded the fraudulent app were tricked into entering their seed phrases, giving attackers full access to their wallets and allowing them to send digital assets to external addresses under their control. While Apple has since removed the macOS app from the store, questions remain as to how it managed to pass the company’s review process. In more Apple-related news, the company has also removed a data harvesting app called Freecash from its App Store after it was deceptively advertised as a way to “make money just by scrolling TikTok,” while collecting sensitive information from users.

This included details about a user’s race, religion, sex life, sexual orientation, health, and other biometrics. Once installed, however, instead of the promised functionality, users were routed to a roster of mobile games where they are offered cash rewards for completing time-limited in-game challenges. The app continues to be available on the Google Play Store. Localized ransomware campaign Turkey Targeted by JanaWare Ransomware Cybercriminals are using a new ransomware strain called JanaWare to target people in Turkey, according to Acronis.

The attack leverages phishing emails containing a Google Drive link that paves the way for the download and subsequent execution of a malicious JAR file via javaw.exe. The payload is a customized Adwind (aka AlienSpy, jRAT, or Sockrat) variant with polymorphic characteristics that’s used to deliver the ransomware module. The malware implements geofencing and environment filtering to ensure that the compromised systems match the Turkish language and region. While none of these tricks are particularly novel or advanced, they continue to work against unprotected small targets.

It’s unclear how many people or businesses might have fallen prey to the scheme. The low-stakes, localized approach has allowed the campaign to persist since at least 2020 without any major disruption. “Victimology appears to primarily include home users and small to medium-sized businesses. Initial access is assessed to occur via phishing emails delivering malicious Java archives,” the company said .

“Ransom demands observed in analyzed samples range from $200–$400, consistent with a low-value, high-volume monetization approach.” Crackdown on navigation abuse Google Takes Aim at Back Button Hijacking Google said it’s introducing a new spam policy for “back button hijacking,” which occurs when a site interferes with a user’s browser navigation and prevents them from using their back button to immediately get back to the page they came from. Instead, the hijack could redirect users to sketchy sites or other pages they have never visited before. “Back button hijacking interferes with the browser’s functionality, breaks the expected user journey, and results in user frustration,” Google said . “Pages that are engaging in back button hijacking may be subject to manual spam actions or automated demotions, which can impact the site’s performance in Google Search results.

To give site owners time to make any needed changes, we’re publishing this policy two months in advance of enforcement on June 15, 2026.” Stealth cloud credential theft APT41 Uses New Credential Stealer The China-linked hacking group known as APT41 has been attributed to an undetectable, purpose-built ELF backdoor targeting Linux cloud workloads across Amazon Web Services (AWS), Google Cloud, Microsoft Azure, and Alibaba Cloud environments. “The implant uses SMTP port 25 as a covert command-and-control channel, harvests cloud provider credentials and metadata, and phones home to three Alibaba-themed typosquat domains hosted on Alibaba Cloud infrastructure in Singapore,” Breakglass Intelligence said . “A selective C2 handshake validation mechanism renders the server invisible to conventional scanning tools like Shodan and Censys.” RDP phishing hardening Microsoft Debuts New Protections Against Malicious RDP Files Starting with the April 2026 security update ( CVE-2026-26151 ), Microsoft has introduced new Windows protections to defend against phishing attacks that abuse Remote Desktop connection (RDP) files, adding security warnings and turning off redirections by default. “Malicious actors misuse this capability by sending RDP files through phishing emails,” Microsoft said .

“When a victim opens the file, their device silently connects to a server controlled by the attacker and shares local resources, giving the attacker access to files, credentials, and more.” Russian hacking groups like APT29 have weaponized RDP configuration files to target Ukrainian government agencies, enterprises, and military entities in the past. Plugin supply chain breach WordPress Plugin Suite Poisoned After Acquisition to Push Malware Unknown threat actors have staged a supply chain attack on a WordPress plug-in maker called Essential Plugin (formerly WP Online Support) after acquiring it in early 2025 from the original developers in a six-figure deal to plant a backdoor in August and subsequently weaponize it early this month to distribute malicious payloads to any website with the plug-ins installed. WordPress has since permanently closed all the plugins. “The plugin’s wpos-analytics module had phoned home to analytics.essentialplugin.com, downloaded a backdoor file called wp-comments-posts.php (designed to look like the core file wp-comments-post.php), and used it to inject a massive block of PHP into wp-config.php,” Anchor Hosting said .

“The injected code was sophisticated. It fetched spam links, redirects, and fake pages from a command-and-control server. It only showed the spam to Googlebot, making it invisible to site owners.” In addition, it resolved the command-and-control (C2) domain through an Ethereum smart contract to make it resilient to takedown efforts. Prior to their removal, the plugins collectively had more than 180,000 installs.

“This is a classical case of supply chain compromise that happened because the original vendor sold their plugins to a third-party, which turned out to be a malicious threat actor,” Patchstack said . Sanctioned crypto market persists Xinbi Guarantee Continues to Operate on Telegram Telegram has continued to host Xinbi Guarantee, an illicit marketplace that has processed over $21 billion in total transaction volume, despite sanctions issued by the U.K. last month. The development has raised questions about the platform’s willingness to police its own ecosystem and suspend bad actors.

The Chinese-language bazaar is known to offer money laundering solutions to cryptocurrency scammers, harassment services, and products like electrified batons and tasers that cater to investment scams operating out of Southeast Asia. “Xinbi is still going strong,” Elliptic’s cofounder and chief scientist, Tom Robinson, told WIRED. “They’re on track to become the largest market of this kind that has ever existed.” Malvertising leads to ransomware SmokedHam Backdoor Leads to Qilin Ransomware Orange Cyberdefense has revealed that threat actors used malvertising in three separate incidents observed between early February and early April 2026 to deliver the SmokedHam (aka Parcel RAT, SharpRhino, and WorkersDevBackdoor) backdoor by masquerading it as installers for RVTools or Remote Desktop Manager (RDM). The malware is assessed to be a modified version of the open-source trojan known as ThunderShell.

In at least one case, the attack led to the deployment of Qilin ransomware, but not before dropping employee monitoring and remote desktop solutions like Controlio, TeraMind, and Zoho Assist for persistent access, exfiltrating KeePass password databases, and conducting discovery and lateral movement. The adoption of legitimate dual-use tools is a concerning trend as it allows attackers to blend their actions into legitimate activity and reduce the risk of detection. The activity has been attributed with medium confidence to UNC2465 , an affiliate of DarkSide, LockBit, and Hunters International. It also overlaps with a campaign detailed by Synacktiv and Field Effect in early 2025.

APT lineage link uncovered Water Hydra Remains Active in 2026 New research has discovered that the threat actor known as Water Hydra (aka DarkCasino) is still active in 2026, with new evidence uncovering a previously unreported connection between evilgrou-tech, a commodity operator, and the hacking group. “The handle ‘evilgrou’ is assessed with moderate confidence to be a deliberate reference to EvilNum (Evil + [num -> grou]p), the predecessor APT group from which WaterHydra/DarkCasino splintered in late 2022,” Breakglass Intelligence said . The strongest attribution indicator is a shared developer workspace path embedded in binaries associated with EvilNum and Water Hydra: “C:\Users\Administrator\Desktop\vaeeva\shellrundll.tlb.” These two artifacts are separated by two years, one in July 2022 and the other in January 2024. Scientific software RCE risk Security Flaws in HDF5 Software Cybersecurity researchers have disclosed security flaws in HDF5 software, a file format to manage, process, and store heterogeneous data, that could be exploited to compromise a vulnerable system.

“The discovered vulnerabilities, based on a stack buffer overflow, could allow threat actors to overwrite memory and compromise target systems for stealing highly classified research data, industrial espionage, or a foothold into the internal network,” ThreatLeap’s co-founder, Leon Juranic, said. “In practice, this means the vulnerability could be exploited by a single specially crafted malicious input file and, as a result, an entire system could get compromised.” The issues were addressed in October 2025 following responsible disclosure. Brute-force surge on edge devices Surge in Brute-Force Attacks Targeting SonicWall and FortiGate Devices Security researchers have detected a “sharp rise” in brute-force attempts to hijack SonicWall and FortiGate devices between January and March 2026, with the vast majority (88%) appearing to originate from the Middle East. Most attempts were unsuccessful, either blocked outright by security tools or directed at invalid usernames.

“Attackers are aggressively scanning and testing perimeter devices for weak or exposed credentials,” Barracuda Networks said . “Even when attacks fail, persistent probing raises the risk that a single weak password or misconfiguration could lead to compromise.” Fraud network evades sanctions Triad Nexus Uses Front Companies to Avoid Sanctions Triad Nexus, a sprawling cybercrime ecosystem acting as the backbone of scams, money laundering, and illicit gambling operations since at least 2020, has been observed using geographic fencing and laundering its infrastructure through “clean” front companies to acquire accounts at major enterprise cloud providers (Amazon, Cloudflare, Google, and Microsoft) in an attempt to distance itself from Funnull , a Philippines-based company that was sanctioned by the U.S. last year. Simultaneously, the group has expanded into the Spanish, Vietnamese, and Indonesian markets using localized templates to target these regions.

Besides engaging in fraud, the group specializes in high-fidelity brand impersonation, weaponizing the digital identities of Global 2000 companies to dupe victims. “The network has industrialized brand theft on a global scale; its catalog includes ‘pixel-perfect’ clones of everything from high-end luxury goods to public services,” Silent Push said . “Despite federal sanctions in 2025, the group has reinstated its global fraud engine, shifting its focus toward emerging markets while maintaining a persistent threat to Western enterprise assets.” Triad Nexus is estimated to be responsible for over $200 million in reported losses, primarily fueled by pig butchering and virtual currency scams. That’s a wrap for this week.

If anything here made you pause, good. Go check your patches, side-eye your dependencies, and maybe don’t trust that app just because it’s sitting in an official store. The basics still matter more than most people want to admit. We’ll be back next Thursday with whatever fresh chaos the internet cooks up.

