Pentera

Pax has already found the best way to open Infosec with one week to go 🐐🌅 And he's saving you a spot. Join us for Tech on the Thames: The Infosec Happy Hour, an official Infosecurity Europe event with drinks, great company, and the best view in London. 2 June | 4:30 PM | Sunborn Yacht, London Don't miss the boat…literally. ⚓  👉 https://t.co/5jr1hr7JWs

London calling 💂🏻‍♂️ We're answering. Pentera is heading to Infosecurity London, June 2-4 at ExCeL London. Pax, the proactive cyber defender GOAT, will be at Booth F70. AI is accelerating attacks, and the only way to stay ahead is by validating your security controls work. Come see how Pentera helps you test continuously, validate your exposures, and fix them fast.  🔹Pentera Peer - turns complex offensive security testing into an interactive dialogue in natural language 🔹AI Security Insights - analyzes your latest 8 reports to identify trends and transforms validated attack data into prioritized, role-specific decisions and remediation actions 🔹AI-Based Web Attacks - an AI-enhanced attack engine that automatically generates and chains real exploit paths across your live web environment, adapting payloads and execution paths based on live application behavior and responses Security just got a lot smarter. Come see it live. 📍 Booth F70 📅 June 2-4 | ExCeL London

A developer tool on your network just became a remote attack vector 🌐 Pentera Labs researcher Nir Chako discovered CVE-2026-34045 in Podman Desktop, a tool with 3M+ downloads and a fresh spot in the CNCF Sandbox. The issue? A background service intended for localhost was silently binding to port 44000 on all network interfaces. No authentication. No connection limits. No timeouts. That's all an attacker needs. With just network access, a remote unauthenticated attacker could: → Crash the host entirely using a Slowloris-style connection flood → Extract internal usernames and filesystem paths from unhandled error responses As always, the emerging technologies of today are the mainstream of tomorrow. It’s better to close the security issues at this stage, before the blast radius becomes too big to handle.  OWASP's Top 10:2025 now officially ranks developer workstations among the most critical attack surface areas in the software supply chain. This CVE is a live example of exactly why. If you're running Podman Desktop, update to v1.26.2 (or newer) now. Full research here👇 https://t.co/KduOd4Y0Mr

Tschüss! PenteraConnect Frankfurt officially wrapped🎤⬇️ Frankfurt showed up. Security professionals from across the region gathered at SPARK for a full day of innovation in exposure management, hands-on learning, and serious cyber challenges. We pulled back the curtain on what's next on Pentera product roadmap, and got deep into real-world security use cases in action. Then came the CTF. Keyboards flying, the clock ticking, and only one team walking away with the crown. If you were in the room, you know. If not, make sure the next one is on your calendar! #PenteraConnect #Frankfurt #cybersecurity

"Scanned by Gmail." That means the attachment is completely safe to download… right? 🤔 New research from Pentera Labs by Ben Ilkashi reveals architectural gaps between Gmail and Google Drive that can turn out to be delivery paths for malicious files. Files originally blocked by Gmail can be reintroduced and delivered with a misleading “Scanned by Gmail” label.  Attackers can manipulate the built-in trust within Google suite to: • Bypass Gmail’s attachment scanning controls • Avoid Google Drive’s abuse and warning mechanisms • Deliver high-risk files as native, trusted attachments Google confirmed the findings. No fix has been released. https://t.co/lYVobq46rJ

Not every security event has a CTF.  Not every CTF is built around the platform you use and know so well.  And not every platform gives you this kind of community.  At PenteraConnect Frankfurt, our customers are stepping into a challenging CTF: think like an attacker, expose what's hidden, and compete for a spot at the top ✈️ Exclusive to Pentera customers.  See you at the top of the leaderboard.

Hot take: the best meeting at Infosec isn't in the schedule. 👀 It’s on the Thames. On a yacht. And 6 of the most talked-about technologies in security, all in one place. Pentera. Torq. Armis. Cyera. Keyfactor. Island. Security validation, Exposure management, Hyperautomation, asset intelligence, data security, PKI & Machine Identity Management, and Enterprise Browser Security. The conversations happening on this boat? You won't find them on any conference floor. Tech on the Thames: The Infosec Happy Hour - an official Infosec Europe event with unbeatable views of London, great drinks, and 6 cutting edge technologies.  2 June | 4:30 PM | Sunborn Yacht, London Spots are limited. Don't miss it. ⚓  https://t.co/gMUKeAlCKp

