Patch Tuesday Analysis · May 2026 May 2026 Patch Tuesday: No Zero-Days for the First Time in 23 Months, but Three Unauthenticated 9.8 RCEs in the Queue Microsoft fixes 118 to 138 CVEs depending on methodology, including 16 critical, with no actively exploited or publicly disclosed vulnerability. First Patch Tuesday without a zero-day since June…
Executive Summary The Australian Signals Directorate (ASD) has released Azul, an open-source malware analysis platform designed for large-scale operational environments including national CERTs, government cyber teams, and large enterprise SOCs. Azul provides a structured malware repository, an automated analytical engine derived from reverse engineering workflows, and a clustering framework powered by Opensearch. The platform is…
When I talk about open-source security, I’m not talking ideology—I’m talking measurable trust. The RPM 6.0.0 release (September 22, 2025) finally gives me solid building blocks for what I expect from a modern package system: locking down the trust chain, tracing artifact provenance precisely, and handling key rotations without breaking production. Why this release changes…
On August 6, 2025, Microsoft and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) sounded the alarm on a newly disclosed high-severity vulnerability affecting Microsoft Exchange Server in hybrid deployment scenarios. Tracked as CVE-2025-53786, the flaw allows a threat actor with administrative access to an on-premises Exchange server to escalate privileges in the organization’s Exchange…
