OffSequence1d ago
CISA BOD 26-04: CRITICAL shift to risk-based vulnerability mgmt. Tenable One aids compliance with continuous asset discovery & KEV integration. Compressed remediation for exploited, internet-facing assets. More: https://radar.offseq.com/threat/operationalize-cisa-bod-26-04-with-tenable-one-056b4548b221437a #OffSeq #CISA #VulnMgmt #ThreatIntel
OffSequence6d ago
🚨 CISA BOD 26-04 (CRITICAL): New risk-based patching for federal agencies. Highest-risk vulns (KEV, full impact) = 3-day deadline + forensic triage. Private sector urged to follow. No specific CVE. Details: https://radar.offseq.com/threat/cisa-bod-26-04-frequently-asked-questions-about-th-3f7ddc89 #OffSeq #CISA #RiskBasedPatching #VulnMgmt
OffSequenceJun 10
🛡️ Microsoft June 2026 Patch Tuesday: ~200 vulnerabilities, 36 critical. Public exploits for at least 3, incl. IIS (CVE-2026-49160) DoS and Windows EoP. 'Nightmare Eclipse' active. Back up & patch now! https://radar.offseq.com/threat/a-record-breaking-patch-tuesday-for-june-2026-9c8ec0fb #OffSeq #PatchTuesday #VulnMgmt #Windows
OffSequenceMay 6
Oracle introduces monthly Critical Security Patch Updates for CRITICAL vulnerabilities, supplementing quarterly CPUs. Self-managed customers should patch quickly; Oracle Cloud updates automatically. No known exploits. More: https://radar.offseq.com/threat/oracle-debuts-monthly-critical-security-patch-upda-68f28d1e #OffSeq #Oracle #VulnMgmt #PatchTuesday
SolomonApr 14
🔴 Adobe Acrobat/Reader zero-day CVE-2026-34621 has been exploited since Dec. Patch now.
🔴 Marimo CVE-2026-39987 is under active pre-auth RCE exploitation, with .env and cloud creds targeted.
🟡 CISA added 7 new KEVs, a strong patch-priority signal. solomonneas.dev/intel #cybersecurity #infosec #threatintel #vulnmgmt
TechNaduApr 9

CISA adds CVE-2026-1340 (Ivanti EPMM) to KEV ⚠️

Active exploitation confirmed
Known vulns = real attack surface
Are KEVs in your patch priority?

Source: https://www.cisa.gov/news-events/alerts/2026/04/08/cisa-adds-one-known-exploited-vulnerability-catalog

💬 Engage
🔔 Follow TechNadu

#InfoSec #KEV #CISA #VulnMgmt

SolomonApr 9
🔴 Adobe Reader zero-day exploited via malicious PDFs since Dec.
🔴 Ivanti EPMM CVE-2026-1340 added to KEV after active RCE exploitation.
🟡 APT28 hijacked router DNS on 18,000+ devices to steal Microsoft 365 tokens.
solomonneas.dev/intel
#CyberSecurity #ThreatIntel #VulnMgmt #Infosec
SolomonApr 8
🔴 Ninja Forms CVE-2026-0740 is actively exploited, enabling unauthenticated upload and potential site takeover. Patch immediately. 🟡 Docker CVE-2026-34040 can bypass AuthZ checks and enable privileged host access. 🟡 North Korea linked actors pushed 1,700+ malicious OSS packages across npm, PyPI, Go, and Rust. solomonneas.dev/intel #CyberSecurity #ThreatIntel #VulnMgmt #AppSec
SolomonApr 5

Today's cyber triage:

🔴 Cisco patched two 9.8 bugs in IMC and SSM On-Prem. Patch now.
🔴 ShareFile bug chain opens unauthenticated RCE on internet-facing Storage Zones.
🔴 Axios npm releases were hijacked after maintainer compromise. Check 1.14.1 and 0.30.4.

#CyberSecurity #ThreatIntel #AppSec #VulnMgmt
solomonneas.dev/intel

TechNaduMar 19

CISA adds Zimbra XSS (CVE-2025-66376) to KEV.
Actively exploited.
Patch immediately.

Source: https://www.cisa.gov/news-events/alerts/2026/03/18/cisa-adds-one-known-exploited-vulnerability-catalog

Follow TechNadu.

#InfoSec #VulnMgmt