Security intelligence covering Security Assessment & Testing: Vulnerability assessment, penetration testing, audit strategies, and security metrics.https://cipherwatch.io/en-gbhttps://cipherwatch.io/articles/2026-06-15-oracle-peoplesoft-cve-2026-35273-shinyhunters-universities/https://cipherwatch.io/articles/2026-06-15-oracle-peoplesoft-cve-2026-35273-shinyhunters-universities/A critical zero-day vulnerability in Oracle PeopleSoft Campus Solutions — CVE-2026-35273, CVSS 9.8 — has been exploited by the ShinyHunters threat group to breach student record systems at multiple universities across the US, UK, and Australia. The flaw allows unauthenticated attackers to bypass authentication in the PeopleSoft web application layer, granting direct access to student enrolment, financial aid, and academic records.Mon, 15 Jun 2026 00:00:00 GMToraclepeoplesoftcve-2026-35273zero-dayshinyhuntershigher-educationstudent-dataferpagdprhttps://cipherwatch.io/articles/2026-06-12-sap-landscape-security-assessment-netweaver/https://cipherwatch.io/articles/2026-06-12-sap-landscape-security-assessment-netweaver/CVE-2026-44748 (CVSS 9.9) in SAP NetWeaver ABAP is the second critical SAP vulnerability of 2026 affecting SAML authentication. Enterprise organisations running complex SAP landscapes with multiple NetWeaver instances face challenges in identifying which systems are affected, prioritising patching across landscape tiers, and assessing whether compromise indicators are present.Fri, 12 Jun 2026 00:00:00 GMTsapnetweaverabapcve-2026-44748samlsecurity-assessmenterp-securityvulnerability-assessmententerprise-applicationshttps://cipherwatch.io/articles/2026-06-11-linux-cve-2026-23111-nftables-detection-hardening/https://cipherwatch.io/articles/2026-06-11-linux-cve-2026-23111-nftables-detection-hardening/With public proof-of-concept code available for CVE-2026-23111, security teams running Linux across production, containerised, and cloud environments need specific detection and hardening guidance. This guide covers kernel patch availability by distribution, interim mitigations, eBPF-based detection, and Kubernetes-specific containment measures.Thu, 11 Jun 2026 00:00:00 GMTlinux-kernelnftablescve-2026-23111detectionhardeningkubernetescontainersprivilege-escalationebpfsecurity-assessmenthttps://cipherwatch.io/articles/2026-06-09-cisa-kev-june-9-chrome-cisco-arista/https://cipherwatch.io/articles/2026-06-09-cisa-kev-june-9-chrome-cisco-arista/CISA added three vulnerabilities to the KEV catalogue on 9 June: Google Chrome CVE-2026-11645 (V8 out-of-bounds write, actively exploited), Cisco SD-WAN CVE-2026-20245 (authentication bypass), and Arista EOS CVE-2026-7473 (privilege escalation command injection). Federal agencies face a 30 June remediation deadline across all three.Tue, 09 Jun 2026 00:00:00 GMTcisa-kevchromecve-2026-11645ciscosd-wanaristaeosvulnerability-managementremediation-deadline2026https://cipherwatch.io/articles/2026-06-07-perimeter-device-security-assessment-methodology/https://cipherwatch.io/articles/2026-06-07-perimeter-device-security-assessment-methodology/Network perimeter devices — firewalls, VPN gateways, and load balancers — are the most frequently exploited initial access category in enterprise breaches. Despite this, they are often excluded from regular security assessments. This methodology covers how to assess the security posture of perimeter network devices without disrupting production operations.Sun, 07 Jun 2026 00:00:00 GMTnetwork-appliancessecurity-assessmentfirewallvpnperimeter-securityvulnerability-managementconfiguration-auditcheck-pointhttps://cipherwatch.io/articles/2026-06-05-cisa-kev-june-2026-tracker-remediation-guidance/https://cipherwatch.io/articles/2026-06-05-cisa-kev-june-2026-tracker-remediation-guidance/The