my photo

John Z Black

Brunswick, ME • (207) 245-1010 • contact@johnzblack.com

Blog / #kev

The Lock Is Broken: Critical Auth Bypasses Hit Cisco, GitHub, and Palo Alto

John Z Black Apr 21, 2026

Vulnerabilities & Patching #cisco #github #palo-alto #auth-bypass #cisa #kev #patch-now #saml #sd-wan

Four critical authentication bypasses dropped this week across Cisco SD-WAN, GitHub Enterprise, Palo Alto PAN-OS, and Zabbix. This isn't a credential problem. The authentication systems themselves are failing.

Read More

Your 2012 Security Debt Is Someone Else's 2026 Attack Vector

John Z Black Apr 13, 2026

Vulnerabilities & Patching #cisa #kev #cve #patch-management #exchange-server #fortinet #legacy-vulnerabilities #ransomware

CISA added seven CVEs to its Known Exploited Vulnerabilities catalog. One of them was first patched in 2012. Attackers don't need zero-days when your backlog does the work for them.

Read More

So Bad That German Police Knocked on Doors: The PTC Windchill Flaw Now in CISA's KEV

John Z Black Mar 28, 2026

Vulnerabilities & Patching #cisa #ptc #windchill #kev #industrial #ics #manufacturing #rce #bsi #critical-infrastructure

A critical RCE flaw in PTC Windchill hit CISA's KEV with no patch available yet, and German police started showing up at factory doors in person to warn companies.

Read More

CISA Added Five Actively Exploited Flaws to Its List. You Have Until April 3.

John Z Black Mar 25, 2026

Vulnerabilities & Patching #cisa #kev #apple #laravel #craft-cms #patch #vulnerability #darksword

CISA added five actively exploited vulnerabilities to its KEV catalog, including three Apple flaws tied to the DarkSword iOS exploit kit and a CVSS 10.0 RCE in Craft CMS. The April 3 deadline is for federal agencies. The exploitation isn't.

Read More

Patch Weekend Is Here: Why Oracle IAM and Cisco FMC Can't Wait

John Z Black Mar 21, 2026

Vulnerabilities & Patching #oracle #cisco #cisa #patching #identity-manager #rce #kev #enterprise-security

Oracle pushed an emergency out-of-band patch for a critical identity manager RCE. CISA set a Sunday deadline on a max-severity Cisco firewall management flaw. Both hit identity and perimeter management simultaneously.

Read More

Patch Cycles Are Now Running Behind the Exploit Curve

John Z Black Mar 19, 2026

Vulnerabilities & Patching #exploit-window #patch-management #kev #telnetd #rapid7 #microsoft #vulnerability-operations

A GNU telnetd PoC is already circulating. CISA added another KEV entry. Rapid7 says exploited high/critical vulns surged 105% and attack timelines collapsed. Meanwhile teams are still digesting Microsoft's 83-vulnerability March dump.

Read More

Zero-Day by Default: Why Cisco FMC Should Reorder This Week's Patch Queue

John Z Black Mar 18, 2026

Vulnerabilities & Patching #cisco #fmc #zero-day #kev #patching #ransomware #vulnerability-management

Interlock operators have been exploiting a Cisco FMC zero-day since January. If you're still sorting patch queues by CVSS score, that's the problem.

Read More

Patch Alert: Wing FTP Exploited, Two Patch Tuesday Zero-Days, and a D-Link RCE That Doesn't Need a Login

John Z Black Mar 17, 2026

Vulnerabilities & Patching #vulnerabilities #cisa #kev #wing-ftp #patch-tuesday #dlink #rce #patching

Three vulnerability disclosures in one week across different parts of the stack. Wing FTP is actively exploited, March Patch Tuesday dropped two zero-days, and D-Link has an unauthenticated RCE in its DNS config.

Read More