Tag

#memory-safety

3 posts tagged #memory-safety.

Analysis · May 8, 2026 · The Commentary Desk

Five critical Fortinet CVEs in 28 months is not a streak of bad luck

Three heap overflows, two auth bypasses, all pre-auth, all ransomware-linked. The pattern in FortiOS and FortiProxy is structural, and patching alone has not been enough to remove attacker access.
Analysis · May 8, 2026 · The Commentary Desk

Ivanti Connect Secure: the perimeter that keeps breaking

Five KEV-listed Ivanti Connect Secure bugs in fifteen months, all ransomware-tagged, all on the unauthenticated path. The pledge bought goodwill. The code did not change.
Analysis · May 6, 2026 · The Field Notes Desk

Citrix shipped CitrixBleed again

Citrix shipped the same pre-auth memory disclosure bug class it patched in 2023. Same binary, same attack surface, same session token leakage. Its own post-patch guidance still doesn't invalidate the tokens attackers actually steal.