soc

Progress ShareFile Flaws CVE-2026-2699 & CVE-2026-2701 RCE A newly disclosed Progress ShareFile pre-auth RCE chain is drawing attention after researchers showed how CVE-2026-2699 and CVE-2026-2701 can be combined to compromise exposed Storage Zones Controller 5.x servers. The issue affects customer-managed ShareFile deployments that rely on the older 5.x branch, not every ShareFile environment. watchTowr publicly […]

CVE-2026-20093: Critical Cisco IMC Flaw Allows Unauthenticated Admin Access to UCS Servers CVE-2026-20093, is an authentication bypass flaw found in the change password functionality of Cisco Integrated Management Controller (IMC). It could allow an unauthenticated, remote attacker to bypass authentication mechanisms and gain unauthorized access to the system with Administrator privileges. What Is CVE-2026-20093? CVE-2026-20093 […]

CVE-2026-5281: Chrome WebGPU Zero-Day Exploited In The Wild Google patched CVE-2026-5281, a high-severity use-after-free (CWE-416) vulnerability in Dawn, Chromium’s WebGPU implementation. The company has confirmed exploitation in the wild, and CISA added it to the Known Exploited Vulnerabilities (KEV) catalog with a remediation deadline for federal agencies. This post breaks down what CVE-2026-5281 is, who […]

BLACKNET-00: The Ransomware-as-a-Service Platform That Weaponizes Mediocrity How a Custom Ransomware Builder Collapses the Technical Barrier Between Script Kiddies and Enterprise-Grade Ransomware Operations Executive Summary A threat actor named Infrastructure Destruction Squad announced BLACKNET-00 via Telegram, a fully GUI-driven ransomware builder that requires zero programming knowledge to operate. Featuring layered encryption (AES-256, RSA, ChaCha20), a […]

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.  CVE-2026-3502 TrueConf Client Download of Code Without Integrity Check Vulnerability  This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.  Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited […]