Weekly Advisories

Emergent Threat Intelligence

What's actively being exploited right now, how it works, and exactly what to do about it.

2026-07-11 CISA KEV

Your Contact Form Just Became a Backdoor

Every web form with a file upload field is a potential entry point. This is not a theoretical concern. It is the fundamental design flaw that attackers exploit over and over: the a

2026-06-30 CISA KEV

CVE-2024-21762: Critical Fortinet FortiOS Out-of-Bounds Write Under Active Exploitation by Ransomware Operators

A critical out-of-bounds write vulnerability in Fortinet FortiOS and FortiProxy is being actively exploited in the wild. CVE-2024-21762 allows unauthenticated remote attackers to e

2026-06-22 CISA KEV

Critical Oracle PeopleSoft Authentication Bypass Under Active Exploitation by Ransomware Operators

A critical missing authentication vulnerability in Oracle PeopleSoft Enterprise PeopleTools (CVE-2026-35273) is under active exploitation. The flaw allows unauthenticated remote at

2026-06-20

CVE-2026-41089: Critical Vulnerability Requires Immediate Attention

CVE-2026-41089 is a vulnerability that has been assigned a CVE identifier, but at the time of this writing, detailed technical information, affected product specifics, and exploita

2026-06-20 CISA KEV

CVE-2026-50751: Critical Check Point VPN Authentication Bypass Under Active Exploitation

A critical authentication bypass vulnerability in Check Point Security Gateways is under active exploitation. CVE-2026-50751 affects the Remote Access VPN and Mobile Access feature

2026-06-15 CISA KEV

Microsoft Defender Link Following Vulnerability Enables Local Privilege Escalation — Active Exploitation Confirmed

A local privilege escalation vulnerability in Microsoft Defender's Malware Protection Engine is under active exploitation. CVE-2026-41091 exploits improper symbolic link resolution

2026-06-08 CISA KEV

CVE-2023-23397: Zero-Click Outlook Vulnerability Enables Network Credential Theft Without User Interaction

CVE-2023-23397 is a critical privilege escalation vulnerability in Microsoft Outlook for Windows that allows attackers to steal NTLM authentication hashes without any user interact

2026-06-03 Patch Tuesday

June 2026 Patch Tuesday Analysis

Microsoft's June 2026 Patch Tuesday release contains no security patches. This is an exceptionally rare occurrence; months with zero patches are nearly unheard of in the modern era

2026-06-01 CISA KEV

VMware Aria Operations and Tools Privilege Escalation Now Exploited in the Wild: Root Access from Any Local User

A local privilege escalation vulnerability in VMware Aria Operations and VMware Tools is under active exploitation. CVE-2025-41244 allows any non-administrative user with local acc

2026-05-15 CISA KEV

Linux Kernel algif_aead Privilege Escalation Now Actively Exploited: Patch Immediately

A local privilege escalation vulnerability in the Linux kernel's cryptographic subsystem (algif_aead) is now under active exploitation. CVE-2026-31431 stems from an incorrect resou

2026-05-10

Dirty Frag: Linux Kernel ESP Decryption Flaw Enables Local Privilege Escalation to Root

A critical vulnerability in the Linux kernel's ESP (Encapsulating Security Payload) handling allows local attackers to escalate privileges to root. Tracked as CVE-2026-43284, the f

2026-05-03 CISA KEV

Your Firewall Is Part of Your Attack Surface

Three actively exploited Fortinet CVEs show why firewalls and VPN appliances are high-value targets, not just protective controls. A CVSS score does not tell you whether your perimeter device is already being scanned for exploitation.

2026-05-02 CISA KEV

The Nginx Management Interface Problem: Two Actively Exploited CVEs Enable Full Server Takeover

Two critical vulnerabilities in nginx-ui chain together for complete unauthenticated server takeover. Attackers are not going after nginx — they are going after the management tooling organizations layer on top of it.

2026-05-02

NGINX TLS Session Ticket Key Reuse Allows Client Certificate Authentication Bypass

CVE-2025-23419 is a vulnerability in F5 NGINX that allows attackers to bypass client certificate authentication when TLS session tickets are enabled across multiple virtual servers

2026-05-02 CISA KEV

Dirty COW (CVE-2016-5195): The Linux Kernel Race Condition That Refuses to Die

CVE-2016-5195, widely known as "Dirty COW," is a race condition vulnerability in the Linux kernel's memory subsystem that allows local privilege escalation to root. The flaw exists