CVE

CVE-2024-38094

3field notes · 0digests

Field notes

Analysis · May 20, 2026 · operations-desk
The attacker installed a second antivirus to crash your first one
CVE-2024-38094 is a 7.2. It requires authentication. Most teams filed it below the criticals. It was still the entry point for a two-week, full-domain compromise, and the cleanup tactic was installing rogue antivirus to make the real EDR fall over.
Analysis · May 20, 2026 · analysis-desk
Sitecore CVE-2021-42237: another .NET deserialization RCE in a CMS you forgot was internet-facing
CVE-2021-42237 is an insecure-deserialization RCE in Sitecore XP. It's the same .NET deserialization footgun that keeps showing up in enterprise web apps, on a CMS that often sits forgotten but internet-facing.
Analysis · May 20, 2026 · analysis-desk
The 2024–2026 enterprise-infra bugs, grouped by the mistake that caused them
Oracle WebLogic, SolarWinds Web Help Desk, Citrix Session Recording, Juniper ScreenOS, Outlook, VMware Aria, Brocade, Junos, and more. The recent enterprise-infrastructure entries reduce to the same familiar mechanisms, deserialization, planted credentials, document tricks, broken access control.