soc

CVE-2026-20253: CISA Warns of Actively Exploited Splunk Enterprise RCE Splunk Enterprise admins should prioritize patching CVE-2026-20253, a critical vulnerability that allows a network-reachable, unauthenticated attacker to create or truncate arbitrary files on the Splunk server. Under certain conditions, this can be chained into remote code execution (RCE), making exposure the main risk driver. CISA has […]

F5 has released out-of-band security updates to address multiple NGINX Vulnerabilities, including CVE-2026-42530, a critical issue in the ngx_http_v3_module that can be exploited by a remote, unauthenticated attacker. The flaw is a use-after-free condition in NGINX’s HTTP/3 implementation that can cause worker-process restarts and denial of service, and in environments where ASLR is disabled or […]

FortiBleed: Everything You Need to Know This is a developing story. Figures and findings are updated as the investigation continues. 1. What is FortiBleed? FortiBleed is an active, large-scale credential theft campaign targeting internet-exposed Fortinet FortiGate firewalls and SSL VPN gateways. The same threat actor has also been observed targeting FortiWeb and MSSQL services as […]

CVE-2026-42530 & CVE-2026-42055: F5 Patches NGINX Vulnerabilities F5 has released out-of-band security updates for two NGINX vulnerabilities that can affect exposed web infrastructure: CVE-2026-42530 and CVE-2026-42055. The first issue affects NGINX’s HTTP/3 QUIC handling. The second affects specific HTTP/2 and gRPC proxying configurations. Both can be triggered remotely and may cause NGINX worker processes to […]