Until then, stay sharp and keep your logs close. See you on the other side. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

[Webinar] Find and Eliminate Orphaned Non-Human Identities in Your Environment

In 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches. Not phishing. Not weak passwords. Unmanaged non-human identities that nobody was watching.

For every employee in your org, there are 40 to 50 automated credentials: service accounts, API tokens, AI agent connections, andOAuth grants. When projects end or employees leave, most of these stay active. Fully privileged. Completely unmonitored.

Attackers don’t need to break in. They just pick up the keys you left out. Join our upcoming webinar where we’ll show you how to find and eliminate these “Ghost Identities” before they become a back door for hackers. AI agents and automated workflows are multiplying these credentials at a pace security teams can’t manually track.

Many carry admin-level access they never needed. One compromised token can give an attacker lateral movement across your entire environment, and the average dwell time for these intrusions is over 200 days. Traditional IAM wasn’t built for this. It manages people.

It ignores machines. What we’ll walk you through in this session: How to run a full discovery scan of every non-human identity in your environment A framework for right-sizing permissions across service accounts and AI integrations An automated lifecycle policy so dead credentials get revoked before attackers find them A ready-to-use Identity Cleanup Checklist you’ll get during the live session This isn’t a product demo. It’s a working playbook you can take back to your team the same week. Don’t let hidden keys compromise your data.

We’re hosting a live session to walk you through securing these non-human identities step-by-step. 📅 Save Your Spot Today: Register for the Webinar Here . Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution

Cisco has announced patches to address four critical security flaws impacting Identity Services and Webex Services that could result in arbitrary code execution and allow an attacker to impersonate any user within the service. The details of the vulnerabilities are below - CVE-2026-20184 (CVSS score: 9.8) - An improper certificate validation in the integration of single sign-on (SSO) with Control Hub in Webex Services that could allow an unauthenticated, remote attacker to impersonate any user within the service and gain unauthorized access to legitimate Cisco Webex services. CVE-2026-20147 (CVSS score: 9.9) - An insufficient validation of user-supplied input vulnerability in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could allow an authenticated, remote attacker in possession of valid administrative credentials to achieve remote code execution by sending crafted HTTP requests. CVE-2026-20180 and CVE-2026-20186 (CVSS scores: 9.9) - Multiple insufficient validation of user-supplied input vulnerabilities in ISE could allow an authenticated, remote attacker in possession of read only admin credentials to execute arbitrary commands on the underlying operating system of an affected device by sending crafted HTTP requests.

“A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root,” Cisco said in an advisory for CVE-2026-20147, CVE-2026-20180, and CVE-2026-20186. “In single-node ISE deployments, successful exploitation of this vulnerability could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored.” CVE-2026-20184 requires no customer action as it’s cloud-based. However, customers who are using SSO are advised to upload a new identity provider (IdP) SAML certificate to Control Hub.

The remaining vulnerabilities have been addressed in the following versions - CVE-2026-20147 Cisco ISE or ISE-PIC Release earlier than 3.1 (Migrate to a fixed release) Cisco ISE Release 3.1 (3.1 Patch 11) Cisco ISE Release 3.2 (3.2 Patch 10) Cisco ISE Release 3.3 (3.3 Patch 11) Cisco ISE Release 3.4 (3.4 Patch 6) Cisco ISE Release 3.5 (3.5 Patch 3) CVE-2026-20180 and CVE-2026-20186 Cisco ISE Release earlier than 3.2 (Migrate to a fixed release) Cisco ISE Release 3.2 (3.2 Patch 8) Cisco ISE Release 3.3 (3.3 Patch 8) Cisco ISE Release 3.4 (3.4 Patch 4) Cisco ISE Release 3.5 (Not Vulnerable) While Cisco noted that it is not aware of any of these shortcomings being exploited in the wild, it’s essential that users update their instances to the latest version for optimal protection. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Hidden Passenger? How Taboola Routes Logged-In Banking Sessions to Temu

A bank approved a Taboola pixel. That pixel quietly redirected logged-in users to a Temu tracking endpoint. This occurred without the bank’s knowledge, without user consent, and without a single security control registering a violation. Read the full technical breakdown in the Security Intelligence Brief.

Download now → The “First-Hop Bias” Blind Spot Most security stacks, including WAFs, static analyzers, and standard CSPs, share a common failure mode: they evaluate the declared origin of a script, not the runtime destination of its request chain. If sync.taboola.com is in your Content Security Policy (CSP) allow-list, the browser considers the request legitimate. However, it does not re-validate against the terminal destination of a 302 redirect . By the time the browser reaches temu.com, it has inherited the trust granted to Taboola.

The Forensic Trace During a February 2026 audit of a European financial platform, Reflectiz identified the following redirect chain executing on logged-in account pages: Initial Request: A GET request to https://sync.taboola.com/sg/temurtbnative-network/1/rtb/. The Redirect: The server responded with a 302 Found , redirecting the browser to https://www.temu.com/api/adx/cm/pixel-taboola?…. The Payload: The redirect included the critical header Access-Control-Allow-Credentials: true. This header specifically instructs the browser to include cookies in the cross-origin request to Temu’s domain.

