Founder DoGood Founder LaptopReturn.com
May 4, 2026
•
2 min read
Four CVEs hit KEV last week. All four were exploited before disclosure. cPanel had a two-month silent zero-day window.
May 1, 2026
3 min read
A 13-year-old Apache ActiveMQ RCE found with AI. A Marimo flaw weaponized within 10 hours. The CVE clock just broke.
Apr 29, 2026
Four network members rationalized four different categories in one week. Then ServiceNow closed Armis.
Apr 27, 2026
ShinyHunters' ADT deadline hits today. Bitwarden CLI poisoned on npm. SimpleHelp flagged by CISA.
Apr 24, 2026
NIST just stopped enriching most CVEs. KEV is the new priority signal. Plus: two Defender zero-days unpatched.
Apr 22, 2026
Cloud observability is the #1 new buying category across the network. Q2 rate is 3.7x Q1.
Apr 17, 2026
Microsoft buried two zero-click RCEs in its second-largest Patch Tuesday ever. Plus: Cisco ISE hits 9.9.
Apr 15, 2026
1 in 4 IT leader priorities mention AI. The shift: from adoption to governance and control.
Apr 10, 2026
6 min read
APT28 hijacked 18,000 routers across 120 countries to spoof Outlook logins. Plus: a FortiClient EMS zero-day.
Apr 8, 2026
Incumbent dissatisfaction has doubled since December. Across the network, renewals are no longer renewals.
Apr 6, 2026
React2Shell harvests cloud secrets at scale. Cisco IMC opens admin access. CISA's AI deadline lands Wednesday.
Apr 3, 2026
5 min read
North Korea backdoored the most popular JavaScript HTTP library. Plus: Oracle, Citrix, and Chrome zero-days.
Apr 1, 2026
DLP, DSPM, and data classification are surging across the network. Two months ago, identity held this spot.
Mar 30, 2026
F5 reclassified a 5-month-old flaw as full RCE. Plus: supply chain attacks widen, and AI agents need identity governance.
Mar 27, 2026
4 min read
Interlock ransomware owned Cisco FMC for over a month before anyone noticed. Plus: a California city goes dark, and Teams becomes a vishing weapon.
Mar 25, 2026
1 in 5 member priorities this month reference AI — and the gap everyone's trying to close is visibility.
Mar 23, 2026
Stryker's 80K-device wipe, a backdoored vulnerability scanner, and 400 Salesforce orgs breached. Your week ahead.
Mar 20, 2026
The real story isn't the CVE. It's what the disclosure timeline tells you about your detection assumptions.
Mar 13, 2026
7 min read
Plus: FortiGate configs are handing attackers your AD keys. Office Preview Pane executes code without a click.
Mar 6, 2026
Plus: 40% of breaches required no authentication. Your Google Calendar is a C2 channel.
Feb 27, 2026
Plus: BeyondTrust's second critical RCE in a year. CISA at 38% capacity.
Feb 20, 2026
Plus: Copilot turns attack vector. Chrome's first zero-day of 2026.
Feb 13, 2026
Plus: First malicious Outlook add-in. Apple's first zero-day of 2026.
Jan 30, 2026
Fortinet disabled cloud SSO, an Office zero-day bypassed warnings, and 72M consumer records hit the dark web.
Jan 23, 2026
Plus: AI assistants leaking data and why hiring just became an identity risk.
