Sample of assets impacted by NGINX nginx-poolslip vulnerability, identified by the CyCognito Platform.

When Kuwait launched the WAMD real-time payment rail in 2024, the goal was clear: Enable banks and financial institutions to add speed, convenience and resilience to the country’s national payment infrastructure. Facilitated by the KNET Payment Gateway under the supervision of the Central Bank of Kuwait (CBK), the service has become such a key part of the country’s digital banking ecosystem that the CBK is making it crystal clear that real-time must also mean reliable.

AI Pentesting is having a moment. Well, several moments, actually. Every other week, another vendor announces something, or another LLM-driven pentesting tool tops some benchmark on a target nobody's heard of, another deck claims a new "gold standard" being disrupted, at long last... It's been busy.

AI inherits the access permissions that accumulated quietly in organizations for years. Frontier models eliminate the obscurity that once limited what attackers, and even employees, could reach. Sensitive data, stale service accounts, and unreviewed permissions now surface in seconds. Governing identity and access before connecting AI determines whether frontier models become a force multiplier or a compounding risk.

Network security is operationally complex. It involves constant triage, approvals, and monitoring, spread across a range of tools, teams, and environments. Traditionally, this requires teams to do a significant amount of time-consuming, repetitive, and draining manual work, resulting in a longer MTTR and leaving many practitioners overwhelmed and burnt out. The problem isn’t in the tools they use – it’s in the work that happens between tools.

In March 2026, researchers began linking a series of software supply-chain compromises to Replicating Marauder, the BlueVoyant Threat Fusion Cell (TFC) primary identifier for the actor publicly tracked elsewhere as TeamPCP. What made the campaign stand out was that trusted software was poisoned and one compromise repeatedly appeared to enable the next by exposing credentials, release paths, or Continuous Integration and Continuous Delivery or Deployment (CI/CD) trust relationships.

Imagine this: your security team has done everything right. All development teams are using a centrally managed artifact repository with scanning in place. Your engineering organization has clear policies about where packages can come from. You feel good about your software supply chain posture. Then an incident review surfaces something nobody planned for: a compromised npm package entered your environment.

NGINX administrators are facing back-to-back emergency patch cycles. Within days of each other, two critical heap buffer overflow vulnerabilities were disclosed in the same NGINX component, both capable of crashing worker processes and enabling remote code execution on systems without ASLR. If your organization runs NGINX in any capacity, these need immediate attention.