What's new in Cybrove
We ship improvements every week. Here's what's changed.
March 2026
App Security Scanner — Vibe Code Detection
Introducing the App Security Scanner, a new module purpose-built for modern web apps. Detects missing rate limiting, exposed frontend secrets, weak cookie security, CORS misconfigurations, and more.
Security Score Engine v2
The security score now includes a 5th factor: monitoring coverage. Assets that haven't been scanned recently will see a small score impact, encouraging regular scanning.
GitHub Scanning — Push-triggered scans
GitHub scanning now supports webhook-triggered scans on every push. Catch leaked secrets and vulnerable dependencies before they reach production.
Compliance reporting for ISO 27001
Added ISO 27001 Annex A control mapping alongside the existing SOC 2 support. Generate audit-ready PDF reports for both frameworks.
Scan comparison duplicate fix
Fixed an issue where the scan comparison view could show the same finding as both 'new' and 'unchanged' if the finding title changed slightly between scans.
Attack path blast radius visualization
The attack path module now shows blast radius analysis for any compromised asset. See how far an attacker could spread from a single entry point.
Free Domain Security Score
Anyone can now check their domain's security score for free on the homepage. No signup required. Checks SSL, headers, DNS, cookies, and technology stack.
February 2026
Phishing template library expansion
Added 4 new phishing templates: DocuSign signature request, Slack workspace notification, GitHub security alert, and package delivery notice.
Session fixation vulnerability patched
Fixed a session fixation vulnerability in the password reset flow. All existing reset tokens have been invalidated.
Network Security — Internal agent
Deploy a lightweight Cybrove agent inside your network to scan internal systems. Supports Docker and binary deployment.