Pentera

London calling 💂🏻‍♂️ We're answering. Pentera is heading to Infosecurity London, June 2-4 at ExCeL London. Pax, the proactive cyber defender GOAT, will be at Booth F70. AI is accelerating attacks, and the only way to stay ahead is by validating your security controls work. Come see how Pentera helps you test continuously, validate your exposures, and fix them fast.  🔹Pentera Peer - turns complex offensive security testing into an interactive dialogue in natural language 🔹AI Security Insights - analyzes your latest 8 reports to identify trends and transforms validated attack data into prioritized, role-specific decisions and remediation actions 🔹AI-Based Web Attacks - an AI-enhanced attack engine that automatically generates and chains real exploit paths across your live web environment, adapting payloads and execution paths based on live application behavior and responses Security just got a lot smarter. Come see it live. 📍 Booth F70 📅 June 2-4 | ExCeL London

A developer tool on your network just became a remote attack vector 🌐 Pentera Labs researcher Nir Chako discovered CVE-2026-34045 in Podman Desktop, a tool with 3M+ downloads and a fresh spot in the CNCF Sandbox. The issue? A background service intended for localhost was silently binding to port 44000 on all network interfaces. No authentication. No connection limits. No timeouts. That's all an attacker needs. With just network access, a remote unauthenticated attacker could: → Crash the host entirely using a Slowloris-style connection flood → Extract internal usernames and filesystem paths from unhandled error responses As always, the emerging technologies of today are the mainstream of tomorrow. It’s better to close the security issues at this stage, before the blast radius becomes too big to handle.  OWASP's Top 10:2025 now officially ranks developer workstations among the most critical attack surface areas in the software supply chain. This CVE is a live example of exactly why. If you're running Podman Desktop, update to v1.26.2 (or newer) now. Full research here👇 okt.to/xsCqVg

Tschüss! PenteraConnect Frankfurt officially wrapped🎤⬇️ Frankfurt showed up. Security professionals from across the region gathered at SPARK for a full day of innovation in exposure management, hands-on learning, and serious cyber challenges. We pulled back the curtain on what's next on Pentera product roadmap, and got deep into real-world security use cases in action. Then came the CTF. Keyboards flying, the clock ticking, and only one team walking away with the crown. If you were in the room, you know. If not, make sure the next one is on your calendar! #PenteraConnect #Frankfurt #cybersecurity

"Scanned by Gmail." That means the attachment is completely safe to download… right? 🤔 New research from Pentera Labs by Ben Ilkashi reveals architectural gaps between Gmail and Google Drive that can turn out to be delivery paths for malicious files. Files originally blocked by Gmail can be reintroduced and delivered with a misleading “Scanned by Gmail” label.  Attackers can manipulate the built-in trust within Google suite to: • Bypass Gmail’s attachment scanning controls • Avoid Google Drive’s abuse and warning mechanisms • Deliver high-risk files as native, trusted attachments Google confirmed the findings. No fix has been released. okt.to/ZYxrMD

Not every security event has a CTF.  Not every CTF is built around the platform you use and know so well.  And not every platform gives you this kind of community.  At PenteraConnect Frankfurt, our customers are stepping into a challenging CTF: think like an attacker, expose what's hidden, and compete for a spot at the top ✈️ Exclusive to Pentera customers.  See you at the top of the leaderboard.

Before heading to InfoSec, we had to stop by Borough Market. Obviously. 🍓🍫🐐 We had to try the viral chocolate covered strawberries. If you know, you know. (Pax went straight for the fish and chips. We don't judge.)

Hot take: the best meeting at Infosec isn't in the schedule. 👀 It’s on the Thames. On a yacht. And 6 of the most talked-about technologies in security, all in one place. Pentera. Torq. Armis. Cyera. Keyfactor. Island. Security validation, Exposure management, Hyperautomation, asset intelligence, data security, PKI & Machine Identity Management, and Enterprise Browser Security. The conversations happening on this boat? You won't find them on any conference floor. Tech on the Thames: The Infosec Happy Hour - an official Infosec Europe event with unbeatable views of London, great drinks, and 6 cutting edge technologies.  2 June | 4:30 PM | Sunborn Yacht, London Spots are limited. Don't miss it. ⚓  okt.to/bdeYGS

Google's own infrastructure can be used to deliver malware to any inbox, including yours. Ben Ilkashi of Pentera Labs, discovered structural flaws in Gmail and Google Drive that let malicious files reach inboxes stamped with Gmail's own "Scanned by Gmail" seal of approval. The same file Gmail blocks as malicious? It can still be delivered through Google Drive, looking completely legitimate to the recipient. Attackers can exploit this today, turning Google's trusted infrastructure into a phishing delivery mechanism. Google confirmed the findings. No fix has been released. Read the full story as covered by Davey Winder for Forbes → okt.to/hM7Jw1