CISA Known Exploited Vulnerabilities catalogue added three entries in the first week of June 2026, including the Oracle WebLogic deserialization vulnerability (CVE-2024-21182) and the Mirasvit Magento RCE (CVE-2026-45247). This tracker consolidates the June additions with their remediation deadlines and documents the patch availability status for each.Fri, 05 Jun 2026 00:00:00 GMTcisa-kevvulnerability-managementbod-22-01remediationpatch-managementjune-2026compliancehttps://cipherwatch.io/articles/2026-06-03-linux-cifs-cve-2026-46243-detection-affected-systems/https://cipherwatch.io/articles/2026-06-03-linux-cifs-cve-2026-46243-detection-affected-systems/With a public proof-of-concept available and patched kernels in distribution repositories, security teams need a systematic approach to identify which Linux systems in their environment are exposed to CVE-2026-46243 and whether any exploitation activity has occurred. This guide covers detection queries, affected system identification, and temporary mitigation steps for environments that cannot patch immediately.Wed, 03 Jun 2026 00:00:00 GMTlinuxcve-2026-46243cifsdetectionvulnerability-assessmentlpeauditkernel-patchhttps://cipherwatch.io/articles/2026-06-02-servicenow-security-assessment-api-exposure-audit/https://cipherwatch.io/articles/2026-06-02-servicenow-security-assessment-api-exposure-audit/Following the ServiceNow API breach, organisations should conduct a targeted security assessment of their ServiceNow instance, focusing on API endpoint exposure, unauthenticated access paths, ACL configuration, and service account privilege scope. This assessment guide covers the key checks and how to perform them without specialist ServiceNow security tooling.Tue, 02 Jun 2026 00:00:00 GMTservicenowsecurity-assessmentapi-auditaccess-controlitsmsaas-securityaclvulnerability-assessmenthttps://cipherwatch.io/articles/2026-06-01-oracle-weblogic-security-assessment-enterprise/https://cipherwatch.io/articles/2026-06-01-oracle-weblogic-security-assessment-enterprise/Enterprise Java middleware is often the least-assessed component of the application security programme. Oracle WebLogic installations are frequently discovered during incident response rather than proactive inventory. This guide covers the discovery, assessment, and continuous monitoring steps for WebLogic security.Mon, 01 Jun 2026 00:00:00 GMToracleweblogicsecurity-assessmentmiddlewareenterprise-javavulnerability-assessmentasset-discoveryhttps://cipherwatch.io/articles/2026-05-31-windows-dc-security-monitoring-event-log-baseline/https://cipherwatch.io/articles/2026-05-31-windows-dc-security-monitoring-event-log-baseline/Effective detection of domain controller attacks requires more than collecting logs — it requires specific audit policy configuration, a curated set of detection rules, and a SIEM pipeline with alert response SLAs. This guide covers the complete baseline configuration for DC security monitoring after CVE-2026-41089 highlighted the importance of pre-compromise visibility.Sun, 31 May 2026 00:00:00 GMTwindowsdomain-controllersecurity-monitoringevent-logssiemactive-directoryaudit-policydetection-engineeringhttps://cipherwatch.io/articles/2026-05-30-zero-day-response-maturity-assessment-framework/https://cipherwatch.io/articles/2026-05-30-zero-day-response-maturity-assessment-framework/May 2026 produced multiple simultaneous zero-days and CVSS 9.0+ vulnerabilities with active exploitation. The month serves as an inadvertent assessment of enterprise vulnerability response capability. This framework evaluates response maturity