This is the mechanism by which Temu can read or write tracking identifiers against a browser it now knows visited an authenticated banking session. Why Conventional Tools Missed It

Tool
Why it Fails
WAF
Inspects inbound traffic only; misses outbound browser-side redirects. Static Analysis
Sees the Taboola code in the source but cannot predict runtime 302 destinations. CSP Allow-lists
Trust is transitive; the browser follows the redirect chain automatically once the first hop is approved.

The Regulatory Fallout For regulated entities, the absence of direct credential theft does not limit the compliance exposure. Users were never informed their banking session behavior would be associated with a tracking profile held by PDD Holdings — a transparency failure under GDPR Art. 13. The routing itself involves infrastructure in a non-adequate country, and without Standard Contractual Clauses covering this specific fourth-party relationship, the transfer is unsupported under GDPR Chapter V.

“We didn’t know the pixel did that” is not a defense available to a data controller under Art. 24. The PCI DSS exposure compounds this. A redirect chain terminating at an unanticipated fourth-party domain falls outside the scope of any review that evaluated only the primary vendor — which is precisely what Req.

6.4.3 was written to close. Inspect Runtime, Not Just Declarations Right now, the same Taboola pixel configuration runs on thousands of websites. The question isn’t whether redirect chains like this are happening. They are.

The question is whether your security stack can see past the first hop — or whether it stops at the domain you approved and calls it done. For security teams: inspect runtime behavior, not just declared vendor lists. For legal and privacy teams: browser-level tracking chains on authenticated pages warrant the same rigor as backend integrations. The threat entered through the front door.

Your CSP let it in. The full technical evidence log is in the Security Intelligence Brief. Download it here → Found this article interesting? This article is a contributed piece from one of our valued partners.

Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks

A “novel” social engineering campaign has been observed abusing Obsidian, a cross-platform note-taking application, as an initial access vector to distribute a previously undocumented Windows remote access trojan called PHANTOMPULSE in attacks targeting individuals in the financial and cryptocurrency sectors. Dubbed REF6598 by Elastic Security Labs, the activity has been found to leverage elaborate social engineering tactics through LinkedIn and Telegram to breach both Windows and macOS systems, approaching prospective individuals on the professional social network under the guise of a venture capital firm and then moving the conversation to a Telegram group where several purported partners are present. The Telegram group chat is engineered to lend the operation a smidgen of credibility, with the members discussing topics related to financial services and cryptocurrency liquidity solutions. The target is then instructed to use Obsidian to access what appears to be a shared dashboard by connecting to a cloud-hosted vault using the credentials provided to them.

It’s this vault that triggers the infection sequence. As soon as the vault is opened in the note-taking application, the target is asked to enable “Installed community plugins” sync, effectively causing malicious code to be executed. “The threat actors abuse Obsidian’s legitimate community plugin ecosystem, specifically the Shell Commands and Hider plugins, to silently execute code when a victim opens a shared cloud vault,” researchers Salim Bitam, Samir Bousseaden, and Daniel Stepanic said in a technical breakdown of the campaign. Given that the option is disabled by default and cannot be remotely turned on, the attacker must convince the target to manually toggle the community plugin sync on their device so that the malicious vault configuration can trigger the execution of commands through the Shell Commands plugin.

Also used in conjunction with Shell Commands is another plugin named Hider to hide certain user interface elements of Obsidian, such as status bar, scrollbar, tooltips, and others. “While this attack requires social engineering to cross the community plugin sync boundary, the technique remains notable: it abuses a legitimate application feature as a persistence and command execution channel, the payload lives entirely within JSON configuration files that are unlikely to trigger traditional AV [antivirus] signatures, and execution is handed off by a signed, trusted Electron application, making parent-process-based detection the critical layer,” the researchers said. Dedicated execution paths are activated depending on the operating system. On Windows, the commands are used to invoke a PowerShell script to drop an intermediate loader codenamed PHANTOMPULL that decrypts and launches PHANTOMPULSE in memory.

PHANTOMPULSE is an artificial intelligence (AI)-generated backdoor that uses the Ethereum blockchain for resolving its command-and-control (C2) server by fetching the latest transaction associated with a hard-coded wallet address . Upon obtaining the C2 address, the malware uses WinHTTP for communications, allowing it to send system telemetry data, fetch commands and transmit the execution results, upload files or screenshots, and capture keystrokes. The supported commands are designed to facilitate comprehensive remote access - inject , to inject shellcode/DLL/EXE into target process drop , to drop a file to disk and execute it screenshot , to capture and upload a screenshot keylog , to start/stop a keylogger uninstall , to initiate removal of persistence and perform cleanup elevate , to escalate privileges to SYSTEM via the COM elevation moniker downgrade , to transition from SYSTEM to elevated admin On macOS, the Shell Commands plugin delivers an obfuscated AppleScript dropper that iterates over a hard-coded domain list, while employing Telegram as a dead drop resolver for fallback C2 resolution. This approach also offers added flexibility as it makes it possible to easily rotate C2 infrastructure, rendering domain-based blocking insufficient.

