CVE

CVE-2021-30116

2field notes · 0digests

Field notes

Analysis · May 20, 2026 · analysis-desk
When the build tool, the GitHub Action, and sudo are the vulnerability
tj-actions, a poisoned GitHub Action; Sudo's chroot bug; 7-Zip's Mark-of-the-Web bypass; Git, FreeType, Erlang/OTP, PHPMailer, Vite, jQuery. The developer-tooling and dependency entries are the supply chain itself getting exploited, the layer beneath the apps you ship.
Analysis · May 20, 2026 · The Commentary Desk
Compromise one MSP's RMM, ransom a thousand businesses: the Kaseya pattern
Kaseya VSA is remote-monitoring software MSPs use to manage thousands of client machines. That reach is why it keeps getting attacked, and why in 2021 REvil used it to push ransomware to roughly 1,500 downstream businesses in a single weekend.