It's a day ending in "y", which means I'm #hiring senior exploit developers around Cheltenham, UK. If you're based near Cheltenham and love RCE exploits, hit me up!

[Must be within reasonable distance of Cheltenham. No relocation, no sponsorship, sorry!]

https://job-boards.greenhouse.io/vulncheck/jobs/4009149009

After 2+ weeks of semi-painful exploit development, @yeslikethefood and team have a full RCA out for Cisco Secure Firewall Management Center (FMC) CVE-2026-20079.

The bug is a CVSS 10, but there are significant prerequisites that may limit exploitability in real-world scenarios. There are between 300 and 700 FMC systems on the public internet as of today.

https://www.vulncheck.com/blog/cisco-fmc-auth-bypass-cve-2026-20079

I'm terrible at social media these days, but our research team put out a pretty neat report on #EOL network edge devices, who's exploiting them, and why they get missed sometimes in more "enterprise"-focused threat intel lists.

Full report via VulnCheck researcher Patrick Garrity: https://wwv.vulncheck.com/2026-network-edge-device-report

A ton of new research out today from the VulnCheck crew 📈

We just released our 2026 Exploit Intelligence Report, which has in-depth analysis of the public exploit ecosystem, various critical CVE timelines, threat actor and botnet deep dives, and plenty more!

https://wwv.vulncheck.com/2026-vulncheck-exploit-intelligence-report

...but what I expect most folks will focus on (because everyone loves a list) is our new annual list of Routinely Targeted Vulnerabilities, which we're releasing to the public along with select metadata here: https://www.vulncheck.com/2025-routinely-targeted-vulnerabilities

We're also doing a webcast on the windfall of recent research from our team TODAY! https://wwv.vulncheck.com/in-the-wild-with-vulncheck-webinar-series