across five dimensions using the month's events as test cases.Sat, 30 May 2026 00:00:00 GMTzero-dayvulnerability-managementmaturity-assessmentsecurity-assessmentresponse-capabilityenterprise-securityhttps://cipherwatch.io/articles/2026-05-28-hardware-vulnerability-assessment-cpu-firmware-methodology/https://cipherwatch.io/articles/2026-05-28-hardware-vulnerability-assessment-cpu-firmware-methodology/AMD CVE-2026-46174 and the broader class of CPU microarchitecture vulnerabilities require assessment methodology distinct from software vulnerability scanning. This guide covers the scoping, testing, and remediation verification steps for enterprise hardware security assessments covering processor vulnerabilities.Thu, 28 May 2026 00:00:00 GMThardware-securitycpu-vulnerabilityfirmwarevulnerability-assessmentmicroarchitectureassessment-methodologyhttps://cipherwatch.io/articles/2026-05-27-vs-marketplace-extension-supply-chain-audit-guide/https://cipherwatch.io/articles/2026-05-27-vs-marketplace-extension-supply-chain-audit-guide/The Nx Console supply-chain compromise in TeamPCP's May 2026 campaign targeted an extension with millions of downloads. With over 60,000 extensions in the VS Marketplace, most organisations have no inventory of which extensions their developers run. This guide covers extension auditing, publisher verification, and policy controls.Wed, 27 May 2026 00:00:00 GMTvs-codeextensionssupply-chaindeveloper-securitysecurity-assessmentide-securityenterprise-controlshttps://cipherwatch.io/articles/2026-05-26-apple-cve-disclosure-enterprise-patch-management-challenge/https://cipherwatch.io/articles/2026-05-26-apple-cve-disclosure-enterprise-patch-management-challenge/Apple's habit of retroactively adding CVE details to previously published security advisories creates operational complexity for enterprise vulnerability management programmes: vulnerabilities appear as 'new' in CVE feeds after they have already been patched in deployed OS versions, generating false-positive remediation workflows and obscuring the true patch state of Apple endpoints.Tue, 26 May 2026 00:00:00 GMTapplecve-managementpatch-managementvulnerability-scanningenterprise-securitymacosioshttps://cipherwatch.io/articles/2026-05-25-cve-2026-46333-ptrace-linux-detection-mitigation/https://cipherwatch.io/articles/2026-05-25-cve-2026-46333-ptrace-linux-detection-mitigation/CVE-2026-46333, the Linux kernel ptrace race condition with four known exploit chains, requires both patching and verification that compromise has not already occurred. This guide covers the detection queries, audit configuration, and post-patch verification steps security teams need to assess exposure and confirm remediation.Mon, 25 May 2026 00:00:00 GMTlinuxcve-2026-46333ptracevulnerability-assessmentdetectionauditkernel-securityssh-keyshttps://cipherwatch.io/articles/2026-05-22-enterprise-wifi-security-assessment-unifi-infrastructure/https://cipherwatch.io/articles/2026-05-22-enterprise-wifi-security-assessment-unifi-infrastructure/The three CVSS 10.0 vulnerabilities in Ubiquiti UniFi OS Bulletin 064 prompt a broader question: how does UniFi's security posture, vendor support, and enterprise control plane architecture compare to traditional enterprise Wi-Fi vendors? A structured assessment framework helps organisations evaluate whether UniFi is appropriate for their specific threat model.Fri, 22 May 2026 00:00:00 GMTubiquitiunifienterprise-wifiwireless-securitysecurity-assessmentciscoarubamerakinetwork-infrastructurehttps://cipherwatch.io/articles/2026-05-19-eolife-vpn-security-assessment-framework/https://cipherwatch.io/articles/2026-05-19-eolife-vpn-security-assessment-framework/The SonicWall Generation 6 end-of-life situation is the latest instance of a recurring enterprise security problem: internet-facing network equipment that reaches vendor end-of-life while still actively exploited. A structured assessment approach helps security teams identify, prioritise, and communicate the risk of EoL perimeter equipment.Tue, 19 May 2026 00:00:00 GMTend-of-lifevpnnetwork-securityvulnerability-managementasset-managementsecurity-assessmenthttps://cipherwatch.io/articles/2026-05-17-pwn2own-berlin-2026-day3-devcore-master-of-pwn/https://cipherwatch.io/articles/2026-05-17-pwn2own-berlin-2026-day3-devcore-master-of-pwn/Pwn2Own Berlin 2026 concluded with DEVCORE Research Team winning the Master of Pwn title with $505,000 in earnings and 50.5 points, driven by Orange Tsai's Exchange SYSTEM RCE chain and consistent results across multiple targets. The three-day competition produced 47 unique zero-day vulnerabilities across enterprise products, cloud infrastructure, and AI tools, with $1,298,250 in total prize money awarded.Sun, 17 May 2026 00:00:00 GMTpwn2owndevcoremaster-of-pwnzero-dayvulnerability-researchberlin-2026https://cipherwatch.io/articles/2026-05-16-pwn2own-berlin-day2-exchange-system-rce-rhel-lpe/https://cipherwatch.io/articles/2026-05-16-pwn2own-berlin-day2-exchange-system-rce-rhel-lpe/The second day of Pwn2Own Berlin saw DEVCORE's Orange Tsai chain three previously unknown vulnerabilities to achieve SYSTEM-level remote code execution on fully patched Microsoft Exchange Server, earning $200,000. Day 2 also featured Red Hat Enterprise Linux LPE, additional Windows 11 privilege escalation, and LM Studio AI exploitation across 15 unique zero-days.Sat, 16 May 2026 00:00:00 GMTpwn2ownexchangercezero-dayvulnerability-researchdevcorehttps://cipherwatch.io/articles/2026-05-14-pwn2own-berlin-2026-day1-windows-edge-24-exploits/https://cipherwatch.io/articles/2026-05-14-pwn2own-berlin-2026-day1-windows-edge-24-exploits/The first day of Pwn2Own Berlin 2026 saw researchers demonstrate 24 previously unknown vulnerabilities across Windows 11, Microsoft Edge, VMware Workstation, and Oracle VirtualBox. Windows 11 was compromised three separate times by different teams, and a full Microsoft Edge sandbox escape earned a $175,000 award. No CVE IDs have been assigned yet as vendors begin the 90-day remediation process.Thu, 14 May 2026 00:00:00 GMTpwn2ownzero-daywindowsedgevulnerability-researchsandbox-escapehttps://cipherwatch.io/articles/2026-05-12-sharepoint-office-rce-preview-pane-patch-tuesday/https://cipherwatch.io/articles/2026-05-12-sharepoint-office-rce-preview-pane-patch-tuesday/May's Patch Tuesday patches an authenticated RCE in SharePoint Server (CVE-2026-40365) and multiple Office vulnerabilities exploitable via the Windows Explorer and Outlook preview pane without opening files. Together they represent a significant enterprise document attack surface. Assess SharePoint exposure and validate Office update deployment this week.Tue, 12 May 2026 00:00:00 GMTsharepointmicrosoft-officercepatch-tuesdayenterprise-riskhttps://cipherwatch.io/articles/2026-05-06-cpanel-whm-new-cves-29201-29202-29203-code-exec/https://cipherwatch.io/articles/2026-05-06-cpanel-whm-new-cves-29201-29202-29203-code-exec/cPanel has released security updates addressing three new vulnerabilities distinct from the previously covered CVE-2026-41940 zero-day: CVE-2026-29202 (CVSS 8.8, Perl code execution), CVE-2026-29203 (CVSS 8.8, symlink-based privilege escalation), and CVE-2026-29201 (CVSS 4.3, arbitrary file read). Web hosting providers running cPanel/WHM should apply the updates urgently given the platform's current elevated threat posture following