| Website | https://www.crowdsec.net/ |
| GitHub | https://github.com/crowdsecurity/crowdsec |
| Discord | https://www.discord.gg/crowdsec |
| https://www.linkedin.com/company/53443483 |
🚨 In this week’s newsletter, we cover CVE-2026-20253, a critical authentication bypass vulnerability in Splunk Enterprise and Splunk Cloud Platform now in early exploitation.
We break down how attackers can abuse an unauthenticated PostgreSQL sidecar service endpoint to perform unauthorized file operations and what defenders should do next.
Read the full analysis and protect your systems 👉 https://www.crowdsec.net/vulntracking-report/cve-2026-20253-splunk-authentication-bypass
Not every CVE deserves the same level of attention.
The real question is: which ones are attackers actually exploiting?
Our latest report looks at real-world exploitation patterns 👇
https://www.crowdsec.net/vulnerability-exploitation-report
CVSS tells you what could happen.
Live exploitation tells you what is happening.
That's the thinking behind CISA's new BOD 26-04—and why exploitation intelligence matters more than ever.
https://www.crowdsec.net/blog/cisa-bod-26-04-live-exploit-tracker
🚨 In this week’s newsletter, we cover CVE-2026-10520, a critical pre-authentication OS command injection vulnerability in Ivanti Sentry now under active exploitation. We break down how attackers can achieve root-level remote code execution without valid credentials and what defenders should do next.
Read the full analysis and protect your systems 👉 https://www.crowdsec.net/vulntracking-report/cve-2026-10520-ivanti-sentry-os-command-injection
OWASP CRS is powerful.
But static rules alone can’t keep up with evolving attacks.
Combine it with CrowdSec’s real-time threat intelligence for stronger protection 👇
https://www.crowdsec.net/blog/protecting-your-web-applications-with-owasp-crs-and-crowdsec
🚨 In this week’s newsletter, we cover CVE-2026-8181, a critical authentication bypass vulnerability in the WordPress Burst Statistics plugin now under active exploitation.
We break down how attackers can obtain administrative privileges without valid credentials and what defenders should do next.
Read the full analysis and protect your systems 👉 https://www.crowdsec.net/vulntracking-report/cve-2026-8181-wordpress-burst-statistics-authentication-bypass
đź‘€ What's being cooked at CrowdSec?
Your WAF already knows *what* requests are doing.
What if it could also help answer *who* is behind them?
More soon!
⚠️ CVE tells you a vulnerability exists.
CVSS tells you its theoretical severity.
KEV tells you it has already been exploited.
But what tells you what's being exploited right now?
Our latest report explores the missing link: real-world exploitation telemetry.
đź“Ą https://www.crowdsec.net/vulnerability-exploitation-report
🔍 A suspicious IP alone doesn’t tell you much.
The context around it does.
Attack history, targeted services, observed behaviors, confidence signals — that’s what helps analysts decide what actually matters.
Try investigating your latest suspicious IP 👇
https://app.crowdsec.net/cti
🚨 In this week’s newsletter, we cover CVE-2026-9082, a Drupal JSON: API SQL injection vulnerability now under active exploitation.
We break down how attackers are targeting exposed /jsonapi/ endpoints and what defenders should do next.
Read the full analysis and protect your systems 👉 https://www.crowdsec.net/vulntracking-report/cve-2026-9082-drupal-jsonapi-sql-injection
