Steve Zurier

Drupal bug added to CISA list of known exploited vulnerabilities

• patchconfiguration-management
• vulnerability-management

Drupal bug added to CISA list of known exploited vulnerabilities

Steve Zurier May 26, 2026

Drupal SQL injection flaw CVE-2026-9082 added to CISA KEV as active attacks target sites.

Read More Read more about Drupal bug added to CISA list of known exploited vulnerabilities

Cisco patches critical 10.0 flaw in Secure Workload APIs

• patchconfiguration-management
• vulnerability-management

Cisco patches critical 10.0 flaw in Secure Workload APIs

Steve Zurier May 22, 2026

Cisco patches critical 10.0 API flaw in Secure Workload platform.

Read More Read more about Cisco patches critical 10.0 flaw in Secure Workload APIs

Senator urges classified briefing after CISA data leak on GitHub

Senator urges classified briefing after CISA data leak on GitHub

Steve Zurier May 21, 2026

A GitHub leak exposed CISA credentials, sparking concerns over secrets management and leadership.

Read More Read more about Senator urges classified briefing after CISA data leak on GitHub

New Mini Shai-Hulud attack targets npm ecosystem

• decentralized-identity-and-verifiable-credentials
• identity

New Mini Shai-Hulud attack targets npm ecosystem

Steve Zurier May 20, 2026

Mini Shai-Hulud campaign hits 323 npm packages, GitHub Actions and VS Code tools.

Read More Read more about New Mini Shai-Hulud attack targets npm ecosystem

Critical bug in F5 NGINX actively exploited

• patchconfiguration-management
• vulnerability-management

Critical bug in F5 NGINX actively exploited

Steve Zurier May 18, 2026

Experts raise concerns because NGINX runs in front of one-third of al website worldwide.

Read More Read more about Critical bug in F5 NGINX actively exploited

IBM executive floated for CISA director as concerns persist for agency

IBM executive floated for CISA director as concerns persist for agency

Steve Zurier May 18, 2026

Cybersecurity leaders warn weakened CISA could hurt AI-era defense and threat response.

Read More Read more about IBM executive floated for CISA director as concerns persist for agency

10.0 Cisco Catalyst SD-WAN Controller bug added to CISA’s KEV list

• patchconfiguration-management
• vulnerability-management

10.0 Cisco Catalyst SD-WAN Controller bug added to CISA’s KEV list

Steve Zurier May 15, 2026

Maximum-severity bug an authentication bypass flaw that’s considered the highest value target in an attacker’s playbook.

Read More Read more about 10.0 Cisco Catalyst SD-WAN Controller bug added to CISA’s KEV list

House committee chair calls on Instructure to testify in Canvas hack

• decentralized-identity-and-verifiable-credentials
• identity

House committee chair calls on Instructure to testify in Canvas hack

Steve Zurier May 13, 2026

ShinyHunters hit Canvas twice, exposing student data via XSS and identity compromise.

Read More Read more about House committee chair calls on Instructure to testify in Canvas hack

‘Mini’ Shai-Hulud attack compromises hundreds of npm, PyPI packages

• application-security
• decentralized-identity-and-verifiable-credentials
• identity
• supply-chain

‘Mini’ Shai-Hulud attack compromises hundreds of npm, PyPI packages

Steve Zurier May 12, 2026

Teams warn the latest Shai-Hulud wave weaponizes trusted OIDC tokens to bypass package integrity checks.

Read More Read more about ‘Mini’ Shai-Hulud attack compromises hundreds of npm, PyPI packages

SailPoint GitHub repo hit by third-party cyberattack

• application-security
• decentralized-identity-and-verifiable-credentials
• identity
• supply-chain

SailPoint GitHub repo hit by third-party cyberattack

Steve Zurier May 11, 2026

SailPoint says GitHub repo breach exposed no customer data or production systems.

Read More Read more about SailPoint GitHub repo hit by third-party cyberattack