Start with what matters now.
Track the current KEV landscape, jump into the newest year, and read analysis that explains why certain vendors and products keep getting hit.
BRIDGE:BREAK — 22 Vulnerabilities in Serial-to-Ethernet Converters Expose Critical Infrastructure
Forescout Vedere Labs' BRIDGE:BREAK research found 22 new vulnerabilities in Lantronix and Silex serial device servers — devices that bridge legacy serial control systems to IP networks across ICS, water treatment, and power grid environments. One reached the CISA KEV catalog as CVE-2025-67038 with a three-day remediation deadline.
Latest from 2026
CVE-2026-48558
SimpleHelp RMM — Unauthenticated OIDC Token Forgery Bypassing Authentication and MFA
CVSS 10CVE-2026-34908
Ubiquiti UniFi OS — Authentication Bypass via URI Normalization Mismatch
CVSS 10CVE-2026-34909
Ubiquiti UniFi OS — Path Traversal Enabling Signing Key Exfiltration (3-CVE Root RCE Chain)
CVSS 10CVE-2026-34910
Ubiquiti UniFi OS — Command Injection at Package Update Endpoint (Unauthenticated Root RCE)
CVSS 10CVE-2026-10520
Ivanti Sentry — Pre-Auth OS Command Injection via Unauthenticated MICS Configuration Endpoint
CVSS 10CVE-2026-20182
Cisco Catalyst SD-WAN — Unauthenticated Remote Auth Bypass via vdaemon DTLS vHub Device-Type Confusion
CVSS 10Browse by year
More reporting and context
The UniFi Root Chain — Three CVEs, One Unauthenticated Root RCE on 100,000 Exposed Appliances
CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910 chain together to give an unauthenticated attacker root on any internet-exposed Ubiquiti UniFi OS appliance. Three separate researchers found three separate bugs; Bishop Fox showed how they connect into a single exploit. CISA added all three to KEV on June 23, 2026 — and patching alone may not be enough.
📰 Defense GuideGrapheneOS: A Hardened Android for High-Risk Users
Android zero-days in the CISA KEV catalog show that mobile devices are prime targets for sophisticated threat actors. GrapheneOS is a hardened Android distribution built for users who cannot afford to be compromised — journalists, activists, lawyers, and anyone facing a serious personal threat model.
📰 Threat ClusterAttacking the Defenders: The Persistent Pattern of AV and EDR Products in CISA KEV
18 KEV entries across Microsoft Defender, Trend Micro Apex One/OfficeScan, McAfee, and Sophos from 2019 to 2026 reveal three recurring attack patterns: exploit the scan engine, compromise the management console, and blind-then-escalate. The structural reasons keep repeating.
📰 Defense GuideUpgrade to OpenSSH 10.3 on Client and Server for Post-Quantum SSH
Upgrade-focused SSH post-quantum rollout guide targeting OpenSSH 10.3 on both client and server.
📰 Defense GuideSSH Keys and Jump Servers: A Beginner's Guide to Doing It Right
Copying your private SSH key onto a jump server is a common mistake that turns any local privilege escalation — like CVE-2026-31431 — into a full breach of every host behind it. This guide explains what SSH keys are, why your private key must never leave the machine that generated it, and how to connect through a jump server without putting your key at risk.
📰 Defense GuideHardening the Linux Kernel: Defense in Depth Against Privilege Escalation
Copy Fail demonstrated that Linux kernel privilege escalation flaws can sit undetected for nearly a decade. The Kernel Self Protection Project provides a systematic hardening baseline that raises the cost of exploitation across entire vulnerability classes — not just individual CVEs.
📰 EducationLandmark CVEs: Seventeen Vulnerabilities That Defined a Decade of Security
From Shellshock to MOVEit, seventeen named vulnerabilities tell the same story over and over: a forgotten service, a trusted dependency, a perimeter device, or a broken authentication assumption becomes the way in. This is a guide for anyone new to cybersecurity who wants to understand what real attacks look like and why they keep succeeding.
📰 Threat ClusterThe WAN Control Plane as a Target: Cisco SD-WAN and the UAT-8616 Campaign (2023–2026)
Five CVEs across two exploitation waves — a CVSS 10.0 zero-day active since 2023, a re-weaponised four-year-old privilege escalation, and a three-CVE zero-credential-to-admin chain added with a three-day CISA deadline — document an adversary with protocol-level knowledge of Cisco SD-WAN systematically compromising enterprise WAN management planes.
📰 Threat ClusterZimbra's Persistent XSS Problem: Nation-State Actors and the Classic UI (2022–2026)
Seven Zimbra XSS CVEs across four years — all hitting the same Classic UI HTML sanitizer — exploited by Greek, Belarusian, Russian, Vietnamese, and Pakistani nation-state actors for email intelligence collection. Why the vulnerability keeps recurring, and what the exploitation pattern reveals about webmail as intelligence infrastructure.
📰 Threat ClusterWhy Ivanti EPMM and EPM Became a Persistent Exploitation Target (2023–2026)
Seventeen Ivanti CVEs across EPMM, EPM, EPM CSA, and Sentry — plus sustained parallel exploitation in Fortinet FortiClient EMS and LANSCOPE endpoint management platforms — show a management-plane attack pattern spanning six years.