mass exploitation in May 2026.Wed, 06 May 2026 00:00:00 GMTcpanelwhmcvecode-executionprivilege-escalationweb-hostingpatchvulnerability-managementhttps://cipherwatch.io/articles/2026-05-05-grassmarlin-cve-2026-6807-cisa-ics-advisory/https://cipherwatch.io/articles/2026-05-05-grassmarlin-cve-2026-6807-cisa-ics-advisory/CISA has issued ICS advisory ICSA-26-118-01 for CVE-2026-6807, a vulnerability in GRASSMARLIN — the NSA-developed open-source network visualisation tool widely used by industrial control system operators and OT security teams to map and analyse operational technology networks. The vulnerability affects teams using GRASSMARLIN for defensive ICS visibility, creating a risk of compromise of the analyst workstations conducting that analysis.Tue, 05 May 2026 00:00:00 GMTicsot-securitycisagrassmarlinnsacveadvisorypcap-analysissecurity-toolinghttps://cipherwatch.io/articles/2026-05-04-wireshark-cve-2026-5656-rce-pcap/https://cipherwatch.io/articles/2026-05-04-wireshark-cve-2026-5656-rce-pcap/A code execution vulnerability in Wireshark's PCAP/PCAPNG file parser allows a malicious capture file to trigger arbitrary code execution when opened by an analyst. CVE-2026-5656 affects all Wireshark versions prior to 4.4.6 across Windows, macOS, and Linux. The attack vector is especially concerning for security teams that open externally-sourced capture files during incident response or threat hunting — update Wireshark to 4.4.6 immediately.Mon, 04 May 2026 00:00:00 GMTwiresharkcvecode-executionpcapnetwork-analysisanalyst-toolspatchhttps://cipherwatch.io/articles/2026-05-03-hashcat-buffer-overflow-cves-pentest-tool/https://cipherwatch.io/articles/2026-05-03-hashcat-buffer-overflow-cves-pentest-tool/Security researchers have disclosed three buffer overflow vulnerabilities (CVE-2026-42482, CVE-2026-42483, CVE-2026-42484) in Hashcat, the widely-used open-source password recovery and penetration testing tool. The flaws can be triggered via maliciously crafted hash files or wordlists and may allow code execution in environments where Hashcat processes untrusted input — including shared red team infrastructure and automated password auditing pipelines.Sun, 03 May 2026 00:00:00 GMThashcatbuffer-overflowpenetration-testingtoolchain-securitycvepassword-auditinghttps://cipherwatch.io/articles/2026-05-01-phantomrpc-windows-lpe-no-patch/https://cipherwatch.io/articles/2026-05-01-phantomrpc-windows-lpe-no-patch/Security researchers have disclosed PhantomRPC, an unpatched local privilege escalation technique in Windows that abuses the COM server activation mechanism to elevate from standard user to SYSTEM without triggering standard EDR alerts. Microsoft has acknowledged the report but not committed to a patch timeline. Defenders should implement mitigation controls; red teams should incorporate this technique into assessments.Fri, 01 May 2026 00:00:00 GMTwindowscomprivilege-escalationlpeunpatchedred-teamedr-evasionpost-exploitationhttps://cipherwatch.io/articles/2026-04-30-cpanel-whm-cve-2026-41940-auth-bypass-zero-day/https://cipherwatch.io/articles/2026-04-30-cpanel-whm-cve-2026-41940-auth-bypass-zero-day/CVE-2026-41940, a CVSS 9.8 authentication bypass in cPanel and WHM web hosting control panel software, was exploited in the wild before the vendor issued a patch. All versions from 11.40 onwards are affected. Proof-of-concept code is now public. Web hosting providers, managed service providers, and any organisation running cPanel/WHM for server management should apply the emergency patch immediately.Thu, 30 Apr 2026 00:00:00 