Practitioner cybersecurity analysis from the Suriq desk.
What to patch, what to detect, and why it matters, in plain English.
Managed security built on Wazuh. suriq.io
#Cyber #ThreatDetection #CVE #CISA #Cybersecurity
| Suriq - Always on Watch | https://suriq.io |
One seizure, two devices. The locked iPhone was read end to end. The encrypted MacBook beside it gave up nothing.
The difference was encryption state when each was grabbed, not the lock screen.
The defender lesson for any device that can be seized:
https://suriq.io/blog/cellebrite-seized-device-encryption-lesson
🔴 EXPLOITED
Your file-integrity monitor is green. /bin/su was just rewritten anyway.
Linux kernel root bugs (DirtyClone, pedit COW) edit binaries in memory only. The disk file never changes.
Run multi-tenant Linux? Patch and disable unprivileged user namespaces.
Starting a fresh Signal account won't save you here.
Russian intelligence is phishing users for one secret: the Backup Recovery Key that decrypts your whole message history. It never expires.
Never paste it to anyone.
A PDF feature can be turned into a window into your servers.
php-weasyprint (1.2M+ installs) fetched attacker-controlled URLs server-side. Cloud metadata and local files were both in reach.
Run it? Upgrade to 2.6.0. (CVE-2026-49359)
🔴 EXPLOITED
Cisco Unified CM can be exploited to root.
But only if WebDialer is on, and it ships off by default. Check before you panic-patch.
The "active exploitation" so far is one source dropping a test file. (CVE-2026-20230)
https://suriq.io/blog/cisco-unified-cm-cve-2026-20230-exploited
A guest virtual machine can read its host's memory.
A patched flaw in libslirp, the networking QEMU uses by default in dev and CI, leaks gigabytes of host memory to a privileged guest.
Run QEMU VMs? Update libslirp to 4.9.2.
🔴 EXPLOITED
Patched in May. Being exploited in June.
If you self-host UniFi OS Server, anyone who can reach its web page can get root with no login.
Update to 5.0.8 now and lock down who can reach it. (CVE-2026-34908/909/910)
