SURIQCybersecurity news, analyzed for practitioners.
Vulnerability disclosures, incident reporting, and threat intelligence. Multi-source verified. From the Suriq Research Desk.
FortiSandbox Under Attack: The Box That Catches Malware Is Now the Way In
Three critical FortiSandbox flaws are under active exploitation, two unauthenticated and one patched a week ago. Why a compromised malware sandbox blinds your
Three requests, no password, a webshell: the JCE flaw hitting Joomla hosts now
Unauthenticated RCE (CVSS 10, CVE-2026-48907) in JCE, the most-installed Joomla editor. KEV-listed and exploited. Patch to 2.9.99.6 and hunt for webshells.
A Linux backdoor moved into the Windows kernel, and the detection window closes at driver load
SprySOCKS, a China-nexus Linux backdoor, now ships a Windows kernel-driver variant that hides itself from the host. Here is where defenders can still catch it.
LiteSpeed's cPanel plugin gave shared-hosting tenants root twice in 2026. CageFS didn't help.
CVE-2026-54420 and CVE-2026-48172 let shared-hosting tenants reach root through the LiteSpeed cPanel plugin. Why CageFS isolation failed and what to patch now.
Awesome Motive's WordPress CDN backdoor only fired for logged-in admins. Your scanner missed it.
OptinMonster, TrustPulse and PushEngage served a backdoor that ran only for logged-in WordPress admins, evading visitor scanners. How to scope and hunt it.
SearchLeak in Microsoft 365 Copilot: prompt injection as a new door to old bugs
SearchLeak chained prompt injection, an HTML render race, and Bing SSRF to steal Microsoft 365 Copilot data in one click. What it means for detection.
Why we built Suriq on Wazuh instead of writing our own detection engine
Suriq runs on Wazuh because a detection engine is a decade of decoders, CVE feeds, and agents you should never rebuild. Here is the reasoning behind the bet.
Ivanti Sentry's CVE-2026-10520: patch the gateway, then hunt for the breach
Ivanti Sentry CVE-2026-10520 is an unauthenticated root RCE under active attack. CISA's new 3-day patch rule applies; patched gateways were already breached.
PeopleSoft's PSEMHUB zero-day turns the patch service into the breach
CVE-2026-35273 sits in PeopleSoft's Updates Environment Management module. Mandiant ties active exploitation to ShinyHunters, with 100+ orgs already breached.
Velvet Ant's PAM-OpenSSH decade is an auth-stack blind spot, not a Linux bug
Sygnia found nine backdoored pam_unix.so variants and four trojanized OpenSSH binaries on one victim. Why auth-stack integrity is the SIEM-invisible gap.
Ready to meet the Guardians?
Deploys fast - agentless for monitoring and cloud, a lightweight agent for deep endpoint security. Just Suriq, standing watch.