Vulnerabilities & Patching

Patch Alert: Wing FTP Exploited, Two Patch Tuesday Zero-Days, and a D-Link RCE That Doesn't Need a Login

John Z Black Mar 17, 2026

Vulnerabilities & Patching #vulnerabilities #cisa #kev #wing-ftp #patch-tuesday #dlink #rce #patching

Three vulnerability disclosures in one week across different parts of the stack. Wing FTP is actively exploited, March Patch Tuesday dropped two zero-days, and D-Link has an unauthenticated RCE in its DNS config.

Google Paid Nearly $17 Million in Bug Bounties Last Year. What That Number Actually Tells Us.

John Z Black Mar 16, 2026

Vulnerabilities & Patching #bug-bounty #google #vulnerability-management #security-economics #exploit-market

Google's record $17 million in bug bounties sounds huge. Then you look at the exploit broker market, where a single iOS chain sells for $2.5 million, and the math gets interesting.

Two Vulnerabilities, Two Patches, One Message: Critical Enterprise Flaws Need Immediate Attention

John Z Black Mar 15, 2026

Vulnerabilities & Patching #patch-management #microsoft #windows-11 #hpe #aruba #enterprise-security #rce #vulnerability

Microsoft shipped an emergency out-of-band RRAS patch days after Patch Tuesday. HPE has a switch vulnerability that lets attackers reset admin passwords with zero credentials. Both need patching now.