In the final step, the dropper script contacts the C2 domain to download and execute a second-stage payload via osascript. The exact nature of this payload remains unknown given that the C2 servers are currently offline. The intrusion was ultimately unsuccessful, as the attack was detected and blocked before the adversary could accomplish their goals on the infected machine. “REF6598 demonstrates how threat actors continue to find creative initial access vectors by abusing trusted applications and employing targeted social engineering,” Elastic said.

“By abusing Obsidian’s community plugin ecosystem rather than exploiting a software vulnerability, the attackers bypass traditional security controls entirely, relying on the application’s intended functionality to execute arbitrary code.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign

The Computer Emergencies Response Team of Ukraine (CERT-UA) has disclosed details of a new campaign that has targeted governments and municipal healthcare institutions, mainly clinics and emergency hospitals, to deliver malware capable of stealing sensitive data from Chromium-based web browsers and WhatsApp. The activity, which was observed between March and April 2026, has been attributed to a threat cluster dubbed UAC-0247 . The origins of the campaign are presently unknown. According to CERT-UA, the starting point of the attack chain is an email message claiming to be a humanitarian aid proposal, urging recipients to click on a link that redirects to either a legitimate website compromised via a cross-site scripting (XSS) vulnerability or a bogus site created with help from artificial intelligence (AI) tools.

Regardless of what the site is, the goal is to download and run a Windows Shortcut (LNK) file, which then executes a remote HTML Application (HTA) using the native Windows utility, “mshta.exe.”The HTA file, for its part, displays a decoy form to divert the victim’s attention, while simultaneously fetching a binary responsible for injecting shellcode into a legitimate process (e.g., “runtimeBroker.exe”). “At the same time, recent campaigns have recorded the use of a two-stage loader, the second stage of which is implemented using a proprietary executable file format (with full support for code and data sections, import of functions from dynamic libraries, and relocation), and the final payload is additionally compressed and encrypted,” CERT-UA said. One of the stagers is a tool called TCP reverse shell or its equivalent, tracked as RAVENSHELL, which establishes a TCP connection with a management server to receive commands for execution on the host using “cmd.exe.” Also downloaded to the infected machine is a malware family dubbed AGINGFLY and a PowerShell script referred to as SILENTLOOP that comes with several functions to execute commands, auto-update configuration, and obtain the current IP address of the management server from a Telegram channel, and fall back to alternative mechanisms for determining the command-and-control (C2) address. Developed using C#, AGINGFLY is engineered to provide remote control of the affected systems.

It communicates with a C2 server using WebSockets to fetch commands that allow it to run commands, launch a keylogger, download files, and run additional payloads. An investigation of about a dozen incidents has revealed that these attacks facilitate reconnaissance, lateral movement, and the theft of credentials and other sensitive data from WhatsApp and Chromium-based browsers. Thisis accomplished by deploying various open-source tools, such as those listed below - ChromElevator , a program designed to bypass Chromium’s app-bound encryption (ABE) protections and harvest cookies and saved passwords ZAPiXDESK , a forensic extraction tool to decrypt local databases for WhatsApp Web RustScan , a network scanner Ligolo-Ng , a lightweight utility to establish tunnels from reverse TCP/TLS connections Chisel , a tool for tunneling network traffic over TCP/UDP XMRig, a cryptocurrency miner The agency said there is evidence suggesting that representatives of the Defense Forces of Ukraine may also have been targeted as part of the campaign. Thisis based on the distribution of malicious ZIP archives via Signal that are designed to drop AGINGFLY using the DLL side-loading technique.

To mitigate the risk associated with the threat and minimize the attack surface, it’s recommended to restrict the execution of LNK, HTA, and JS files, along with legitimate utilities such as “mshta.exe,” “powershell.exe,” and “wscript.exe.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails

Threat actors have been observed weaponizing n8n , a popular artificial intelligence (AI) workflow automation platform, to facilitate sophisticated phishing campaigns and deliver malicious payloads or fingerprint devices by sending automated emails. “By leveraging trusted infrastructure, these attackers bypass traditional security filters, turning productivity tools into delivery vehicles for persistent remote access,” Cisco Talos researchers Sean Gallagher and Omid Mirzaei said in an analysis published today. N8n is a workflow automation platform that allows users to connect various web applications, APIs, and AI model services to sync data, build agentic systems, and run repetitive rule-based tasks. Users can register for a developer account at no extra cost to avail a managed cloud-hosted service and run automation workflows without having to set up their own infrastructure.Doing so, however, creates a unique custom domain that goes by the format – .app.n8n.cloud – from where a user can access their applications.

The platform also supports the ability to create webhooks to receive data from apps and services when certain events are triggered.Thismakes it possible to initiate a workflow after receiving certain data.The data, in this case, is sent via a unique webhook URL. According to Cisco Talos, it’s these URL-exposed webhooks – which make use of the same *.app.n8n[.]cloud subdomain – that has been abused in phishing attacks as far back as October 2025. “A webhook, often referred to as a ’reverse API,’ allows one application to provide real-time information to another. These URLs register an application as a ’listener’ to receive data, which can include programmatically pulled HTML content,” Talos explained.

