Blog

Daily notes on AI, testing, and building software.

April 21, 2026Test Automation
Agentic Testing Is Here: How AI Coding Agents Are Rewriting the QA Playbook in 2026
Claude Code, OpenAI's Codex agent, and a wave of agentic AI tools can now autonomously clone repos, run test suites, fix failing CI pipelines, and open pull requests — without a human in the loop. For QA professionals,…
April 21, 2026Test Automation
From Suggestions to Action: How Agentic AI Is Rewriting the Rules of Automated Testing
The testing industry is undergoing a fundamental shift: AI is no longer just suggesting what tests to write — it's autonomously running them, healing broken selectors, generating new cases, and filing bug reports…
April 21, 2026Vulnerability Analysis
CVE-2026-40477: Thymeleaf SSTI Security Bypass — What It Is & How to Fix It
CVE-2026-40477 is a critical Server-Side Template Injection (SSTI) security bypass in Thymeleaf, the popular Java server-side template engine widely used in Spring Boot applications. Due to an improper restriction of…
April 20, 2026Vulnerability Analysis
CVE-2026-1340: Ivanti EPMM Unauthenticated RCE — What It Is & How to Fix It
CVE-2026-1340 is a critical code injection vulnerability in Ivanti Endpoint Manager Mobile (EPMM) that allows unauthenticated remote attackers to execute arbitrary OS commands on affected appliances — no credentials…
April 20, 2026Vulnerability Analysis
CVE-2026-40572: NovumOS Kernel Privilege Escalation via Unchecked MemoryMapRange Syscall
CVE-2026-40572 is a critical local privilege escalation vulnerability in NovumOS (a 32-bit custom operating system) that allows any user-mode process to gain full kernel-level code execution by exploiting an unchecked…
April 20, 2026Vulnerability Analysis
RedSun: Unpatched Windows Defender Zero-Day Grants SYSTEM Privileges via Junction Point Abuse
RedSun is an actively exploited, currently unpatched Windows Defender local privilege escalation (LPE) zero-day, publicly released on April 16, 2026 by a security researcher known as "Chaotic Eclipse." The vulnerability…
April 20, 2026Vulnerability Analysis | Mitigation Guide | Security Testing
CVE-2026-26030: Critical RCE in Microsoft Semantic Kernel Python SDK — What It Is & How to Fix It
CVE-2026-26030 is a critical (CVSS 10.0) remote code execution vulnerability in Microsoft's Semantic Kernel Python SDK, the AI orchestration framework used by thousands of applications to power Retrieval-Augmented…
April 20, 2026Vulnerability Analysis
CVE-2026-40478: Thymeleaf SSTI Sandbox Bypass — What It Is & How to Fix It
CVE-2026-40478 is a critical Server-Side Template Injection (SSTI) vulnerability in Thymeleaf — the most widely-used Java template engine in the Spring Boot ecosystem — affecting all versions through 3.1.3.RELEASE. A…
April 20, 2026Vulnerability Analysis
CVE-2026-33825 (BlueHammer): Windows Defender TOCTOU Zero-Day & How to Fix It
CVE-2026-33825, dubbed BlueHammer, is a local privilege escalation (LPE) zero-day in Microsoft Defender's threat remediation engine, publicly disclosed on April 7, 2026 alongside a working proof-of-concept exploit…
April 20, 2026Vulnerability Analysis | Mitigation Guide | Security Testing | Patch Management
CVE-2026-5281: Chrome's Fourth Zero-Day of 2026 — WebGPU Use-After-Free Under Active Exploitation
CVE-2026-5281 is a use-after-free vulnerability in Dawn, Google Chrome's cross-platform WebGPU implementation, that has been confirmed exploited in the wild and added to CISA's Known Exploited Vulnerabilities (KEV)…

Latest from the blog