John Z Black
Brunswick, ME • (207) 245-1010 • contact@johnzblack.com
Ivanti Just Got Its 33rd CISA Exploited Vulnerability Entry
CVE-2026-1340 is a pre-auth RCE in Ivanti EPMM, CVSS 9.8, exploited since January. It's the 33rd Ivanti entry on the CISA KEV catalog. At some point that number has to become a procurement conversation.
Read More
Android's April Patch Targets a Security Layer Most Users Have Never Heard Of
April's Android security update fixes a critical zero-interaction DoS and a High-severity flaw in StrongBox, the hardware layer protecting your payment credentials, biometrics, and encrypted storage.
Read More
Three Vendors, Three Critical Bugs, All Exploited This Week: The Edge Device Emergency
F5 BIG-IP, Citrix NetScaler, and Fortinet FortiClient EMS all have critical vulnerabilities under active exploitation this week. Here's what happened and what you need to do right now.
Read More
CISA Added Five Actively Exploited Flaws to Its List. You Have Until April 3.
CISA added five actively exploited vulnerabilities to its KEV catalog, including three Apple flaws tied to the DarkSword iOS exploit kit and a CVSS 10.0 RCE in Craft CMS. The April 3 deadline is for federal agencies. The exploitation isn't.
Read More
Patch Chrome Now: Two Zero-Days Being Actively Exploited in the Wild
Google just patched two zero-days in Chrome 146 that were already being used in real attacks. Update now or stay exposed.
Read More
Your Old iPhone Is Under Active Attack. Update It Today.
Apple issued an emergency patch for older iPhones and iPads to fix actively exploited Coruna WebKit vulnerabilities. If you have an old device you haven't updated, this is when that delay becomes a real problem.
Read More
Veeam Has Seven Critical RCE Flaws and Ransomware Operators Are Paying Attention
Seven simultaneous unauthenticated RCE vulnerabilities in Veeam Backup & Replication. This is a ransomware operator's wishlist, and it all dropped at once. Patch now.
Read More