Region: global
All items tagged global.
- CVE-2026-5787 / CVE-2026-6973 — Ivanti EPMM pre-auth certificate impersonation → admin RCE (CISA KEV deadline **2026-05-10**)
- CVE-2026-32202 — Windows Shell NTLM coercion / credential capture, APT28 active against EU governments (CISA KEV deadline **2026-05-12**)
- CVE-2026-5787 — Ivanti EPMM improper certificate validation (pre-auth Sentry impersonation, CVSS 9.1)
- CVE-2026-6973 — Ivanti EPMM admin API improper input validation → RCE (CVSS 7.2, CISA KEV deadline 2026-05-10)
- CVE-2026-32202 — Windows Shell NTLM coercion, APT28 ITW (CVSS 4.3, CISA KEV deadline 2026-05-12)
- Dragos 2025 OT Cybersecurity Year in Review: 81% of IR engagements found flat IT/OT network architecture
- Kaspersky Q1 2026 Exploits and Vulnerabilities Report: document-based exploits resurge; RaaS acquires zero-days
- Amazon SES weaponised for authenticated phishing and BEC (Kaspersky, 2026-05-04, ~96 h)
- UPDATE — CVE-2026-0300 (PAN-OS Captive Portal unauthenticated root RCE): CISA KEV deadline is **today (2026-05-09)**; no patch until 2026-05-13