Tag: informationsecurity

Week 27 – Impact Zone: RoguePlanet Crashes into Microsoft Defender

29 June – 05 July 2026 One of the most discussed security issues in weeks is CVE-2026-50656, also known as RoguePlanet, an Elevation of Privilege (EoP) vulnerability affecting the Microsoft Malware Protection Engine used by Microsoft Defender. It was eventually assigned a CVE ID, so 

Week 26 – Today’s offer: SSRF with root access

22 – 28 June 2026 In this week’s CVE of The Week, we’ll be looking at a newly exploited, high-severity server-side request forgery (SSRF) vulnerability, in Cisco Unified Communications Manager Server. Tracked as CVE-2026-20230 (CVSS score: 8.6), is a case of improper input validation for 

Week 25 – Caught in the Web: ShinyHunters Spins a MeshCentral Trap for PeopleSoft

15 – 21 June 2026 Critical vulnerability has been found with the CVSS score of 9.8 in CVE-2026-35273. Our CVE of the Week is about PeopleSoft which is a comprehensive Enterprise Resource Planning (ERP) software suite owned by Oracle Corporation. PeopleSoft helps large organizations manage 

Week 24 – The Gateway That Let Attackers In

08 – 14 June 2026 This week’s CVE of the Week highlights an unauthenticated remote code execution vulnerability in Ivanti Sentry, CVE-2026-10520. Ivanti Sentry is an in-line gateway that manages, encrypts, and secures traffic between the mobile device and back-end enterprise systems. It’s a security 

Week 23 – Exchange Servers at Risk: Active Exploitation

01 – 07 June 2026 A newly discovered vulnerability in Microsoft Exchange is currently being actively exploited by attackers. The issue, identified as CVE-2026-42897, this week’s CVE of the Week, affects the Outlook Web Access (OWA) component and is caused by improper input validation, leading 

Week 22 – Click here to fix!

25 – 31 May 2026 CVE-2026-26980 is a critical SQL Injection vulnerability affecting Ghost CMS, a popular Node.js-based content management platform. In this week’s CVE of the Week we’ll be looking at CVE-2026-26980 critical vulnerability with a CVSS score of 9.4. The flaw allows unauthenticated 

Week 21 – Cisco SD-WAN: Peers Only… Or Not

Cisco Catalyst SD-WAN Controller has maximum severity flaw, attacker could log in as internal, high-prilvileged. non-root user.

Week 20 – Windows Netlogon spill

11 – 17 May 2026 This week’s spotlight is on CVE‑2026‑41089, a critical stack‑based buffer overflow in the Windows Netlogon service that allows remote, unauthenticated code execution on domain controllers. The issue stems from a stack‑based buffer overflow triggered during the processing of specific Netlogon 

Week 19 – Shield Down: Critical PAN-OS Flaw Exposed

04 – 10 May 2026 Our CVE of the Week is about PAN-OS, which is the specialized operating system that powers all Palo Alto Networks next-generation firewalls (physical, virtual, and cloud). It provides complete visibility and control over network traffic by identifying users, applications, and 

Week 18 – Behind the Mask: SharePoint Spoofing in the Wild

27 Apr – 03 May 2026 In this week’s CVE of the Week we’ll be looking CVE-2025-32201, a spoofing vulnerability in Microsoft SharePoint Server caused by improper input validation, with a CVSS score of 6.5 It allows a remote, unauthenticated attacker to impersonate trusted users