|
By Komodo Research
AigentX, our autonomous web-application penetration testing agent, ran black-box against OWASP crAPI and confirmed 35 exploitable findings, 15 of them Critical, including a chain that turns a free signup account into uid=0(root) and a permanently forged admin identity. Every finding below carries a request, a response, and a reproduction. The full report is one click away. Most “AI found N vulnerabilities” write-ups never let you check the work. This one does.
|
By Komodo Research
Choosing the best penetration testing companies in 2026 is no longer straightforward. With cyber threats evolving rapidly and AI-powered attacks on the rise, businesses need partners who go beyond automated scans to deliver real, actionable security insights. The reality of cybersecurity in 2026 is stark. Over 5.3 vulnerabilities are discovered every single minute.
|
By Komodo Research
Stop managing alerts. Start managing your business. While other platforms wait for your "OK," our KomodoSec AigentX is already halfway through the fix. Security teams today are overwhelmed by alerts, delayed responses, and fragmented tools. An autonomous security platform changes that by acting instantly, detecting and fixing threats without waiting for human input.. Traditional Security Operations Centers (SOCs) often struggle to keep up with the scale and speed of modern threats.
The cybersecurity industry is sleepwalking. We are still captivated by the romanticized image of the hacker: a human in a hoodie manually typing code to breach a network. Wake up to the reality of 2026. The modern adversary is no longer human. It is algorithmic.
|
By Komodo Research
How AigentX found 24 real vulnerabilities, confirmed what wasn't exploitable, and discovered risks that code review alone could never catch.
Large Language Models now automate customer support, write code, classify emails, generate content, and - disturbingly - execute tasks through plugins and agents. Once an AI can act on your behalf, it becomes part of your operational infrastructure, not a toy. OWASP’s Top-10 for LLM Applications formalized the threat landscape, and quietly confirmed what security researchers have been yelling for two years.
AI IDEs such as Cursor and Windsurf include their own browser engine. If that engine is not up to date, it carries known vulnerabilities. This week’s signals show Cursor 2.0 released on Oct 29, 2025 without a stated browser upgrade in the Cursor 2.0 changelog. Users also posted About screenshots that still show older builds. Windsurf’s October notes list a newer baseline in the Windsurf changelog. Treat these tools like browsers: verify versions, reduce risky paths, upgrade when available.
|
By maya933
Attackers stole OAuth tokens tied to the Salesloft Drift integration, then used those valid tokens to call Salesforce APIs and export data. This is token abuse via a third-party Connected App, not a core Salesforce bug. Focus your response on governance and validation: revoke and rotate, re-enable with least privilege, and use Salesforce Event Monitoring to verify detections. What happened.
|
By Komodo Research
A lightweight, PowerShell-based SMB enumeration and data-gathering tool for red team engagements and penetration testing. This tool is designed to work natively on Windows without the need for external dependencies like Python or Linux-based utilities.
|
By Komodo Research
Server Message Block (SMB) is a ubiquitous protocol used for file sharing, remote access, and resource management across enterprise networks. While critical for business operations, its misconfigurations can expose vulnerabilities to attackers. In this blog post, we’ll dive into a real-world red team operation where a simple yet effective PowerShell-based tool led us from SMB enumeration to full network takeover.
|
By Komodo Consulting
A short clip to demonstrate how a vulnerability in Firefox detected by Komodo's research team can lead to a file-less adware.
|
By Komodo Consulting
Step by step instruction by Komodo's expert on how to solve the first challenge.
|
By Komodo Consulting
Don from ITProTV Interviews Boaz Shunami, Komodo Consulting's CEO at RSA 2017. Boaz explains how Komodo's team delivers unique value to its fortune 500 customers with external Red-Team vs. Blue-Team exercises.
|
By Komodo Consulting
CYSNIFF is a preemptive Cyber Threat Intelligence Platform designed to help organizations and governments deal with the rapid increase of cyber threats such as planned Cyber Attacks, DDoS attacks, Persistent Threats and data Leakages. By providing real-time alerts generated automatically by our unique Artificial Intelligence engine, your organization receives prompt notifications regarding major cyber events of interest and can respond proactively.
- June 2026 (3)
- May 2026 (2)
- November 2025 (1)
- October 2025 (1)
- September 2025 (1)
- February 2025 (1)
- January 2025 (2)
- November 2024 (1)
- August 2024 (1)
- June 2024 (1)
- April 2024 (2)
- February 2024 (1)
- January 2024 (1)
- October 2023 (2)
- August 2023 (3)
- July 2023 (2)
- June 2023 (1)
- May 2018 (1)
- August 2017 (1)
- March 2017 (1)
- May 2015 (1)
Komodo Consulting enables companies to align their business and regulatory requirements and adapt to the ever-changing challenges of the information and cyber security fields.
Utilizing proprietary tools and techniques and an expert approach we provide our customers with a full range of cyber security services ranging from Application Security, Incident Response, Threat Intelligence, Training, and Penetration Testing through to Cyber Security Strategy, Risk Assessments and more.
Our Services:
- Black Box Penetration Testing: Full-spectrum, black and white box penetration testing of your systems, networks and applications to find vulnerabilities an attacker could exploit.
- Red-Team Security Testing: Our red-team engagements test resilience to real-world cyber-attacks targeting Fortune 500 companies based on the TIBER-EU framework.
- SOC2 Penetration Testing: Our Black Box Penetration Testing services uncovers hidden vulnerabilities and help achieve SOC 2, PCI, HIPAA, and ISO 27001 compliance.
- Cloud Security Assessment: We offer expert cloud security assessments for AWS, GCP, and Azure, ensuring businesses safeguard their digital assets.
- Application Security: Our team of AppSec experts has you covered for all your needs – from security assessments and design reviews to application security training.
- Third-Party Risk Management: We provide third-party risk management services for businesses, assessing security, supply chain continuity, and compliance to mitigate potential risks.
With thousands of successful Penetration Testing and Red-Team Security Testing for more than 100 happy clients, you're in the right hands.