|
By Adam King
For organisations considering a penetration test, one of the first questions is often how much it will cost. While this is a reasonable question, the answer is usually not so straightforward. Like many technology products and services, penetration testing is not a commodity. The scope, complexity, and objectives of each assessment can vary which means pricing can vary just as widely.
|
By Tim Reed
In May 2026, Redis disclosed a high severity memory safety vulnerability tracked as CVE-2026-23479. The issue affects the Redis server, a widely deployed in memory data structure store used for caching, messaging, and real time analytics across cloud and on premises environments. The vulnerability exists in the client unblocking logic and may allow an authenticated attacker to achieve remote code execution under specific conditions.
|
By Theklis Stefani
In May 2026, the Drupal Security Team disclosed a critical SQL injection vulnerability affecting Drupal core. The issue, tracked as CVE-2026-9082, affects Drupal installations using PostgreSQL and has been assigned a Drupal security risk rating of 23/25. The vulnerability can be exploited by anonymous users, and Drupal has confirmed that exploit attempts are being detected in the wild.
|
By Adam King
AI-assisted development tools are changing how software is built. From code generation and automated testing to rapid prototyping and full-stack application scaffolding, Large Language Models (LLMs) are increasingly being used to accelerate software delivery across startups, SaaS providers, and engineering teams. In many cases, these tools are delivering genuine operational value.
|
By Adam King
As organisations continue integrating AI capabilities into customer-facing applications, internal tooling, and operational workflows, the security implications of these systems are becoming increasingly important. Large Language Models (LLMs), AI assistants, and automated decision-making features are now appearing across SaaS platforms, support systems, and enterprise applications, often connected directly to sensitive data and business processes.
|
By Tom Keech
A critical vulnerability (CVE-2026-7482), dubbed “Bleeding Llama”, has been disclosed in Ollama, a widely used open-source framework for running large language models (LLMs) locally. With a CVSS v3.1 score of 9.1, the issue is classified as Critical and affects versions prior to 0.17.1. The vulnerability exposes organisations using self-hosted AI infrastructure to significant information disclosure risks.
|
By Adam King
Understanding the difference between penetration testing and vulnerability assessment is an important part of building an effective security programme. While the terms are often used interchangeably, they serve distinct purposes and provide different types of insight into an organisation’s risk profile. For technology-led organisations, particularly those operating complex SaaS platforms or cloud environments, both approaches have a role to play.
|
By Phil Condon
In late April 2026, a critical authentication bypass vulnerability was disclosed in cPanel and WHM, tracked as CVE-2026-41940. The issue affects the login flow of these widely deployed hosting control panels and allows a remote, unauthenticated attacker to gain administrative access. Given the prevalence of cPanel across shared and dedicated hosting environments, the vulnerability represents a significant management plane risk.
|
By James Drew
Microsoft has released an emergency out of band update for.NET to address a critical security vulnerability affecting ASP.NET Core applications. The issue, tracked as CVE-2026-40372, relates to improper verification of cryptographic signatures within the ASP.NET Core Data Protection framework. The vulnerability was introduced as a regression in earlier.NET 10 releases and has prompted the release of.NET 10.0.7 to mitigate risk.
|
By Theklis Stefani
In April 2026, Microsoft disclosed and patched a critical remote code execution vulnerability affecting the Windows Internet Key Exchange Service Extensions. Tracked as CVE-2026-33824, the issue was addressed as part of Microsoft’s April 2026 Patch Tuesday release. The affected component forms part of the Windows IPsec and IKEv2 stack, which is widely used to provide secure network connectivity.
- June 2026 (2)
- May 2026 (6)
- April 2026 (3)
- March 2026 (6)
- February 2026 (7)
- January 2026 (5)
- December 2025 (6)
- November 2025 (4)
- October 2025 (3)
- September 2025 (2)
- May 2024 (1)
- April 2024 (3)
- March 2024 (2)
- February 2024 (3)
- January 2024 (2)
- November 2023 (1)
- June 2023 (1)
- November 2022 (1)
- October 2022 (1)
- July 2022 (1)
- June 2022 (1)
- January 2022 (1)
- November 2021 (2)
- October 2021 (3)
- September 2021 (2)
- July 2021 (1)
- June 2021 (2)
- May 2021 (2)
- April 2021 (1)
- January 2021 (1)
Sentrium is a CREST-Approved cyber security consultancy, powered by a combination of extensive business and technical expertise that provides you with the services you need to reduce your risk.
We are committed to global cyber security advancement, equipping businesses around the world with the awareness of their technical environment so they can be secure in the ever-changing threat landscape.
Our transparent, consultative approach reaches further into your organisation’s security posture to achieve impactful, valuable results.
- Application: Protect sensitive information stored in your web and mobile applications by meticulously identifying vulnerabilities and recommending remediations before they can be exploited.
- Cloud: Alleviate risks to your cloud security controls with rigorous analysis, assessment and recommendations that ensure the security of your cloud environment.
- Infrastructure: Methodically target your technology’s security controls to uncover weaknesses in your technical environment and secure your network’s infrastructure.
Securing your technology, information and people.