#Patch Management
Chrome Zero-Day CVE-2026-11645 Enters KEV After Google Ships Emergency V8 Patch
Chrome Zero-Day CVE-2026-11645 Enters KEV After Google Ships Emergency V8 Patch Google has patched an actively exploited [zero-day](https://invaders.ie/resource...
Lucas Oliveira
Research
Unfixed Gogs flaw can turn pull requests into server-side RCE
Unfixed Gogs flaw can turn pull requests into server-side RCE A newly disclosed Gogs bug matters because it blurs the line between "authenticated" and "practica...
Lucas Oliveira
Research
Palo Alto GlobalProtect auth bypass turns cookie trust into VPN access risk
Palo Alto GlobalProtect auth bypass turns cookie trust into VPN access risk CVE-2026-0257 matters because it turns a trust shortcut on the VPN edge into an iden...
Lucas Oliveira
Research
FortiClient EMS exploit turns endpoint management into credential theft at scale
FortiClient EMS exploit turns endpoint management into credential theft at scale CVE-2026-35616 matters because it breaks a security assumption many teams quiet...
Lucas Oliveira
Research
CVE-2026-48172 puts LiteSpeed cPanel deployments on a KEV deadline
CVE-2026-48172 puts LiteSpeed cPanel deployments on a KEV deadline CVE-2026-48172 has escalated from vendor emergency to federal patching priority. On May 26, 2...
Lucas Oliveira
Research
Microsoft MDASH surfaces 16 Windows network flaws defenders should patch first
Microsoft MDASH surfaces 16 Windows network flaws defenders should patch first Microsoft's May 12, 2026 security disclosures included a point that deserves more...
Lucas Oliveira
Research
CVE-2026-31431: Copy Fail turns routine Linux access into reliable root compromise
CVE-2026-31431: Copy Fail turns routine Linux access into reliable root compromise Copy Fail is the kind of Linux flaw defenders should not shrug off just becau...
Lucas Oliveira
Research
CVE-2026-33032 lets attackers take over exposed nginx-ui servers
CVE-2026-33032 lets attackers take over exposed nginx-ui servers CVE-2026-33032 is the kind of [vulnerability](https://invaders.ie/resources/glossary/vulnerabil...
Lucas Oliveira
Research
CISA KEV flags Quest KACE SMA auth bypass as a high-priority risk
CISA KEV flags Quest KACE SMA auth bypass as a high-priority risk CVE-2025-32975 is the kind of issue defenders should triage quickly because it affects a manag...
Lucas Oliveira
Research
Critical protobuf.js flaw turns untrusted schemas into JavaScript code execution
Critical protobuf.js flaw turns untrusted schemas into JavaScript code execution A newly disclosed protobuf.js issue deserves attention well beyond the JavaScri...
Lucas Oliveira
Research
Leaked Windows Defender zero-days are already being used to gain SYSTEM access
Leaked Windows Defender zero-days are already being used to gain SYSTEM access A fast-moving Windows story matters to defenders this week for a simple reason: p...
Lucas Oliveira
Research
CVE-2026-5194 weakens wolfSSL certificate trust in embedded deployments
CVE-2026-5194 weakens wolfSSL certificate trust in embedded deployments CVE-2026-5194 is a reminder that core cryptographic libraries can create outsized enterp...
Lucas Oliveira
Research