GMTcpanelwhmcve-2026-41940auth-bypasszero-dayweb-hostingactively-exploitedhttps://cipherwatch.io/articles/2026-04-28-ai-autonomous-cloud-attack-research/https://cipherwatch.io/articles/2026-04-28-ai-autonomous-cloud-attack-research/New academic research demonstrates that AI agents equipped with common cloud security tools can autonomously identify, chain, and exploit misconfigurations in production-like cloud environments — achieving lateral movement, privilege escalation, and data exfiltration in multi-step attack sequences without human guidance. The findings have direct implications for red team methodologies, cloud security posture management, and the adversarial use of AI-assisted attack tooling.Tue, 28 Apr 2026 00:00:00 GMTai-securityred-teamcloud-securityautonomous-attackllmpenetration-testinghttps://cipherwatch.io/articles/2026-04-25-crowdstrike-logscale-tenable-nessus-vulnerabilities/https://cipherwatch.io/articles/2026-04-25-crowdstrike-logscale-tenable-nessus-vulnerabilities/CrowdStrike has patched a critical SSRF vulnerability in Falcon LogScale, its SIEM and log management platform, while Tenable has addressed a privilege escalation flaw in Nessus. Security tooling vulnerabilities are among the most consequential: a compromised SIEM or vulnerability scanner has privileged visibility across the entire environment it monitors.Sat, 25 Apr 2026 00:00:00 GMTcrowdstriketenablesiemvulnerability-scannerssrfprivilege-escalationhttps://cipherwatch.io/articles/2026-04-24-cisa-kev-quest-kace-kentico-zimbra-april-2026/https://cipherwatch.io/articles/2026-04-24-cisa-kev-quest-kace-kentico-zimbra-april-2026/CISA's April 2026 KEV additions include a CVSS 10.0 unauthenticated SQL injection in Quest KACE Systems Management Appliance, active exploitation of Kentico Xperience CMS, and Zimbra Collaboration Suite vulnerabilities. Federal agencies have a May 4 remediation deadline; enterprise organisations should treat confirmed KEV additions as indicators of active attacker tooling and prioritise these systems immediately.Fri, 24 Apr 2026 00:00:00 GMTcisa-kevquest-kacezimbrakenticovulnerability-managementactively-exploitedpatch-managementhttps://cipherwatch.io/articles/2026-04-23-gentlemen-ransomware-systembc-c2-seized-gpo-deployment/https://cipherwatch.io/articles/2026-04-23-gentlemen-ransomware-systembc-c2-seized-gpo-deployment/Check Point Research's analysis of a seized SystemBC command-and-control server linked to The Gentlemen ransomware operation exposed 1,570+ victim IP addresses and documented the group's use of Group Policy Objects to deploy ransomware domain-wide. GPO-based distribution is a forensic marker that attackers achieved Domain Admin access days before encryption — defenders should treat it as an indicator of extended dwell time, not a starting point.Thu, 23 Apr 2026 00:00:00 GMTransomwarethreat-intelligencesystembcc2-infrastructuregpo-abusedetectionthreat-huntinghttps://cipherwatch.io/articles/2026-04-21-cisa-kev-april-20-papercut-teamcity-cisco-sdwan/https://cipherwatch.io/articles/2026-04-21-cisa-kev-april-20-papercut-teamcity-cisco-sdwan/CISA's April 20 Known Exploited Vulnerabilities addition is the largest single-day batch this month, confirming active exploitation across enterprise print management, CI/CD pipelines, content management, and Cisco SD-WAN infrastructure. The batch spans CVE publication years from 2023 to 2026, demonstrating that unpatched legacy vulnerabilities continue to be weaponised alongside newly disclosed flaws. Federal agencies face a BOD 22-01 remediation deadline, and private sector organisations should treat these as immediate prioritisation signals.Tue, 21 Apr 2026 00:00:00 