patching

MoveIt Redux: Progress Software Battles a New Wave of RCE Flaws

John Z Black Apr 27, 2026

Vulnerabilities & Patching #moveit #progress-software #rce #cve #patching #loadmaster

New critical RCE vulnerabilities in MoveIt WAF and LoadMaster let attackers reach the management shell and bypass security controls entirely. Your patch window is hours, not days.

Global Tech Debt Audit: Oracle's April CPU Breaks the Volume Record with 481 Fixes

John Z Black Apr 27, 2026

Vulnerabilities & Patching #oracle #patching #java #weblogic #vulnerability-management

Oracle just shipped 481 security fixes across 28 product families in a single patch cycle. The Java SE and WebLogic flaws hit CVSS 9.8. This isn't a success story.

Consumer Advisory: Fake Windows Updates, Qilin in Healthcare, and patches you shouldn't skip

John Z Black Apr 27, 2026

Vulnerabilities & Patching #lumma #qilin #healthcare #cisa #windows #patching

A stealer campaign with 0 detections is hiding inside fake Windows 11 upgrade ads. Qilin ransomware hit a Florida dermatology practice. And CISA added more bugs to the mandatory patch list.

Citrix Patches CVE-2026-3055 in NetScaler: A 9.3 Memory Flaw That Looks a Lot Like CitrixBleed

John Z Black Mar 26, 2026

Vulnerabilities & Patching #citrix #netscaler #cve-2026-3055 #patching #enterprise-security #vulnerability

Citrix patched a CVSS 9.3 unauthenticated memory read in NetScaler ADC and Gateway that can leak session tokens. No active exploitation yet, but the history of CitrixBleed says don't wait.

Update Everything: Chrome Zero-Days, Android's March Bulletin, and the Patch Gap That Puts You at Risk

John Z Black Mar 22, 2026

Vulnerabilities & Patching #chrome #android #zero-day #mediatek #patching #cve #mobile-security

Two Chrome zero-days under active attack, 129 Android vulnerabilities in March, and the stubborn reality that 'patch available' and 'you're protected' are two very different things.

Patch Weekend Is Here: Why Oracle IAM and Cisco FMC Can't Wait

John Z Black Mar 21, 2026

Vulnerabilities & Patching #oracle #cisco #cisa #patching #identity-manager #rce #kev #enterprise-security

Oracle pushed an emergency out-of-band patch for a critical identity manager RCE. CISA set a Sunday deadline on a max-severity Cisco firewall management flaw. Both hit identity and perimeter management simultaneously.

Zero-Day by Default: Why Cisco FMC Should Reorder This Week's Patch Queue

John Z Black Mar 18, 2026

Vulnerabilities & Patching #cisco #fmc #zero-day #kev #patching #ransomware #vulnerability-management

Interlock operators have been exploiting a Cisco FMC zero-day since January. If you're still sorting patch queues by CVSS score, that's the problem.

Patch Alert: Wing FTP Exploited, Two Patch Tuesday Zero-Days, and a D-Link RCE That Doesn't Need a Login

John Z Black Mar 17, 2026

Vulnerabilities & Patching #vulnerabilities #cisa #kev #wing-ftp #patch-tuesday #dlink #rce #patching

Three vulnerability disclosures in one week across different parts of the stack. Wing FTP is actively exploited, March Patch Tuesday dropped two zero-days, and D-Link has an unauthenticated RCE in its DNS config.

48 Hours to Patch or Get Owned: The New Enterprise Reality

John Z Black Mar 10, 2026

Enterprise Security #patching #google-cloud #cisa-kev #ivanti #solarwinds #cisco #sd-wan #vulnerability

Vulnerability exploitation just passed stolen credentials as the #1 way attackers break into cloud environments. And you've got about 48 hours before they're at your door.