We have some serious bragging to do.  Kara Cassidy Poulin and Megan Padgett have been named to the 2026 CRN Women of the Channel list! 🏆 CRN's Women of the Channel is an annual recognition honoring the influential women driving success across the IT channel ecosystem, and these two are doing exactly that.  Kara leads field and channel marketing across the Americas,building targeted partner campaigns, forming strategic alliances, and enabling partners to lead their market with proven security validation solutions. Megan keeps Pentera’s channel program running at full speed, creating the systems, processes, and partner communications that keep our ecosystem connected and informed. Kara, Megan, congratulations on this well-deserved achievement. We are so proud to have them on the Pentera team. Check out the full list at crn.com/wotc. 🔗 #WomenOfTheChannel #CRN2026 #ChannelLeaders

Guess who's in London. 🐐 The changing of the guard hits different when you've already got security covered.  Pax flew in early because when Pentera's in town, you make the trip. Hoodie packed, itinerary stacked, ready to make a week of it.

Anthropic released an AI model that finds and exploits zero-day vulnerabilities on its own: working exploits, produced autonomously, completed in under a day, for under $2,000.  You've probably seen it all over your feed by now. Our Head of Research Shlomo Ben Yosef digs into what's actually different: The gap between disclosure and exploitation is collapsing. "No known exploit" and "hard to exploit" aren't meaningful risk indicators anymore. AI can chain weaknesses into full system compromise - and the real challenge now isn't finding vulnerabilities, it's understanding how they can actually be used against you. Full breakdown in the post: okt.to/J1z5tr #ClaudeMythos #GlasswingProject #Anthropic

From one cyber GOAT to another 📖🐐 Here is the new GOAT Guide for Cloud Pentesting. It breaks down the 4 stages of going from "cloud discovery" to "cyber GOAT": - Map what actually exists in your cloud  - Validate which exposures are actually exploitable (not just "risky") - Trace how far an attacker can move across accounts and estates  - Fix what matters most Written by Gary Grit, CISO at Grazing Inc., for security leaders tired of flying blind in the cloud. Time to stop herding clouds and start validating exposures: okt.to/uV82lj

Make the AI Force Be With You

Woman in tech: Women Who Shape Pentera If you're building a career in cyber and wondering whether your path makes sense, hearing from women who've been through the doubt, the pivots, and the "I'm not ready for this" moments helps more than any leadership book. We brought together women from across Pentera - different regions, different roles, different career stages - for a TED-style conversation about the decisions that actually shaped their careers.  The kind of stuff that doesn't make it into a bio: taking a role you didn't feel ready for, changing direction when the safe path was to stay, learning to lead without waiting for permission. Thank you to Hayley Attfiled, Shoham Elkayam, Grenadine Law, Gabriela Valdes, Kara Poulin, for being so open, and to Heather Daval for leading the conversation.

Anthropic Mythos, GPT‑5.4‑Cyber and other Cyber-grade AI models, are driven by a probabilistic model designed to explore and pivot like a human. They don't take the same path twice and therefore, they cannot prove an identified security gap has been remediated. What does this mean for cybersecurity? According to our CEO Amitai Ratzon, "that kind of unnecessary doubt is the hidden tax of the push toward total autonomy."  In Computer Weekly, Amitai makes the case that after Anthropic's Mythos - an AI chaining zero-days into working exploits in hours - security teams can't afford to confuse "not observed" with "not exploitable." Discovery can be probabilistic. Validation has to be deterministic. Same technique, same conditions, repeatable - every time. Read the full piece okt.to/kmtbAo #CyberSecurity #SecurityValidation #AIThreats

“We are the attacker. The friendly attacker in your network.” That’s how our CEO Amitai Ratzon describes Pentera. And in 2026, that friendly attacker is getting even more powerful.  🔹 Pentera Peer, the security practitioners superpower: ask native language questions, get board ready answers instantly 🔹 Validation on demand: one button, embedded directly in your SIEM, XDR, and threat intel platforms Attackers are adopting AI, Pentera is arming the defenders and leveling up the playing field.  Hear it straight from our CEO.

AI is rewriting cybersecurity as we speak. Tools like Anthropic's Claude Mythos are collapsing the time between vulnerability discovered and vulnerability exploited. It's all moving at machine speed, and we need to adapt. Autonomous security validation, agentic SOCs, agentic EDR, AI red-teaming - are all in the making. One thing won't change: cybercrime adapts to every new technology. Whatever AI hands defenders today, attackers will weaponize tomorrow. The race goes on.

