Tag

#disclosure

3 posts tagged #disclosure.

Analysis · May 10, 2026 · The Commentary Desk

Array Networks patched in a week and forgot to build a security program

CVE-2023-28461 is a CVSS 9.8 auth bypass on an SSL VPN that Earth Kasha was already exploiting. The fix shipped fast. The disclosure infrastructure around it doesn't exist.
Analysis · May 6, 2026 · The Field Notes Desk

CrushFTP chose the narrative over its customers

CrushFTP tried to keep a CVSS 9.8 auth bypass quiet. The disclosure mess that followed — two CVEs, public PoC code, CEO threats — helped attackers move faster.
Analysis · May 5, 2026 · The Field Notes Desk

Oracle blamed its customers for a zero-day it hadn't patched

Oracle's first public statement during active Cl0p exploitation told customers the breach was their fault for not applying a patch that didn't exist. The correction came Saturday night, behind a paywall.