GMTcisa-kevpapercutteamcitycisco-sdwanvulnerability-managementactively-exploitedpatch-prioritisationquest-kacekenticohttps://cipherwatch.io/articles/2026-04-17-nist-nvd-enrichment-overhaul-vulnerability-assessment/https://cipherwatch.io/articles/2026-04-17-nist-nvd-enrichment-overhaul-vulnerability-assessment/NIST has announced it will no longer enrich every CVE record in the National Vulnerability Database, shifting to a risk-based model that prioritises only the most critical submissions. With CVE volumes up 263% since 2020 and the NVD backlog now officially unresolvable, security teams that rely on NVD CVSS scores and CPE data for vulnerability prioritisation must urgently adapt their tooling and workflows.Fri, 17 Apr 2026 00:00:00 GMTnvdnistcvssvulnerability-managementcvepatch-prioritisationhttps://cipherwatch.io/articles/2026-04-13-cisa-kev-legacy-microsoft-cves-storm-1175-exploitation/https://cipherwatch.io/articles/2026-04-13-cisa-kev-legacy-microsoft-cves-storm-1175-exploitation/CISA has added seven vulnerabilities to the Known Exploited Vulnerabilities catalogue, including four Microsoft flaws spanning from 2012 to 2025 being actively leveraged by the Storm-1175 ransomware group. The additions highlight a persistent patching blind spot: vulnerabilities patched years ago that never made it into legacy system maintenance cycles, now routinely weaponised for initial access and privilege escalation.Mon, 13 Apr 2026 00:00:00 GMTcisa-kevpatch-managementstorm-1175medusamicrosoftexchangefortinetadobelegacy-vulnerabilitiesvulnerability-managementhttps://cipherwatch.io/articles/2026-04-10-cisa-cisco-sdwan-hunt-hardening-guidance/https://cipherwatch.io/articles/2026-04-10-cisa-cisco-sdwan-hunt-hardening-guidance/CISA has issued supplemental hunt-and-hardening guidance for Cisco Catalyst SD-WAN systems under Emergency Directive 26-03, providing defenders with specific indicators to look for in environments exposed to CVE-2026-20127 — a CVSS 10.0 authentication bypass exploited since 2023. Organisations running Cisco SD-WAN infrastructure should treat this guidance as a mandatory compromise assessment checklist.Fri, 10 Apr 2026 00:00:00 GMTciscosd-wancisaemergency-directivecompromise-assessmentthreat-huntingcvss-10authentication-bypasshttps://cipherwatch.io/articles/2026-04-02-march-vulnerability-prioritisation-enterprise-patch-guidance/https://cipherwatch.io/articles/2026-04-02-march-vulnerability-prioritisation-enterprise-patch-guidance/March 2026's Patch Tuesday addressed 83 vulnerabilities including three critical Office RCEs, an Active Directory privilege escalation now in CISA's KEV catalogue, and a Kerberos security feature bypass. Add three separate CISA KEV additions throughout the month — F5 BIG-IP, Citrix NetScaler, and Active Directory — and security teams are managing a substantial patching backlog entering April. This analysis cuts through the volume to identify where to focus.Thu, 02 Apr 2026 00:00:00 GMTvulnerability-managementpatch-tuesdaycisa-kevprioritisationmicrosoftenterprisehttps://cipherwatch.io/articles/2026-03-29-nist-sp800-81-3-dns-security-guidance/https://cipherwatch.io/articles/2026-03-29-nist-sp800-81-3-dns-security-guidance/NIST released an updated edition of Special Publication 800-81, its foundational guidance on securing the Domain Name System, as DNS-based attacks and abuse techniques have evolved significantly since the previous version. The new SP 800-81-3 expands coverage of DNS-over-HTTPS, DNSSEC deployment best practices, DNS-based threat detection, and resilience against cache poisoning variants. Security teams should use this revision to audit current DNS architecture against current recommendations.Sun, 29 Mar 2026 00:00:00 GMTnistdnsdnssecsp800-81dns-over-httpsdohsecurity-assessmentarchitecture-reviewdns-poisoning