vulnerability-management

Zero-Day by Default: Why Cisco FMC Should Reorder This Week's Patch Queue

John Z Black Mar 18, 2026

Vulnerabilities & Patching #cisco #fmc #zero-day #kev #patching #ransomware #vulnerability-management

Interlock operators have been exploiting a Cisco FMC zero-day since January. If you're still sorting patch queues by CVSS score, that's the problem.

Google Paid Nearly $17 Million in Bug Bounties Last Year. What That Number Actually Tells Us.

John Z Black Mar 16, 2026

Vulnerabilities & Patching #bug-bounty #google #vulnerability-management #security-economics #exploit-market

Google's record $17 million in bug bounties sounds huge. Then you look at the exploit broker market, where a single iOS chain sells for $2.5 million, and the math gets interesting.

March Patch Tuesday: Two Zero-Days Already Public, Plus a SolarWinds Deadline That's Right Now

John Z Black Mar 12, 2026

Patch Tuesday #patch-tuesday #microsoft #zero-day #solarwinds #cisa #cve #vulnerability-management

Microsoft patched 79+ flaws including two publicly disclosed zero-days. No confirmed active exploitation yet, which is rare. But the SolarWinds Web Help Desk CISA deadline is today, and 'publicly disclosed' means attackers already have the blueprints.

Patch Week From Hell: Microsoft, Adobe, SAP, and HPE All Drop Critical Fixes at Once

John Z Black Mar 11, 2026

Vulnerability Management #patch-tuesday #microsoft #adobe #sap #hpe #zero-day #vulnerability-management

March 2026 might be the worst coordinated patching week in years. Microsoft, Adobe, SAP, and HPE all dropped critical fixes in the same 48-hour window. Here's what to patch first.