Vendors
Windows, Exchange, Outlook, Azure, and the patch cycle.
Vulnerabilities and patches across Windows, Exchange Server, Outlook, Active Directory, and Azure — including Patch Tuesday triage and zero-days under active exploitation.
IOS XE, ASA, and edge-device exploitation.
Vulnerabilities in Cisco IOS XE, ASA, and other network infrastructure — the gear that, when compromised, hands attackers the keys to entire networks.
Connect Secure, Policy Secure, and VPN appliance flaws.
Coverage of Ivanti Connect Secure, Policy Secure, and related edge VPN appliance vulnerabilities — a recurring target for nation-state and ransomware actors alike.
NetScaler ADC, Gateway, and session-hijack flaws.
Citrix NetScaler ADC and Gateway vulnerabilities, including session-hijacking flaws like Citrix Bleed that bypass MFA entirely.
Confluence, Jira, and collaboration-suite exploitation.
Vulnerabilities in Atlassian Confluence, Jira, and Bitbucket — frequent ransomware-precursor targets due to the sensitive internal documentation they host.
PAN-OS, GlobalProtect, and firewall zero-days.
PAN-OS and GlobalProtect vulnerabilities affecting Palo Alto Networks firewalls — perimeter devices where a single command-injection flaw can mean full network compromise.
FortiOS, FortiGate, and FortiProxy perimeter flaws.
Vulnerabilities in FortiOS, FortiGate, and FortiProxy — the firewall and SSL-VPN appliances that sit at the network edge, making a single auth-bypass or overflow bug a direct path to full network compromise.
BIG-IP and iControl REST management-plane flaws.
Vulnerabilities in F5 BIG-IP's iControl REST and TMUI management interfaces — application-delivery controllers whose compromise typically hands attackers control of the load-balanced traffic behind them.
vCenter, ESXi, and Spring Framework RCE flaws.
Vulnerabilities in VMware vCenter Server, ESXi, and the Spring Framework VMware stewards — virtualization and application infrastructure whose compromise can mean full control of an organization's entire virtual estate.
WinRAR archive-handling and path-traversal flaws.
Vulnerabilities in RARLAB's WinRAR, the ubiquitous Windows archive utility — bugs here are attractive to attackers because a single malicious archive can compromise any of WinRAR's hundreds of millions of installs.
Email Security Gateway appliance flaws.
Vulnerabilities in Barracuda Networks' Email Security Gateway appliances — internet-facing mail-scanning devices that, once compromised, gave attackers a foothold that in one case survived even after patching.
GitLab CE/EE RCE and access-control flaws.
Vulnerabilities in GitLab Community and Enterprise Edition — the DevOps platform that, when compromised, can expose an organization's entire source code history and CI/CD pipeline secrets.
Log4j and other Apache Software Foundation project flaws.
Vulnerabilities in Apache Software Foundation projects — most notably Log4j, the ubiquitous Java logging library whose Log4Shell flaw became one of the most widely exploited vulnerabilities in internet history.