A single syscall escapes the browser sandbox and lands SYSTEM. CVE-2026-40369 is patched. The public exploit code is everywhere.Atarus Security TeamMay 270 min read
We get past MFA on most engagements, and we almost never break it. Here is how, and what actually stops us.
Researchers caught a low-skilled attacker using AI agents to breach 14 companies. The uncomfortable part is that the AI mostly weaponized bugs you already have a patch for.
Five days, ten exploited bugs, almost none of them touched a core app. A week attackers spent walking in through everything else.
Comments