𝗔𝗜 𝗶𝘀 𝗲𝘃𝗲𝗿𝘆𝘄𝗵𝗲𝗿𝗲. 𝗜𝘁 𝗰𝗿𝗲𝗮𝘁𝗲𝘀 𝗮 𝘄𝗵𝗼𝗹𝗲 𝗻𝗲𝘄 𝗼𝗿𝗴𝗮𝗻𝗶𝘇𝗮𝘁𝗶𝗼𝗻𝗮𝗹 𝗮𝘁𝘁𝗮𝗰𝗸 𝘀𝘂𝗿𝗳𝗮𝗰𝗲. 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗽𝗿𝗮𝗰𝘁𝗶𝗰𝗲𝘀 𝘁𝗼 𝗽𝗿𝗼𝘁𝗲𝗰𝘁 𝗶𝘁 𝗮𝗿𝗲 𝗻𝗼𝘁 𝗸𝗲𝗲𝗽𝗶𝗻𝗴 𝘂𝗽. Ryan Dorey, Director of Technical Advisors at Pentera, published in The Hacker News new findings from our AI and Adversarial Testing Benchmark Report 2026, based on a survey of 300 CISOs. The numbers tell the story: 🔹 67% of CISOs have limited visibility into how AI is used across their org 🔹 50% cite lack of internal expertise as their #1 barrier, not budget 🔹 75% are relying on legacy tools to secure infrastructure those tools were never built for The challenge isn't knowing AI security matters. It's having the visibility, skills, and tools to validate and act on it. Closing these foundational gaps in skills, visibility, and tooling is becoming urgent. Read the full piece👇 okt.to/h6SNzc

𝗖𝗜𝗦𝗢𝘀 𝗮𝗿𝗲 𝘀𝘁𝗿𝘂𝗴𝗴𝗹𝗶𝗻𝗴 𝘁𝗼 𝗲𝘃𝗲𝗻 𝘁𝗿𝗮𝗰𝗸 𝘄𝗵𝗲𝗿𝗲 𝗮𝗹𝗹 𝘁𝗵𝗲𝗶𝗿 𝗔𝗜 𝗮𝗽𝗽𝗹𝗶𝗰𝗮𝘁𝗶𝗼𝗻𝘀 𝗹𝗶𝘃𝗲, 𝗹𝗲𝘁 𝗮𝗹𝗼𝗻𝗲 𝘀𝗲𝗰𝘂𝗿𝗲 𝘁𝗵𝗲𝗺. 𝗔𝗻𝗱 𝗮𝘀 𝗮𝗴𝗲𝗻𝘁𝘀 𝘀𝘁𝗮𝗿𝘁 𝘁𝗮𝗹𝗸𝗶𝗻𝗴 𝘁𝗼 𝗮𝗴𝗲𝗻𝘁𝘀, 𝘁𝗵𝗲 𝘃𝗶𝘀𝗶𝗯𝗶𝗹𝗶𝘁𝘆 𝗽𝗿𝗼𝗯𝗹𝗲𝗺 𝗼𝗻𝗹𝘆 𝗴𝗲𝘁𝘀 𝘄𝗼𝗿𝘀𝗲. Pentera’s approach brings control to that reality: combining AI-driven attack emulation with deterministic guardrails, so security teams can move fast without losing oversight. It’s how enterprises validate real exposure across evolving environments. Pentera’s Aviv Cohen, Chief Marketing and Corporate Strategy Officer, summed up the industry's AI dilemma: "You want the honey, but you don't want the sting."  Watch Aviv unpack one of the biggest shifts in cybersecurity right now; the rise of AI-driven attacks, with Jarrett Banks from Tech Edge. okt.to/yecdbP #AIAttacks #AdversarialAI @CorpGov

𝗣𝗲𝗻𝘁𝗲𝗿𝗮 𝗶𝘀 𝗻𝗼𝘄 𝗮𝘃𝗮𝗶𝗹𝗮𝗯𝗹𝗲 𝗼𝗻 𝗔𝗪𝗦 𝗠𝗮𝗿𝗸𝗲𝘁𝗽𝗹𝗮𝗰𝗲 ☁️ We’re making it easier for the Pentera/AWS joint customers to increase their cyber readiness and adopt our AI-powered exposure management solution. Here’s what this means for you: 1️⃣ Use your existing AWS committed spend to invest in security validation 2️⃣ Purchase Pentera directly through AWS Marketplace - no extra procurement hoops 3️⃣ Start validating your defenses with real attack techniques, safely in production Learn More: okt.to/vUINjc Test fast. Fix fast.