enterprise-security

Ivanti Just Got Its 33rd CISA Exploited Vulnerability Entry

John Z Black Apr 11, 2026

Vulnerabilities & Patching #ivanti #epmm #cisa-kev #cve-2026-1340 #patch #enterprise-security

CVE-2026-1340 is a pre-auth RCE in Ivanti EPMM, CVSS 9.8, exploited since January. It's the 33rd Ivanti entry on the CISA KEV catalog. At some point that number has to become a procurement conversation.

Thirty Seconds. That Is All FAUX#ELEVATE Needs to Own an Enterprise Machine.

John Z Black Mar 30, 2026

Threat Intelligence #phishing #fauxelevate #vbscript #enterprise-security #credential-theft #cryptominer #hr-security

FAUX#ELEVATE skips consumer targets entirely, checks for corporate domain membership first, then steals Chrome credentials and starts mining Monero in about 30 seconds.

Google Says Q Day Is 2029. Three Billion Android Devices Are Already Changing.

John Z Black Mar 27, 2026

Security Operations & Resilience #post-quantum #cryptography #quantum-computing #android #enterprise-security #pqc #rsa

Google moved its internal Q Day deadline to 2029. Android 17 is already being rebuilt around post-quantum standards. If you're waiting on this, you're already late.

340+ Organizations Hit by M365 Phishing That Bypasses MFA Without Touching Your Password

John Z Black Mar 26, 2026

Threat Intelligence #phishing #microsoft-365 #oauth #mfa-bypass #enterprise-security

A device code OAuth phishing campaign has compromised 340+ organizations since February 2026, bypassing MFA and surviving password resets. It's still running.

Citrix Patches CVE-2026-3055 in NetScaler: A 9.3 Memory Flaw That Looks a Lot Like CitrixBleed

John Z Black Mar 26, 2026

Vulnerabilities & Patching #citrix #netscaler #cve-2026-3055 #patching #enterprise-security #vulnerability

Citrix patched a CVSS 9.3 unauthenticated memory read in NetScaler ADC and Gateway that can leak session tokens. No active exploitation yet, but the history of CitrixBleed says don't wait.

Agentic AI Just Had Its First Major Enterprise Data Breach — and the Attacker Was the AI

John Z Black Mar 22, 2026

AI Security #agentic-ai #mcp #owasp #meta #ai-security #prompt-injection #enterprise-security

A Meta AI agent followed its instructions and caused a major internal data leak. Combined with the new OWASP MCP Top 10, this is the clearest real-world picture yet of what agentic AI security failures actually look like.

Patch Weekend Is Here: Why Oracle IAM and Cisco FMC Can't Wait

John Z Black Mar 21, 2026

Vulnerabilities & Patching #oracle #cisco #cisa #patching #identity-manager #rce #kev #enterprise-security

Oracle pushed an emergency out-of-band patch for a critical identity manager RCE. CISA set a Sunday deadline on a max-severity Cisco firewall management flaw. Both hit identity and perimeter management simultaneously.

DarkSword Spread Beyond One Campaign. Mobile Risk Has to Follow.

John Z Black Mar 19, 2026

Threat Intelligence #darksword #ios #mobile-exploitation #threat-intelligence #enterprise-security #high-risk-users #incident-response

Google threat intelligence ties DarkSword-linked iOS exploitation to a broader actor picture than earlier reporting suggested. The bigger signal isn't the exploit chain. It's that the capability is spreading across actors and channels.

Robots Are Moving Into Sensitive Environments. Security Gets Decided at Procurement.

John Z Black Mar 19, 2026

Security Operations & Resilience #robotics #procurement #cyber-physical #supply-chain #civil-liberties #enterprise-security #governance

U.S. robotics firms are pushing Congress for procurement barriers against Chinese suppliers. Robot dogs are already patrolling data centers. The security posture is decided before install day, during sourcing and contract language.

Two Vulnerabilities, Two Patches, One Message: Critical Enterprise Flaws Need Immediate Attention

John Z Black Mar 15, 2026

Vulnerabilities & Patching #patch-management #microsoft #windows-11 #hpe #aruba #enterprise-security #rce #vulnerability

Microsoft shipped an emergency out-of-band RRAS patch days after Patch Tuesday. HPE has a switch vulnerability that lets attackers reset admin passwords with zero credentials. Both need patching now.