“When the URL receives a request, the subsequent workflow steps are triggered, returning results as an HTTP data stream to the requesting application. If the URL is accessed via email, the recipient’s browser acts as the receiving application, processing the output as a web page.” What makes this significant is that it opens a new door for threat actors to propagate malware while maintaining a veneer of legitimacy by giving the impression that they are originating from a trusted domain. Threat actors have wasted no time taking advantage of the behavior to set up n8n webhook URLs for malware delivery and device fingerprinting. The volume of email messages containing these URLs in March 2026 is said to have been about 686% higher than in January 2025.

In one campaign observed by Talos, threat actors have been found to embed an n8n-hosted webhook link in emails that claimed to be a shared document. Clicking the link takes the user to a web page that displays a CAPTCHA, which, upon completion, activates the download of a malicious payload from an external host. “Because the entire process is encapsulated within the JavaScript of the HTML document, the download appears to the browser to have come from the n8n domain,” the researchers noted. The end goal of the attack is to deliver an executable or an MSI installer that serves as a conduit for modified versions of legitimate Remote Monitoring and Management (RMM) tools like Datto and ITarian Endpoint Management, and use them to establish persistence by establishing a connection to a command-and-control (C2) server.

A second prevalent case concerns the abuse of n8n for fingerprinting. Specifically, this entails embedding in emails an invisible image or tracking pixel that’s hosted on an n8n webhook URL. As soon as the digital missive is opened via an email client, it automatically sends an HTTP GET request to the n8n URL along with tracking parameters, like the victim’s email address, thereby enabling the attackers to identify them. “The same workflows designed to save developers hours of manual labor are now being repurposed to automate the delivery of malware and fingerprinting devices due to their flexibility, ease of integration, and seamless automation,” Talos said.

“As we continue to leverage the power of low-code automation, it’s the responsibility of security teams to ensure these platforms and tools remain assets rather than liabilities.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover

A recently disclosed critical security flaw impacting nginx-ui, an open-source, web-based Nginx management tool, has come under active exploitation in the wild. The vulnerability in question is CVE-2026-33032 (CVSS score: 9.8), an authentication bypass vulnerability that enables threat actors to seize control of the Nginx service. It has been codenamed MCPwn by Pluto Security. “The nginx-ui MCP (Model Context Protocol) integration exposes two HTTP endpoints: /mcp and /mcp_message,” according to an advisory released by nginx-ui maintainers last month.

“While /mcp requires both IP whitelisting and authentication (AuthRequired() middleware), the /mcp_message endpoint only applies IP whitelisting – and the default IP whitelist is empty, which the middleware treats as ‘allow all.’” “This means any network attacker can invoke all MCP tools without authentication, including restarting nginx, creating/modifying/deleting nginx configuration files, and triggering automatic config reloads - achieving complete nginx service takeover.” According to Pluto Security researcher Yotam Perkal, who identified and reported the flaw, the attack can facilitate a full takeover in seconds via two requests - An HTTP GET request to the /mcp endpoint to establish a session and obtain a session ID. An HTTP POST request to the /mcp_message endpoint using the session ID to invoke any MCP tool sans authentication The session establishment step requires authentication, but an attacker can pull it off by exploiting a separate vulnerability in nginx-ui versions prior to 2.3.3 ( CVE-2026-27944 , CVSS score: 9.8), which exposes the encryption keys required to decrypt backups without authentication via the “/api/backup” endpoint. An unauthenticated attacker could weaponize this issue to download a full system backup and extract sensitive data, including user credentials, SSL private keys, Nginx configurations, and a query parameter called ” node_secret “ that’s used to authenticate the MCP interface. This ”node_secret” value can be passed to the HTTP GET request to receive the session ID, which is then used to issue commands through “/mcp_message” without further authentication.

In other words, attackers can exploit this vulnerability by sending specially crafted HTTP requests directly to the “/mcp_message” endpoint without any authentication headers or tokens. Successful exploitation of the flaw could enable them to invoke MCP tools and modify Nginx configuration files and reload the server. Furthermore, an attacker could exploit this loophole to intercept all traffic and harvest administrator credentials. Following responsible disclosure, the vulnerability was addressed in version 2.3.4 , released on March 15, 2026.

As workarounds, users are advised to add “middleware.AuthRequired()” to the “/mcp_message” endpoint to force authentication. Alternatively, it’s advised to change the IP allowlisting default behavior from “allow-all” to “deny-all.” The disclosure comes as Recorded Future, in a report published this week, listed CVE-2026-33032 as one of the 31 vulnerabilities that have been actively exploited by threat actors in March 2026. There are currently no insights on the exploitation activity associated with the security flaw. “When you bolt MCP onto an existing application, the MCP endpoints inherit the application’s full capabilities but not necessarily its security controls.

