Start with what matters now.
Track the current KEV landscape, jump into the newest year, and read analysis that explains why certain vendors and products keep getting hit.
GrapheneOS: A Hardened Android for High-Risk Users
Android zero-days in the CISA KEV catalog show that mobile devices are prime targets for sophisticated threat actors. GrapheneOS is a hardened Android distribution built for users who cannot afford to be compromised — journalists, activists, lawyers, and anyone facing a serious personal threat model.
Latest from 2026
CVE-2026-10520
Ivanti Sentry — Pre-Auth OS Command Injection via Unauthenticated MICS Configuration Endpoint
CVSS 10CVE-2026-20182
Cisco Catalyst SD-WAN — Unauthenticated Remote Auth Bypass via vdaemon DTLS vHub Device-Type Confusion
CVSS 10CVE-2026-20131
Cisco Secure Firewall Management Center (FMC) — Unauthenticated Remote Code Execution via Java Deserialization
CVSS 10CVE-2026-20127
Cisco Catalyst SD-WAN — CVSS 10.0 Peering Authentication Bypass Enabling Fabric-Wide NETCONF Access, Exploited by UAT-8616 Since 2023
CVSS 10CVE-2026-22769
Dell RP4VMs — Hard-coded Tomcat admin credentials allow unauthenticated root access; exploited by PRC-nexus UNC6201
CVSS 10CVE-2026-35273
Oracle PeopleSoft Enterprise PeopleTools — Pre-Auth SSRF/RCE via Unauthenticated PSEMHUB Endpoint, Exploited by ShinyHunters
CVSS 9.8Browse by year
More reporting and context
Attacking the Defenders: The Persistent Pattern of AV and EDR Products in CISA KEV
18 KEV entries across Microsoft Defender, Trend Micro Apex One/OfficeScan, McAfee, and Sophos from 2019 to 2026 reveal three recurring attack patterns: exploit the scan engine, compromise the management console, and blind-then-escalate. The structural reasons keep repeating.
📰 Defense GuideUpgrade to OpenSSH 10.3 on Client and Server for Post-Quantum SSH
Upgrade-focused SSH post-quantum rollout guide targeting OpenSSH 10.3 on both client and server.
📰 Defense GuideSSH Keys and Jump Servers: A Beginner's Guide to Doing It Right
Copying your private SSH key onto a jump server is a common mistake that turns any local privilege escalation — like CVE-2026-31431 — into a full breach of every host behind it. This guide explains what SSH keys are, why your private key must never leave the machine that generated it, and how to connect through a jump server without putting your key at risk.
📰 Defense GuideHardening the Linux Kernel: Defense in Depth Against Privilege Escalation
Copy Fail demonstrated that Linux kernel privilege escalation flaws can sit undetected for nearly a decade. The Kernel Self Protection Project provides a systematic hardening baseline that raises the cost of exploitation across entire vulnerability classes — not just individual CVEs.
📰 EducationLandmark CVEs: Seventeen Vulnerabilities That Defined a Decade of Security
From Shellshock to MOVEit, seventeen named vulnerabilities tell the same story over and over: a forgotten service, a trusted dependency, a perimeter device, or a broken authentication assumption becomes the way in. This is a guide for anyone new to cybersecurity who wants to understand what real attacks look like and why they keep succeeding.
📰 Threat ClusterThe WAN Control Plane as a Target: Cisco SD-WAN and the UAT-8616 Campaign (2023–2026)
Five CVEs across two exploitation waves — a CVSS 10.0 zero-day active since 2023, a re-weaponised four-year-old privilege escalation, and a three-CVE zero-credential-to-admin chain added with a three-day CISA deadline — document an adversary with protocol-level knowledge of Cisco SD-WAN systematically compromising enterprise WAN management planes.
📰 Threat ClusterZimbra's Persistent XSS Problem: Nation-State Actors and the Classic UI (2022–2026)
Seven Zimbra XSS CVEs across four years — all hitting the same Classic UI HTML sanitizer — exploited by Greek, Belarusian, Russian, Vietnamese, and Pakistani nation-state actors for email intelligence collection. Why the vulnerability keeps recurring, and what the exploitation pattern reveals about webmail as intelligence infrastructure.
📰 Threat ClusterWhy Ivanti EPMM and EPM Became a Persistent Exploitation Target (2023–2026)
Seventeen Ivanti CVEs across EPMM, EPM, EPM CSA, and Sentry — plus sustained parallel exploitation in Fortinet FortiClient EMS and LANSCOPE endpoint management platforms — show a management-plane attack pattern spanning six years.