Tag

#KEV

2 posts tagged #KEV.

Analysis · May 8, 2026 · The Commentary Desk

Five critical Fortinet CVEs in 28 months is not a streak of bad luck

Three heap overflows, two auth bypasses, all pre-auth, all ransomware-linked. The pattern in FortiOS and FortiProxy is structural, and patching alone has not been enough to remove attacker access.
Analysis · May 6, 2026 · The Field Notes Desk

CrushFTP chose the narrative over its customers

CrushFTP tried to keep a CVSS 9.8 auth bypass quiet. The disclosure mess that followed — two CVEs, public PoC code, CEO threats — helped attackers move faster.