Security Digest
Weekly security intelligence — CVEs, CISA KEV advisories, exploits, and cybersecurity news.
ScanForge Security Digest 2619-01
This week saw 28 critical vulnerabilities published with no actively exploited threats, offering a brief window for remediation planning. Notable issues include an IDOR vulnerability in Comet Backup affecting multiple versions, buffer overflow flaws in JS8Call radio software, and privilege escalation vulnerabilities in surveillance and backup systems. While no zero-day exploits are currently in the wild, organizations should prioritize patching Comet Backup and GeoVision devices, and monitor backup/surveillance infrastructure closely given the frequency of targeting in this period. Industry news highlights increased M&A activity, certificate revocations at DigiCert, and emerging AI-assisted attack vectors as persistent threats. Teams should review their patch management timelines and consider whether current backup and surveillance solutions remain within supported versions.
200 items
ScanForge Security Digest 2618-02
WEEKLY SECURITY DIGEST - EXECUTIVE SUMMARY This week presented a relatively stable threat landscape with no newly exploited vulnerabilities or critical CVEs requiring immediate action. However, organizations running SAP environments should prioritize patching following the "Mini Shai-Hulud" supply chain attack that affected 1,800 users across SAP, Lightning, and Intercom platforms. The emergence of AI-assisted phishing services and security scanning tools indicates adversaries are increasingly leveraging automation to enhance attack sophistication and discovery capabilities. While no zero-days were identified, teams should maintain standard patch management cadences and remain vigilant for supply chain threats targeting widely-used enterprise software. Review your SAP package integrity and consider additional controls around third-party software deployments as a near-term priority.
200 items
ScanForge Security Digest 2618-01
This week saw moderate vulnerability activity with 24 critical CVEs and 66 high-severity issues reported, though no new actively exploited vulnerabilities were added to CISA's catalog. Notable threats include a remote code execution vulnerability in the widely-used llama.cpp library, SQL injection flaws in Saltcorn database applications, and web shell upload capabilities in 7oroof Medcity systems—all requiring prompt patching. Recent security news highlights an uptick in supply chain attacks through legitimate repositories, account takeover campaigns targeting financial platforms, and continued exploitation of cloud infrastructure, indicating threat actors are diversifying tactics beyond traditional vulnerability exploitation. Organizations should prioritize patching the identified critical CVEs affecting their deployed infrastructure, enforce strict code review practices for open-source dependencies, and implement enhanced monitoring for suspicious account activities and cloud access patterns. The absence of KEV entries this period provides a brief window to address known critical risks before active exploitation becomes widespread.
200 items
ScanForge Security Digest 2617-02
This week presented a favorable threat landscape with no actively exploited vulnerabilities or critical CVEs reported, though elevated activity levels warrant attention. Key concerns include a new BlackFile extortion group orchestrating vishing campaigns, a critical Linux privilege escalation flaw (Pack2TheRoot), and a sophisticated FIRESTARTER backdoor targeting Cisco Firepower devices that persists through patching. Organizations should prioritize deploying available patches for the Pack2TheRoot vulnerability and implementing enhanced email and voice authentication controls to counter the vishing threat. Microsoft's upcoming passkey support in Windows offers a strategic opportunity to strengthen credential security across enterprise environments. Continue monitoring for indicators of compromise related to FIRESTARTER and maintain heightened vigilance around social engineering vectors targeting your user base.
200 items
ScanForge Security Digest 2617-01
This week brought 25 critical vulnerabilities requiring immediate attention, including SQL injection flaws in OpenProject and privilege escalation risks in Percona PMM and Quest KACE systems, though no actively exploited zero-days were added to CISA's catalog. Notable threat activity includes Chinese APT groups targeting financial institutions in Asia and attackers increasingly leveraging identity-based attacks to bypass traditional security controls. Organizations should prioritize patching Quest KACE and OpenProject instances, conducting access reviews for privileged accounts, and reinforcing identity verification practices given the prevalence of credential-based compromise techniques. The 49 security articles this period highlight continued targeting of unpatched infrastructure, underscoring the importance of timely vulnerability remediation across all systems.
200 items
ScanForge Security Digest 2616-02
WEEKLY SECURITY DIGEST EXECUTIVE SUMMARY This week presented a relatively stable threat landscape with zero actively exploited vulnerabilities and no critical-severity CVEs reported. However, operational security remains a priority: a Mirai botnet variant is actively exploiting CVE-2024-3721 to compromise TBK DVRs for DDoS operations, and King ransomware continues evolving evasion tactics using QEMU virtual machines to bypass endpoint detection tools. Organizations should prioritize patching DVR and embedded device vulnerabilities while reviewing endpoint security configurations for VM-based evasion techniques. Additionally, phishing threats persist with attackers increasingly leveraging device code authentication flows, underscoring the need for enhanced multi-factor authentication vigilance and user security awareness training.
200 items
ScanForge Security Digest 2616-01
This week presented a significant vulnerability landscape with 69 critical CVEs and 57 high-severity vulnerabilities identified, though no actively exploited zero-days were added to CISA's KEV list. Notable threats include a prototype pollution vulnerability in Axios affecting Node.js environments, a privilege escalation flaw in Azure Cloud Shell, and multiple memory safety issues in Firefox and compiler infrastructure that could enable code execution. Microsoft's extensive April 2026 Patch Tuesday update addresses privilege elevation vulnerabilities and includes new Remote Desktop protections, making immediate patching a priority for Windows environments. Organizations should prioritize patching Azure deployments and updating Axios libraries to version 1.15.0 or later, while Windows administrators should evaluate the latest Microsoft protections against malicious RDP files. The continued discovery of similar vulnerability patterns across major platforms underscores the need for proactive code review and compiler-level security checks in software development pipelines.
