The Divided Kernel is the Vulnerability: Why Copy Fail Escapes the Container
Sharing the host kernel: Why the "Copy Fail" gap breaks out of the container and which layers truly protect against kernel errors. Read article
PAM without Enterprise Budget: Controlling Admin Rights
Privileged accounts are the primary targets of attackers. Here’s how mid-sized businesses can implement PAM with three core principles-without buying an… Read article
Type Confusion in Chrome’s V8: Why the Same Class of Vulnerabilities Keeps Reappearing
A manipulated website is enough: Type-Confusion vulnerabilities in Chrome's V8 engine are hitting the browser in series. Read article
The Token That Bypasses MFA: Why OAuth Theft Is the New Entry Point
OAuth token theft bypasses MFA because the token itself contains the authentication. A **375% surge** in OAuth phishing-why SOCs must defend the session. Read article
Defender under fire: Two actively exploited vulnerabilities and the blind spot in the SOC
Microsoft Defender has two actively exploited vulnerabilities-one enabling privilege escalation-with a CISA deadline of **June 3**. Read article
Security Awareness That Works: Continuously Instead of Annually
Phishing detection lapses after just a few months. Why the annual training fizzles out-and only continuous awareness and a reporting culture have real… Read article
CVE-2026-32202: CISA KEV Listing Forces CISOs to Act
CVE-2026-32202 (CVSS 8.8) has been listed in CISA KEV since April 28, 2026: APT28 is exploiting an incomplete Windows kernel patch. Read article
BKA Hunts REvil Leader After 130 Attacks on German Targets
7 Min. Read Time At the end of April 2026, the BKA identified the alleged leader of the REvil group and initiated an international arrest warrant request. 130 documented attacks... Read article
Customers at Risk After Trellix Code Leak
6 min read Trellix confirmed a source-code breach in early May 2026. The cybersecurity vendor now joins a list that includes Microsoft, Okta and LastPass—security-tool manufacturers themselves becoming targets. For... Read article
BSI Warns Against Unpatched Ivanti Systems
7 Min. Read Time Two Ivanti EPMM zero-days were exploited in series at the end of April 2026 – 130 unique IP addresses actively tested the vulnerabilities within 24 hours... Read article
CISA KEV April 2026: Samsung, D‑Link Actively Exploited
6 Min. reading time The CISA added eight new entries to its Known Exploited Vulnerabilities Catalog within one week at the end of April 2026. Three systems stand out: Samsung... Read article
**Top-Tier Phishing: How CISOs Protect Their Channels**
Signal verification code theft at Klöckner, Prien, Hubertz plus Graichen own goal on X. Three CISO moves for 2026. Read article
GDPR April Cases Shift Risk for Mid-Sized Firms
In April 2026, the Romanian data protection authority sanctioned Renault Commercial Roumanie following a cyberattack with insufficient security measures, the Spanish AEPD imposed €950,000 on YOTI for biometric processing without... Read article
Adaptive MFA in NIS2 2026: ENISA Guidance on…
NIS2 requires multi-factor authentication (MFA) “where appropriate,” and in Germany, the BSI enforcement mandate enters its operational phase in May 2026. For security and compliance officers, the central question is... Read article
Squidex SSRF CVE-2026-41172: 72-Hour Response Plan for Ops Teams
Squidex SSRF CVE-2026-41172 is patched in version 7.23.0. Operations teams additionally need a 72-hour plan: Egress-Allowlist, IMDSv2-Lockdown and WAF-Profile-Review. Read article
Terrarium Sandbox Escape CVE-2026-5752: 72-Hour Response Plan
CVE-2026-5752 in Terrarium by Cohere AI (not Cloudflare): CVSS 9.3, Sandbox Escape with Root Code Execution. 72-Hour Response Plan for Edge and Platform Teams. Read article
ASP.NET Core 0-Day CVE-2026-40372: CVSS 9.1, Patched Since Apr 22
Microsoft Out-of-Band April 22: ASP.NET Core CVE-2026-40372 with CVSS 9.1. Patch in DataProtection 10.0.7. 72-hour response plan for Security-Operations. Read article
CISA Expands KEV Catalog: 8 Vulns, Deadlines Apr 23 & May 4
CISA KEV Update from April 20, 2026 with eight vulnerabilities, patch deadlines on April 23 and May 4. 14-day response plan for DACH security teams. Read article
ASP.NET Core CVE-2026-40372: Compliance Risks for Finance &…
Microsoft ASP.NET Core CVE-2026-40372: CVSS 9.1, Privilege Escalation. DORA, NIS2, and MaRisk compliance implications with 21-day plan for finance Dev-Shops. Read article
Squidex SSRF: Why Headless CMS Backends Are Supply Chain Risks
CVE-2026-41172 in Squidex: SSRF in Asset Upload Affects Headless-CMS Backends. What Patch, IMDS Lockdown, and Permission Audit Can Do for Security Teams in 2026. Read article
Terrarium Sandbox Escape CVE-2026-5752: Cohere AI Bug Risks
CVE-2026-5752 in Cohere AI Terrarium: CVSS 9.3, Root Code Execution in Sandbox Container, No Vendor Patch. Mitigation Plan and Strategic Lessons for Security Teams. Read article
