Quick Summary This report covers the following active vulnerabilities: Ghost CMS – CVE-2026-26980: SQL injection, mass exploitation of 700+ websites KnowledgeDeliver LMS – CVE-2026-5426: ViewState … Read More
Threat Intelligence Brief — May 25, 2026 Coverage: May 24–25, 2026 Previous reports: May 23, 2026 | May 22, 2026 | May 21, 2026 New … Read More
Threat Intelligence Brief — May 23, 2026 Coverage: May 22–23, 2026 | New CVEs this report: 7 | New supply chain incidents: 2 Previous reports: … Read More
Threat Intelligence Brief — May 22, 2026 Coverage: May 21-22, 2026 | New CVEs this report: 9 | Updated entries from previous report: 3 Previous … Read More
🔴 CVE-2026-41091 — Microsoft Defender Privilege Escalation (Actively Exploited) CVE CVE-2026-41091 | CVSS 7.8 HIGH | CWE-59 | CISA KEV — Due 2026-06-03 Fixable? ✅ … Read More
One thing I often miss in security is to see the relationship between the security program x business and the security program x IT. Currently, … Read More
I think we need to think more specifically and explicitly about security program maturity and effectiveness. So how does that work? This diagram highlights the … Read More
We’ve updated the CISO Security Mind Map for 2026, continuing in the yearly updates since 2023. Here it is (click to magnify): The top challenges … Read More
This article discusses the OWASP Top 10 2025 update. There’s a hard truth that usually shows up after a few years of production work, or … Read More
In this article we look at the CIS Critical Security Controls (CIS controls), and how they can help to provide security focus for your company … Read More
