SURIQActive exploitation
Vulnerabilities under attack right now: CISA KEV additions, in-the-wild exploitation, and what to patch first.
Your Splunk box runs a database sidecar you never configured. Attackers use it for root.
CVE-2026-20253 is an unauthenticated RCE in Splunk Enterprise 10.x via a bundled PostgreSQL sidecar. On CISA KEV, exploited now. Patch to 10.0.7 or 10.2.4.
Cisco called this SD-WAN flaw medium. Attackers used it to take root on your WAN.
CVE-2026-20262 is an actively exploited Cisco SD-WAN Manager flaw that escalates a low-privilege login to root. Federal patch deadline is June 29, and why 6.5
FortiSandbox Under Attack: The Box That Catches Malware Is Now the Way In
Three critical FortiSandbox flaws are under active exploitation, two unauthenticated and one patched a week ago. Why a compromised malware sandbox blinds your
Three requests, no password, a webshell: the JCE flaw hitting Joomla hosts now
Unauthenticated RCE (CVSS 10, CVE-2026-48907) in JCE, the most-installed Joomla editor. KEV-listed and exploited. Patch to 2.9.99.6 and hunt for webshells.
LiteSpeed's cPanel plugin gave shared-hosting tenants root twice in 2026. CageFS didn't help.
CVE-2026-54420 and CVE-2026-48172 let shared-hosting tenants reach root through the LiteSpeed cPanel plugin. Why CageFS isolation failed and what to patch now.
Ivanti Sentry's CVE-2026-10520: patch the gateway, then hunt for the breach
Ivanti Sentry CVE-2026-10520 is an unauthenticated root RCE under active attack. CISA's new 3-day patch rule applies; patched gateways were already breached.
Ready to meet the Guardians?
Deploys fast - agentless for monitoring and cloud, a lightweight agent for deep endpoint security. Just Suriq, standing watch.