We’re at Interop Japan this week with Paxton, created for the Cyber GOATs we get to work with every day. Here’s to the teams validating risk, proving defenses, and fixing what matters before attackers get the chance. Come find Pentera at booth 5W24. #InteropJapan

Security teams don’t need more tools. They need fewer problems. That was the message at Infosec Europe: less noise, faster action, and validation that shows what actually matters. Thanks to everyone who met us on the floor and on the Thames. #InfoSecEurope 🎥 Will Saunders

At Gartner SRM, Pentera CEO Amitai Ratzon spoke on AI security testing. What the room took away: speed isn’t the hard part. Trust is. AI attack agents must be safe, repeatable, controlled, and auditable. The real value starts when exposures get fixed. #SecurityValidation #A

We're at Gartner Security and Risk Management Summit… are you? 👋 Come meet us at Booth 440!  Let's talk AI-driven security validation, how to find and fix your exposures fast, and what it takes to stay ahead of attackers in 2026. National Harbor, MD, Booth #440

Every good London trip has a final destination. 🐐 For Pax, it's this one. Pentera at Infosecurity Europe, Booth F70. June 2–4 | ExCeL London Come find us. Let's talk AI-powered security testing and fixing.

Pax has already found the best way to open Infosec with one week to go 🐐🌅 And he's saving you a spot. Join us for Tech on the Thames: The Infosec Happy Hour, an official Infosecurity Europe event with drinks, great company, and the best view in London. 2 June | 4:30 PM | Sunborn Yacht, London Don't miss the boat…literally. ⚓  👉 okt.to/trcEP6

London calling 💂🏻‍♂️ We're answering. Pentera is heading to Infosecurity London, June 2-4 at ExCeL London. Pax, the proactive cyber defender GOAT, will be at Booth F70. AI is accelerating attacks, and the only way to stay ahead is by validating your security controls work. Come see how Pentera helps you test continuously, validate your exposures, and fix them fast.  🔹Pentera Peer - turns complex offensive security testing into an interactive dialogue in natural language 🔹AI Security Insights - analyzes your latest 8 reports to identify trends and transforms validated attack data into prioritized, role-specific decisions and remediation actions 🔹AI-Based Web Attacks - an AI-enhanced attack engine that automatically generates and chains real exploit paths across your live web environment, adapting payloads and execution paths based on live application behavior and responses Security just got a lot smarter. Come see it live. 📍 Booth F70 📅 June 2-4 | ExCeL London

A developer tool on your network just became a remote attack vector 🌐 Pentera Labs researcher Nir Chako discovered CVE-2026-34045 in Podman Desktop, a tool with 3M downloads and a fresh spot in the CNCF Sandbox. The issue? A background service intended for localhost was silently binding to port 44000 on all network interfaces. No authentication. No connection limits. No timeouts. That's all an attacker needs. With just network access, a remote unauthenticated attacker could: → Crash the host entirely using a Slowloris-style connection flood → Extract internal usernames and filesystem paths from unhandled error responses As always, the emerging technologies of today are the mainstream of tomorrow. It’s better to close the security issues at this stage, before the blast radius becomes too big to handle.  OWASP's Top 10:2025 now officially ranks developer workstations among the most critical attack surface areas in the software supply chain. This CVE is a live example of exactly why. If you're running Podman Desktop, update to v1.26.2 (or newer) now. Full research here👇 okt.to/xsCqVg

Tschüss! PenteraConnect Frankfurt officially wrapped🎤⬇️ Frankfurt showed up. Security professionals from across the region gathered at SPARK for a full day of innovation in exposure management, hands-on learning, and serious cyber challenges. We pulled back the curtain on what's next on Pentera product roadmap, and got deep into real-world security use cases in action. Then came the CTF. Keyboards flying, the clock ticking, and only one team walking away with the crown. If you were in the room, you know. If not, make sure the next one is on your calendar! #PenteraConnect #Frankfurt #cybersecurity

"Scanned by Gmail." That means the attachment is completely safe to download… right? 🤔 New research from Pentera Labs by Ben Ilkashi reveals architectural gaps between Gmail and Google Drive that can turn out to be delivery paths for malicious files. Files originally blocked by Gmail can be reintroduced and delivered with a misleading “Scanned by Gmail” label.  Attackers can manipulate the built-in trust within Google suite to: • Bypass Gmail’s attachment scanning controls • Avoid Google Drive’s abuse and warning mechanisms • Deliver high-risk files as native, trusted attachments Google confirmed the findings. No fix has been released. okt.to/ZYxrMD

Not every security event has a CTF.  Not every CTF is built around the platform you use and know so well.  And not every platform gives you this kind of community.  At PenteraConnect Frankfurt, our customers are stepping into a challenging CTF: think like an attacker, expose what's hidden, and compete for a spot at the top ✈️ Exclusive to Pentera customers.  See you at the top of the leaderboard.