The result is a backdoor that bypasses every authentication mechanism the application was carefully built with,” Perkal said. Data from Shodan shows that there are about 2,689 exposed instances on the internet, with most of them located in China, the U.S., Indonesia, Germany, and Hong Kong. “Given the approximately 2,600 publicly reachable nginx-ui instances our researchers identified, the risk to unpatched deployments is immediate and real,” Pluto told The Hacker News. “Organizations running nginx-ui should treat this as an emergency: update to version 2.3.4 immediately, or disable MCP functionality and restrict network access as an interim measure.” News of CVE-2026-33032 follows the discovery of two security flaws in the Atlassian MCP server (“mcp-atlassian”) that could be chained to achieve remote code execution.

The flaws – tracked as CVE-2026-27825 (CVSS 9.1) and CVE-2026-27826 (CVSS 8.2) and dubbed MCPwnfluence – enable any attacker on the same local network to run arbitrary code on a vulnerable machine without requiring any authentication. “When chaining both vulnerabilities – we are able to send requests to the MCP from the LAN [local area network], redirect the server to the attacker machine, upload an attachment, and then receive a full unauthenticated RCE from the LAN,” Pluto Security said . Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More

A number of critical vulnerabilities impacting products from Adobe, Fortinet, Microsoft, and SAP have taken center stage in April’s Patch Tuesday releases. Topping the list is an SQL injection vulnerability impacting SAP Business Planning and Consolidation and SAP Business Warehouse ( CVE-2026-27681 , CVSS score: 9.9) that could result in the execution of arbitrary database commands. “The vulnerable ABAP program allows a low-privileged user to upload a file with arbitrary SQL statements that will then be executed,” Onapsis said in an advisory. In a potential attack scenario, a bad actor could abuse the affected upload-related functionality to run malicious SQL against BW/BPC data stores, extract sensitive data, and delete or corrupt database content.

“Manipulated planning figures, broken reports, or deleted consolidation data can undermine close processes, executive reporting, and operational planning,” Pathlock said . “In the wrong hands, this issue also creates a credible path to both stealthy data theft and overt business disruption.” Another security vulnerability that deserves a mention is a critical-severity remote code execution in Adobe Acrobat Reader ( CVE-2026-34621 , CVSS score: 8.6) that has come under active exploitation in the wild. That said, there are many unknowns at this stage. It is not clear how many people have been affected by the hacking campaign.

Nor is there any information about who is behind the activity, who is being targeted, and what their motives could be. Also patched by Adobe are five critical flaws in ColdFusion versions 2025 and 2023 that, if successfully exploited, could lead to arbitrary code execution, application denial-of-service, arbitrary file system read, and security feature bypass. The vulnerabilities are listed below - CVE-2026-34619 (CVSS score: 7.7) - A path traversal vulnerability leading to security feature bypass CVE-2026-27304 (CVSS score: 9.3) - An improper input validation vulnerability leading to arbitrary code execution CVE-2026-27305 (CVSS score: 8.6) - A path traversal vulnerability leading to arbitrary file system read CVE-2026-27282 (CVSS score: 7.5) - An improper input validation vulnerability leading to security feature bypass CVE-2026-27306 (CVSS score: 8.4) - An improper input validation vulnerability leading to arbitrary code execution Fixes have also been released for two critical FortiSandbox vulnerabilities that could result in authentication bypass and code execution - CVE-2026-39813 (CVSS score: 9.1) - A path traversal vulnerability in FortiSandbox JRPC API that could allow an unauthenticated attacker to bypass authentication via specially crafted HTTP requests. (Fixed in versions 4.4.9 and 5.0.6) CVE-2026-39808 (CVSS score: 9.1) - An operating system command injection vulnerability in FortiSandbox that could allow an unauthenticated attacker to execute unauthorized code or commands via crafted HTTP requests.

(Fixed in version 4.4.9) The development comes as Microsoft addressed a staggering 169 security defects, including a spoofing vulnerability impacting Microsoft SharePoint Server (CVE-2026-32201, CVSS score: 6.5) that could allow an attacker to view sensitive information. The company said it’s being actively exploited, although there are no insights into the in-the-wild exploitation associated with the bug. “SharePoint services, especially those used as internal document stores, can be a treasure trove for threat actors looking to steal data, especially data that may be leveraged to force ransom payments using double extortion techniques by threatening to release the stolen data if payment is not made,” Kev Breen, senior director of threat research at Immersive, said. “A secondary concern is that threat actors with access to SharePoint services could deploy weaponised documents or replace legitimate documents with infected versions that would allow them to spread to other hosts or victims moving laterally across the organization.” Software Patches from Other Vendors In addition to Microsoft, security updates have also been released by other vendors over the past several weeks to rectify several vulnerabilities, including — ABB Amazon Web Services AMD Apple ASUS AVEVA Broadcom (including VMware) Canon Cisco Citrix CODESYS D-Link Dassault Systèmes Dell Devolutions dormakaba Drupal Elastic F5 Fortinet Foxit Software FUJIFILM Gigabyte GitLab Google Android and Pixel Google Chrome Google Cloud Grafana Hitachi Energy HP HP Enterprise (including Aruba Networking and Juniper Networks ) Huawei IBM Ivanti Jenkins Lenovo Linux distributions AlmaLinux , Alpine Linux , Amazon Linux , Arch Linux , Debian , Gentoo , Oracle Linux , Mageia , Red Hat , Rocky Linux , SUSE , and Ubuntu MediaTek Mitel Mitsubishi Electric MongoDB Moxa Mozilla Firefox, Firefox ESR, and Thunderbird NETGEAR Node.js NVIDIA ownCloud Palo Alto Networks Phoenix Contact Progress Software QNAP Qualcomm Rockwell Automation Ruckus Wireless Samsung Schneider Electric Siemens SonicWall Splunk Spring Framework Supermicro Synology TP-Link WatchGuard , and Xiaomi Found this article interesting?

Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Deterministic + Agentic AI: The Architecture Exposure Validation Requires

Few technologies have moved from experimentation to boardroom mandate as quickly as AI. Across industries, leadership teams have embraced its broader potential, and boards, investors, and executives are already pushing organizations to adopt it across operational and security functions. Pentera’s AI Security and Exposure Report 2026 reflects that momentum: every CISO surveyed reported that AI is already in use across their organizations. Security testing is inevitably part of that shift.

Modern environments are too dynamic, and attack techniques too variable, for purely static testing logic to remain sufficient on its own. Adaptive payload generation, contextual interpretation of controls, and real-time execution adjustments are necessary to get closer to how attackers, and increasingly their own AI agents, operate. For experienced security teams, the need to incorporate AI into testing is no longer in question. You have to fight fire with fire.

What is less obvious is how AI should be integrated into a validation platform. A growing number of tools are being built as fully agentic systems, where AI reasoning governs execution from end to end. The appeal is clear. Greater autonomy can expand exploration depth, reduce reliance on predefined attack logic, and allow a system to adapt fluidly to complex environments.

The question is not whether that capability is impressive. It is whether that model is the right fit for structured security programs that depend on repeatability, controlled retesting, and measurable outcomes. Intelligence Needs Guardrails In many AI-driven applications, variability is not a problem; it’s a feature. A coding assistant might generate several valid solutions to the same problem, each taking a slightly different approach.

A research model may explore multiple lines of reasoning before arriving at an answer. That probabilistic behavior expands creativity and discovery and in many use cases adds value. When the goal is to benchmark performance and measure change over time, consistency matters. The same variability that can be useful for exploration, introduces risk when it comes to testing security controls.

If the methodology behind the testing shifts between each run, it becomes impossible to validate whether your security actually improved, or whether the system simply approached the problem differently. AI should still reason dynamically. Context-aware payload generation, adaptive sequencing, and environmental interpretation bring validation closer to how modern attacks actually unfold. But in a fully agentic model, that reasoning governs execution from start to finish, meaning the techniques used during a test can change between runs as the system makes different decisions along the way.

Human-in-the-loop models attempt to address this by introducing oversight. Analysts can review decisions, approve actions, and guide execution, improving safety and control of the testing process. But this does not resolve the underlying issue of repeatability. The system remains probabilistic.

Given the same starting conditions, AI can still generate different sequences of actions depending on how it reasons through the problem at that moment. As a result, ensuring consistency shifts to the human, increasing manual effort and reducing the value of the offering. A hybrid approach handles this differently. Deterministic logic defines how attack chains are executed, creating a stable structure for testing.

AI then enhances that process by adapting payloads, interpreting environmental signals, and adjusting techniques based on what it encounters. That distinction matters in practice. When a privilege escalation technique is identified, it can be replayed under the same conditions. After remediation is completed, the same sequence can be run again to validate whether the exposure remains.

If the exploitable gap is gone, it means the issue was fixed, not that the testing engine simply approached it differently. This is not about constraining intelligence. It is about anchoring it. AI strengthens validation when it enhances a stable execution model rather than redefining it on every run.

From Testing Events to Continuous Validation The methodology behind security testing matters most when validation becomes continuous. Instead of running isolated tests once or twice a year, teams are now testing weekly, and often daily, to retest remediation, benchmark security controls, and track exposure across environments over time. In practice, teams cannot audit the reasoning behind every test to verify that the methodology was the same. They need to trust that the platform applies a consistent testing model so that the change they see in the results reflects real changes in the environment.

That process depends on both consistency and adaptability. Attack methodology must be structured enough to replay under controlled conditions, while still adapting to changes in the environment. A hybrid model enables both. Deterministic orchestration preserves stable baselines for measurement, while AI adapts execution to reflect the realities of the environment being tested.

This hybrid model serves as the foundation of Pentera’s exposure validation platform . At its core is a deterministic attack engine that structures and executes attack chains with consistent logic, enabling stable baselines and controlled retesting. Developed over years of research by Pentera Labs , it powers the broadest and deepest attack library in the industry. This foundation allows Pentera to reliably audit and repeat adversarial techniques while providing the guardrails and decision-making framework that keep AI-driven execution controlled and measurable.

AI then enhances that deterministic foundation by adapting techniques in response to environmental signals and real-world conditions, allowing validation to remain realistic without sacrificing consistency. For exposure validation, the answer is not deterministic or agentic. It is both. Note: This article was written by Noam Hirsch, Product Marketing Manager, Pentera.

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.