Tag

#silent-patching

2 posts tagged #silent-patching.

Analysis · May 8, 2026 · The Commentary Desk

Five critical Fortinet CVEs in 28 months is not a streak of bad luck

Three heap overflows, two auth bypasses, all pre-auth, all ransomware-linked. The pattern in FortiOS and FortiProxy is structural, and patching alone has not been enough to remove attacker access.
Analysis · May 5, 2026 · The Field Notes Desk

SmarterMail fixed a CVSS 10 and told no one for two months

CVE-2025-52691 is a pre-auth RCE in SmarterMail's file upload API. SmarterTools patched it silently in October 2025 with no CVE, no advisory, and release notes that said 'critical security fixes.' watchTowr found the silent fix two months later. Here's why that matters.