%term

Emerging Threat: (CVE-2026-53721) Nuxt Route-Rule Middleware Bypass via Case-Sensitivity Mismatch

Jun 15, 2026 By Igal Zeifman In CyCognito

CVE-2026-53721 is a route-rule middleware bypass in Nuxt, the open-source web development framework for Vue.js. It stems from a case-sensitivity mismatch between vue-router and the framework’s routeRules matcher, which lets an attacker reach a protected route by varying the casing of the request path. The vulnerability carries a CVSS v4.0 base score of 8.8 (High). Exploitation is pre-authentication and requires no user interaction.

Read Post

CyCognito

Read more about Emerging Threat: (CVE-2026-53721) Nuxt Route-Rule Middleware Bypass via Case-Sensitivity Mismatch

Emerging Threat: (CVE-2026-49975) Apache HTTP Server Denial of Service via HTTP/2 Memory Exhaustion

Jun 15, 2026 By Igal Zeifman In CyCognito

CVE-2026-49975 is a memory exhaustion vulnerability in the mod_http2 module of Apache HTTP Server that allows a remote attacker to cause a denial of service through maliciously crafted HTTP/2 requests. It is classified as CWE-789, Memory Allocation with Excessive Size Value, and was publicly disclosed as part of an attack technique nicknamed the “HTTP/2 Bomb.” The vulnerability carries a CVSS v3.1 base score of 7.5 (High).

Read Post

CyCognito

Read more about Emerging Threat: (CVE-2026-49975) Apache HTTP Server Denial of Service via HTTP/2 Memory Exhaustion

Halo Security Honored with 2026 MSP Today Product of the Year Award

Jun 2, 2026 By Halo Security

Attack Surface Management Platform Recognized for Exceptional Innovation and Successful Deployment Through The Channel.

Read Post

Read more about Halo Security Honored with 2026 MSP Today Product of the Year Award

Sedara: Inside the Attack Surface - What to Expect in Your First 30 Days

Jun 2, 2026 By Sedara In Sedara

What to Expect in Your First 30 Days: See what actually happens after deploying Attack Surface Management. In this first session of Sedara: Inside the Attack Surface, we walk through what organizations typically experience during the first 30 days of ASM deployment, from integrations and asset discovery to early detections, identity exposure, and remediation priorities. Learn how teams improve visibility, reduce exposure, and take a more proactive approach to cybersecurity.

View Video

Sedara

ASM
Security

Read more about Sedara: Inside the Attack Surface - What to Expect in Your First 30 Days

Emerging Threat: (CVE-2026-0257) PAN-OS GlobalProtect Authentication Bypass via Forged Override Cookies

Jun 1, 2026 By Igal Zeifman In CyCognito

CVE-2026-0257 is an authentication bypass vulnerability in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS software that lets a remote attacker forge an authentication override cookie and establish an unauthorized VPN connection. The vulnerability carries a CVSS base score of 7.8 (High). It is tracked under CWE-565, reliance on cookies without validation and integrity checking. Exploitation is unauthenticated and requires no user interaction.

Read Post

CyCognito

Read more about Emerging Threat: (CVE-2026-0257) PAN-OS GlobalProtect Authentication Bypass via Forged Override Cookies

IONIX Live Exposure Defense (LED) Has Shipped: Defenders Now Move at Machine Speed

May 31, 2026 By Marc Gaffan In IONIX

From CVE disclosure to exposure confirmation and mitigation in less than 12 hours – for every new CVE in your external environment. In this article.

Read Post

IONIX

Read more about IONIX Live Exposure Defense (LED) Has Shipped: Defenders Now Move at Machine Speed

EASM Buyer's Guide 2026: How to Choose the Right Solution for Your Organization

May 29, 2026 By Dominique Adams In Outpost 24

Your external attack surface is bigger than you think, and probably bigger than it was last quarter. Cloud sprawl, third-party integrations, abandoned subdomains, and shadow IT all add up to an internet-facing footprint that’s hard to track manually. External attack surface management (EASM) tools give security teams continuous visibility over that footprint, from the same vantage point an attacker would use.

Read Post

Outpost 24

Read more about EASM Buyer's Guide 2026: How to Choose the Right Solution for Your Organization

Emerging Threat: (CVE-2026-48172) LiteSpeed cPanel Plugin Privilege Escalation to Root

May 27, 2026 By Igal Zeifman In CyCognito

CVE-2026-48172 is an incorrect privilege assignment flaw in the LiteSpeed User-End cPanel Plugin that allows any authenticated cPanel user to execute arbitrary scripts as root. The bug sits in the plugin's lsws.redisAble function, which can be invoked through the standard cPanel JSON API to run code with elevated privileges instead of the calling user's own. The vulnerability carries a CVSS v4.0 base score of 10.0 (Critical).

Read Post

CyCognito

Read more about Emerging Threat: (CVE-2026-48172) LiteSpeed cPanel Plugin Privilege Escalation to Root

Emerging Threat: (CVE-2026-9256) NGINX Heap Buffer Overflow via Rewrite Module

May 27, 2026 By Igal Zeifman In CyCognito

Sample of assets impacted by NGINX nginx-poolslip vulnerability, identified by the CyCognito Platform.

Read Post

CyCognito

Read more about Emerging Threat: (CVE-2026-9256) NGINX Heap Buffer Overflow via Rewrite Module

Emerging Threat: (CVE-2026-9082) Drupal Core SQL Injection on PostgreSQL

May 24, 2026 By Igal Zeifman In CyCognito

CVE-2026-9082 is an unauthenticated SQL injection vulnerability in Drupal core's database abstraction API, in the path that handles EntityQuery conditions against PostgreSQL backends. User-controllable PHP array keys reach SQL placeholder construction without sanitization, letting a remote attacker inject arbitrary SQL by sending crafted HTTP requests to a vulnerable site. The vulnerability carries a CVSS v3.1 base score of 6.5 (Medium) per NVD.

Read Post

CyCognito

Read more about Emerging Threat: (CVE-2026-9082) Drupal Core SQL Injection on PostgreSQL

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Emerging Threat: (CVE-2026-53721) Nuxt Route-Rule Middleware Bypass via Case-Sensitivity Mismatch

Emerging Threat: (CVE-2026-49975) Apache HTTP Server Denial of Service via HTTP/2 Memory Exhaustion

Halo Security Honored with 2026 MSP Today Product of the Year Award

Sedara: Inside the Attack Surface - What to Expect in Your First 30 Days

Emerging Threat: (CVE-2026-0257) PAN-OS GlobalProtect Authentication Bypass via Forged Override Cookies

IONIX Live Exposure Defense (LED) Has Shipped: Defenders Now Move at Machine Speed

EASM Buyer's Guide 2026: How to Choose the Right Solution for Your Organization

Emerging Threat: (CVE-2026-48172) LiteSpeed cPanel Plugin Privilege Escalation to Root

Emerging Threat: (CVE-2026-9256) NGINX Heap Buffer Overflow via Rewrite Module

Emerging Threat: (CVE-2026-9082) Drupal Core SQL Injection on PostgreSQL

Monthly Archive

Follow Us