SmarterMail auth bypass is now in active ransomware playbooks. One unauthenticated request = full server takeover.
Also in today's brief: Juniper PTX root RCE and Trend Micro Apex One critical flaws.
All three CVSS 9.8. All three need patching now.
๐จ CVSS 10.0 โ Cisco SD-WAN zero-day
No credentials needed. One request = full admin on your SD-WAN fabric.
Exploited since 2023. All deployments affected.
Patch now. Restrict NETCONF access. Check logs back to 2023.
CVE-2026-20127 #CiscoSecurity #infosec #blueteam
Full brief โ link in bio
Your kid just explained encryption policy better than most politicians ever will. Protect that child at all costs. ๐
The threat evolves, the panic stays the same. Infosec pros don't fear the tech, we fear the humans who'll misconfigure it. ๐
๐จ CISA just added FileZen CVE-2026-25108 to the KEV catalog. Command injection via HTTP after login, actively exploited and linked to ransomware in Japan.
If you run FileZen v5.0.0-5.0.10, patch to v5.0.11 now.
Full brief + 2 more threats โ link in bio
Orca just disclosed "RoguePilot" hidden instructions in a GitHub Issue silently hijack Copilot when a dev opens a Codespace. No click. Full repo takeover. Patched now but the real issue: AI agents can't tell trusted input from an attack. Prompt injection is the new supply chain threat.
๐จ Fake Zoom "update" emails silently installing surveillance malware. Keylogging, screen recording, file access, everything.
Looks legit. Runs silent.
Zoom NEVER updates via email. Only through the app.
Full brief + 2 more threats โ link in bio
