| Website | caitlincondon.com |
After 2+ weeks of semi-painful exploit development, @yeslikethefood and team have a full RCA out for Cisco Secure Firewall Management Center (FMC) CVE-2026-20079.
The bug is a CVSS 10, but there are significant prerequisites that may limit exploitability in real-world scenarios. There are between 300 and 700 FMC systems on the public internet as of today.
https://www.vulncheck.com/blog/cisco-fmc-auth-bypass-cve-2026-20079
I'm terrible at social media these days, but our research team put out a pretty neat report on #EOL network edge devices, who's exploiting them, and why they get missed sometimes in more "enterprise"-focused threat intel lists.
Full report via VulnCheck researcher Patrick Garrity: https://wwv.vulncheck.com/2026-network-edge-device-report
A ton of new research out today from the VulnCheck crew 📈
We just released our 2026 Exploit Intelligence Report, which has in-depth analysis of the public exploit ecosystem, various critical CVE timelines, threat actor and botnet deep dives, and plenty more!
https://wwv.vulncheck.com/2026-vulncheck-exploit-intelligence-report
...but what I expect most folks will focus on (because everyone loves a list) is our new annual list of Routinely Targeted Vulnerabilities, which we're releasing to the public along with select metadata here: https://www.vulncheck.com/2025-routinely-targeted-vulnerabilities
We're also doing a webcast on the windfall of recent research from our team TODAY! https://wwv.vulncheck.com/in-the-wild-with-vulncheck-webinar-series
Our team wrote about in-the-wild exploitation of React Metro Server CVE-2025-11953, which VulnCheck's Canary Intelligence network detected for the first time in December 2025.
VulnCheck observed in-the-wild exploitation of CVE-2025-11953 targeting exposed React Native Metro servers shortly after public disclosure. Analysis of repeated attacks shows consistent, operational payload delivery rather than opportunistic scanning. This post examines how the vulnerability was exploited and why early exploitation visibility matters for defenders.
The VulnCheck research team found an unauth RCE vuln in SmarterMail that at least three other researchers discovered independently. VulnCheck canaries are also detecting in-the-wild exploitation of CVE-2026-24423. Lots of sudden attention on this software from researchers and adversaries.
https://www.vulncheck.com/blog/smartermail-connecttohub-rce-cve-2026-24423
A friend sent me this Covid Policy Statement (from a church in Vancouver, Canada) and I feel so seen that I'm in tears. It's well written and relatively comprehensive. It is also an astonishing example of care and compassion combined with science to inform an approach to covid.
I'm sharing it here for the many Fedi friends who may be heartened by it or find it useful.
https://www.stmargaretscedarcottage.ca/why-are-we-still-masking.html
#CovidIsNotOver #PandemicIsNotOver #LonelinessCorps #Covid19 #Covid
poptart
Shaula Evans