200 items
ScanForge Security Digest 2615-02
This week saw a moderate vulnerability landscape with 47 critical CVEs identified but no new actively exploited vulnerabilities added to CISA's catalog. Notable critical issues include pre-authentication remote code execution in ChurchCRM's setup wizard, broken access control in Genealogy PHP application, and unauthenticated path traversal in FalkorDB Browser that enables arbitrary file writes and RCE. Organizations should prioritize patching these vulnerabilities immediately, particularly in internet-facing systems using these applications. In parallel, security teams should monitor ongoing developments in law enforcement's use of ad data for tracking and the Hims healthcare breach as indicators of broader privacy and authentication risks in their own environments.
200 items
ScanForge Security Digest 2615-01
SECURITY DIGEST SUMMARY This week presented a significant threat landscape with 43 critical vulnerabilities identified, though no actively exploited zero-days were added to CISA's catalog. Notable critical issues include authorization bypasses in ORY Oathkeeper, multiple vulnerabilities in CI4MS affecting access control and data validation, arbitrary code execution in NocoBase workflows, and SSL/TLS session protection weaknesses in Mbed TLS. Organizations should prioritize patching these critical vulnerabilities, particularly those affecting identity/access systems and no-code platforms. Concurrent threats include new macOS stealer campaigns, an emerging DDoS-for-hire botnet targeting IoT devices, and active exploitation of Ivanti EPMM requiring immediate federal remediation by Sunday.
200 items
ScanForge Security Digest 2614-03
This week's threat landscape remains elevated with 77 critical vulnerabilities (CVSS 9.0+) requiring immediate attention, though no newly exploited zero-days were added to CISA's KEV catalog. Notable critical issues include sandbox bypass in PraisonAI, SQL injection in Kestra, and multiple memory safety vulnerabilities across Apple platforms that have already shipped patches. Supply chain threats continue to dominate the news cycle, with coordinated attacks on npm packages targeting database infrastructure and a credential harvesting campaign against maintainer accounts through social engineering. Organizations should prioritize patching Apple devices and updating Kestra deployments while strengthening access controls for open-source package maintainers. The surge in device code phishing (up 37x) and persistent focus on compromising development tools warrant heightened security awareness training across technical teams.
200 items
ScanForge Security Digest 2614-02
This week presented a moderate threat landscape with 17 critical vulnerabilities identified but no actively exploited zero-days reported by CISA. The most pressing concern is CVE-2025-9962, a pre-authentication buffer overflow in Novakon P series devices that grants immediate root access, requiring urgent patching for affected systems. Additionally, three separate RCE vulnerabilities in Backup Server products pose significant risk to authenticated domain users, and organizations should prioritize applying available patches. Notable security incidents include a Cisco IMC authentication bypass enabling admin access and a supply chain compromise through LiteLLM, highlighting the continued threat from both direct vulnerabilities and third-party dependencies. Security teams should prioritize patching the Novakon and Backup Server vulnerabilities while reviewing Cisco IMC deployments and auditing LiteLLM implementations for potential compromise.
200 items
ScanForge Security Digest 2614-01
This week presented a moderate vulnerability landscape with 55 critical CVEs requiring attention, though no actively exploited vulnerabilities were tracked by CISA. Notable critical issues include OS command injection in CodeRider-Kilo, arbitrary file access vulnerabilities in Incus versions prior to 6.23.0, and code injection flaws in WordPress plugins Total Poll Lite and Woody ad snippets. Organizations should prioritize patching Incus deployments and reviewing CodeRider-Kilo whitelist configurations immediately. The broader threat environment remains elevated, with reports of Iranian cyber operations targeting hospitals and Russian APT groups deploying new iOS exploit kits, underscoring the need for heightened monitoring and incident response readiness.
200 items
ScanForge Security Digest 2613-02
This week brought a significant vulnerability influx with 45 critical CVEs requiring immediate attention, though no actively exploited vulnerabilities were reported by CISA. Notable threats include unauthenticated remote code execution in CLI interfaces (CVE-2026-3587), path traversal vulnerabilities in popular frameworks like Mesop and ApostropheCMS, and deserialization flaws affecting CMS platforms. Organizations should prioritize patching CVE-2026-3587 and updating Mesop to version 1.2.3+ and ApostropheCMS to 3.5.3+ to prevent device compromise and file system access. Additionally, the disclosure of vulnerabilities in AI frameworks like LangChain highlights emerging risks in modern development stacks that warrant immediate security reviews.
200 items
ScanForge Security Digest 2613-01
WEEKLY SECURITY DIGEST - EXECUTIVE SUMMARY This week presented a moderate threat landscape with 29 critical vulnerabilities (CVSS 9.0+) and 88 high-severity CVEs, though no actively exploited vulnerabilities were added to CISA's catalog. Notable critical issues include unauthenticated remote code execution vulnerabilities in Cisco Secure Firewall Management Center and file browser applications, as well as privilege escalation flaws in Microsoft 365 Copilot and Centreon monitoring systems. Organizations should prioritize patching these critical vulnerabilities in internet-facing management interfaces and update knowledge management systems like SiYuan to versions 3.6.1 or later. Security teams should also monitor the ongoing data breach trends affecting both private sector entities and government organizations, as demonstrated by recent incidents involving QualDerm and Dutch government agencies. Recommended actions include conducting an inventory of affected systems, applying patches where available, and strengthening authentication controls for remote administrative interfaces.
200 items