Google's own infrastructure can be used to deliver malware to any inbox, including yours. Ben Ilkashi of Pentera Labs, discovered structural flaws in Gmail and Google Drive that let malicious files reach inboxes stamped with Gmail's own "Scanned by Gmail" seal of approval. The same file Gmail blocks as malicious? It can still be delivered through Google Drive, looking completely legitimate to the recipient. Attackers can exploit this today, turning Google's trusted infrastructure into a phishing delivery mechanism. Google confirmed the findings. No fix has been released. Read the full story as covered by Davey Winder for Forbes → https://t.co/9aL3amhOic

We have some serious bragging to do.  Kara Cassidy Poulin and Megan Padgett have been named to the 2026 CRN Women of the Channel list! 🏆 CRN's Women of the Channel is an annual recognition honoring the influential women driving success across the IT channel ecosystem, and these two are doing exactly that.  Kara leads field and channel marketing across the Americas,building targeted partner campaigns, forming strategic alliances, and enabling partners to lead their market with proven security validation solutions. Megan keeps Pentera’s channel program running at full speed, creating the systems, processes, and partner communications that keep our ecosystem connected and informed. Kara, Megan, congratulations on this well-deserved achievement. We are so proud to have them on the Pentera team. Check out the full list at https://t.co/A85nUBJ4oy. 🔗 #WomenOfTheChannel #CRN2026 #ChannelLeaders

Anthropic released an AI model that finds and exploits zero-day vulnerabilities on its own: working exploits, produced autonomously, completed in under a day, for under $2,000.  You've probably seen it all over your feed by now. Our Head of Research Shlomo Ben Yosef digs into what's actually different: The gap between disclosure and exploitation is collapsing. "No known exploit" and "hard to exploit" aren't meaningful risk indicators anymore. AI can chain weaknesses into full system compromise - and the real challenge now isn't finding vulnerabilities, it's understanding how they can actually be used against you. Full breakdown in the post: https://t.co/t6hYWSRhiT #ClaudeMythos #GlasswingProject #Anthropic

From one cyber GOAT to another 📖🐐 Here is the new GOAT Guide for Cloud Pentesting. It breaks down the 4 stages of going from "cloud discovery" to "cyber GOAT": - Map what actually exists in your cloud  - Validate which exposures are actually exploitable (not just "risky") - Trace how far an attacker can move across accounts and estates  - Fix what matters most Written by Gary Grit, CISO at Grazing Inc., for security leaders tired of flying blind in the cloud. Time to stop herding clouds and start validating exposures: https://t.co/hECf4mvEGD

Woman in tech: Women Who Shape Pentera If you're building a career in cyber and wondering whether your path makes sense, hearing from women who've been through the doubt, the pivots, and the "I'm not ready for this" moments helps more than any leadership book. We brought together women from across Pentera - different regions, different roles, different career stages - for a TED-style conversation about the decisions that actually shaped their careers.  The kind of stuff that doesn't make it into a bio: taking a role you didn't feel ready for, changing direction when the safe path was to stay, learning to lead without waiting for permission. Thank you to Hayley Attfiled, Shoham Elkayam, Grenadine Law, Gabriela Valdes, Kara Poulin, for being so open, and to Heather Daval for leading the conversation.

Anthropic Mythos, GPT‑5.4‑Cyber and other Cyber-grade AI models, are driven by a probabilistic model designed to explore and pivot like a human. They don't take the same path twice and therefore, they cannot prove an identified security gap has been remediated. What does this mean for cybersecurity? According to our CEO Amitai Ratzon, "that kind of unnecessary doubt is the hidden tax of the push toward total autonomy."  In Computer Weekly, Amitai makes the case that after Anthropic's Mythos - an AI chaining zero-days into working exploits in hours - security teams can't afford to confuse "not observed" with "not exploitable." Discovery can be probabilistic. Validation has to be deterministic. Same technique, same conditions, repeatable - every time. Read the full piece https://t.co/INSnIdBuqY #CyberSecurity #SecurityValidation #AIThreats

“We are the attacker. The friendly attacker in your network.” That’s how our CEO Amitai Ratzon describes Pentera. And in 2026, that friendly attacker is getting even more powerful.  🔹 Pentera Peer, the security practitioners superpower: ask native language questions, get board ready answers instantly 🔹 Validation on demand: one button, embedded directly in your SIEM, XDR, and threat intel platforms Attackers are adopting AI, Pentera is arming the defenders and leveling up the playing field.  Hear it straight from our CEO.

AI is rewriting cybersecurity as we speak. Tools like Anthropic's Claude Mythos are collapsing the time between vulnerability discovered and vulnerability exploited. It's all moving at machine speed, and we need to adapt. Autonomous security validation, agentic SOCs, agentic EDR, AI red-teaming - are all in the making. One thing won't change: cybercrime adapts to every new technology. Whatever AI hands defenders today, attackers will weaponize tomorrow. The race goes on.