Before heading to InfoSec, we had to stop by Borough Market. Obviously. 🍓🍫🐐 We had to try the viral chocolate covered strawberries. If you know, you know. (Pax went straight for the fish and chips. We don't judge.)

Hot take: the best meeting at Infosec isn't in the schedule. 👀 It’s on the Thames. On a yacht. And 6 of the most talked-about technologies in security, all in one place. Pentera. Torq. Armis. Cyera. Keyfactor. Island. Security validation, Exposure management, Hyperautomation, asset intelligence, data security, PKI & Machine Identity Management, and Enterprise Browser Security. The conversations happening on this boat? You won't find them on any conference floor. Tech on the Thames: The Infosec Happy Hour - an official Infosec Europe event with unbeatable views of London, great drinks, and 6 cutting edge technologies.  2 June | 4:30 PM | Sunborn Yacht, London Spots are limited. Don't miss it. ⚓  okt.to/bdeYGS

Google's own infrastructure can be used to deliver malware to any inbox, including yours. Ben Ilkashi of Pentera Labs, discovered structural flaws in Gmail and Google Drive that let malicious files reach inboxes stamped with Gmail's own "Scanned by Gmail" seal of approval. The same file Gmail blocks as malicious? It can still be delivered through Google Drive, looking completely legitimate to the recipient. Attackers can exploit this today, turning Google's trusted infrastructure into a phishing delivery mechanism. Google confirmed the findings. No fix has been released. Read the full story as covered by Davey Winder for Forbes → okt.to/hM7Jw1

We have some serious bragging to do.  Kara Cassidy Poulin and Megan Padgett have been named to the 2026 CRN Women of the Channel list! 🏆 CRN's Women of the Channel is an annual recognition honoring the influential women driving success across the IT channel ecosystem, and these two are doing exactly that.  Kara leads field and channel marketing across the Americas,building targeted partner campaigns, forming strategic alliances, and enabling partners to lead their market with proven security validation solutions. Megan keeps Pentera’s channel program running at full speed, creating the systems, processes, and partner communications that keep our ecosystem connected and informed. Kara, Megan, congratulations on this well-deserved achievement. We are so proud to have them on the Pentera team. Check out the full list at crn.com/wotc. 🔗 #WomenOfTheChannel #CRN2026 #ChannelLeaders

Guess who's in London. 🐐 The changing of the guard hits different when you've already got security covered.  Pax flew in early because when Pentera's in town, you make the trip. Hoodie packed, itinerary stacked, ready to make a week of it.

Anthropic released an AI model that finds and exploits zero-day vulnerabilities on its own: working exploits, produced autonomously, completed in under a day, for under $2,000.  You've probably seen it all over your feed by now. Our Head of Research Shlomo Ben Yosef digs into what's actually different: The gap between disclosure and exploitation is collapsing. "No known exploit" and "hard to exploit" aren't meaningful risk indicators anymore. AI can chain weaknesses into full system compromise - and the real challenge now isn't finding vulnerabilities, it's understanding how they can actually be used against you. Full breakdown in the post: okt.to/J1z5tr #ClaudeMythos #GlasswingProject #Anthropic

From one cyber GOAT to another 📖🐐 Here is the new GOAT Guide for Cloud Pentesting. It breaks down the 4 stages of going from "cloud discovery" to "cyber GOAT": - Map what actually exists in your cloud  - Validate which exposures are actually exploitable (not just "risky") - Trace how far an attacker can move across accounts and estates  - Fix what matters most Written by Gary Grit, CISO at Grazing Inc., for security leaders tired of flying blind in the cloud. Time to stop herding clouds and start validating exposures: okt.to/uV82lj

Make the AI Force Be With You

Woman in tech: Women Who Shape Pentera If you're building a career in cyber and wondering whether your path makes sense, hearing from women who've been through the doubt, the pivots, and the "I'm not ready for this" moments helps more than any leadership book. We brought together women from across Pentera - different regions, different roles, different career stages - for a TED-style conversation about the decisions that actually shaped their careers.  The kind of stuff that doesn't make it into a bio: taking a role you didn't feel ready for, changing direction when the safe path was to stay, learning to lead without waiting for permission. Thank you to Hayley Attfiled, Shoham Elkayam, Grenadine Law, Gabriela Valdes, Kara Poulin, for being so open, and to Heather Daval for leading the conversation.