Security Feed
Curated advisories, threat briefs & field intel — attributed, dated & severity-tagged. Kept deliberately separate from my own writing.
1. Executive summary Oracle's June 2026 Critical Security Patch Update (CSPU) addresses 243 CVEs across 245 patches in 11 product families, with
1. Executive summary ESET has disclosed a portfolio of EDR-killer tools used by the ransomware-as-a-service (RaaS) operation "Gentlemen,"
1. Executive summary Microsoft Threat Intelligence has documented a Windows-based cryptocurrency clipper ("CryptoBandits") active since February 2026 that propagates via malicious
1. Executive summary A path traversal vulnerability (CVE-2026-55201, High severity, status: Unreviewed) has been disclosed in Evil-WinRM through version 3.9,
1. Executive summary A threat actor has compiled a verified database of working credentials for approximately 75,000 Fortinet / FortiGate firewall devices spanning 21,
1. Executive summary A data leak dubbed "FortiBleed" has exposed what appears to be a collection of Fortinet and FortiGate VPN credentials
1. Executive summary F5 has released out-of-band security updates addressing multiple vulnerabilities in NGINX, NGINX Plus, and NGINX Gateway Fabric. The two
1. Executive summary A server-side request forgery (SSRF) vulnerability exists in Open WebUI's OAuth profile-picture handling that allows an attacker
1. Executive summary Cisco has amended its February 2026 advisory for CVE-2026-20127 (CVSS 10.0, improper authentication) to add Cisco Catalyst SD-
1. Executive summary DragonForce ransomware operators have been observed deploying a custom Go-based remote access trojan (RAT) dubbed Backdoor.Turn that tunnels command-
1. Executive summary A multi-stage malware campaign delivers the Remcos remote access trojan (RAT) to Windows endpoints via a malicious ZIP archive containing
1. Executive summary Unit 42 has disclosed a vulnerability in the Google Cloud Vertex AI Python SDK (google-cloud-aiplatform) that allows an attacker