Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

CVE-2026-45185, nicknamed Dead.Letter, is a use-after-free vulnerability in the BDAT message body parsing path of Exim, the open-source Mail Transfer Agent that runs a large share of the internet's email servers. The flaw lives in the GnuTLS-backed TLS path, where Exim can free its internal transfer buffer during a TLS shutdown while the SMTP state machine still holds a reference to it.

May the 4th be with you. In celebration of Star Wars Day, here's what a galaxy far, far away can teach us about security. The films work surprisingly well as a case study, and not in the obvious way. It's not the lasers, androids or the lightsabers. It's that the Empire and the First Order both fall into the same trap most security programs walk into every day. In this post, we'll walk through what the films get right about modern security challenges, how AI is making them worse, and what to do about it.

CVE-2026-41940 is a pre-authentication remote authentication bypass in cPanel and WHM caused by a CRLF (Carriage Return Line Feed) injection in the login and session handling logic. An unauthenticated remote attacker can inject raw \r\n characters into a malicious basic authorization header, which cpsrvd then writes into a session file without sanitization.

CVE-2026-3854 is a command injection vulnerability in GitHub Enterprise Server. It lives in the git push pipeline. User-supplied push option values were not properly sanitized before being embedded in an internal service header. The header format used a delimiter that could also appear in user input. A crafted push option containing that delimiter let an attacker inject additional metadata fields. Downstream services treated those fields as trusted internal values.

CVE-2026-40372 is an elevation of privilege vulnerability in ASP.NET Core caused by improper verification of cryptographic signatures in the Data Protection library. The flaw sits in the HMAC validation routine of the managed authenticated encryptor, where a defective comparison lets an attacker submit a forged payload that the application accepts as legitimately signed. The vulnerability carries a CVSS v3.1 base score of 8.1 (Important), as assigned by Microsoft in the official advisory.

CVE-2026-29145 is an authentication bypass flaw in Apache Tomcat and Apache Tomcat Native affecting the CLIENT_CERT authentication path. When OCSP soft-fail is disabled, certain code paths fail to treat an OCSP check failure as a hard authentication failure, allowing a connecting client to reach protected resources without presenting a valid, revocation-checked certificate.

CVE-2026-23869 is a denial of service vulnerability in React Server Components, caused by improper handling of cyclic data structures during deserialization of incoming HTTP requests. The vulnerability resides in the React Flight protocol's server-side reply handling, specifically in the createMap, createSet, and extractIterator functions within ReactFlightReplyServer.js. The vulnerability carries a CVSS v3.1 base score of 7.5 (High). Exploitation requires no authentication and no user interaction.

A few weeks ago the world was exposed to Mythos, Anthropic's new frontier model and the Project Glasswing announcement that came with it. The reaction across the industry was immediate. Cybersecurity stocks fell sharply. The Treasury Secretary convened an emergency meeting with major bank CEOs. 250 CISOs produced a response playbook over a single weekend. That is not a typical announcement or a PR "leak". That is a reckoning. Then, about a week later, I came across MOAK.

CVE-2026-27876 is an arbitrary file write vulnerability in Grafana's sqlExpressions feature that can be chained with a Grafana Enterprise plugin to achieve remote code execution (RCE) on the underlying host. The flaw exists because Grafana's SQL expressions feature permits writing arbitrary files to the server filesystem. An attacker can exploit this to overwrite a Sqlyze driver or write an AWS data source configuration file, ultimately obtaining an SSH connection to the Grafana host.

CVE-2026-20093 is an authentication bypass vulnerability in the change password functionality of Cisco Integrated Management Controller (IMC), caused by improper input validation (CWE-20) in how the IMC XML API processes password modification requests. The vulnerability carries a CVSS v3.1 base score of 9.8 (Critical). Exploitation is fully pre-authentication and requires no privileges and no user interaction.