Tag
#kev
6 posts tagged #kev.
-
Analysis · May 22, 2026 · Colten Anderson
Your antivirus runs as SYSTEM, and that's the whole story
Two actively-exploited Defender zero-days look like 'the AV is broken.' The pattern underneath is older and more boring: the scanner has run unsandboxed as SYSTEM for a decade, and that makes it a target, not a sentinel.
-
Field Note · May 15, 2026 · Colten Anderson
A defensible software inventory you can build with the tools you already have
PowerShell, dpkg, system_profiler, Nmap, and a git repo will produce a weekly software inventory that joins cleanly against the CISA KEV catalog. Here are the parts that look right and aren't.
-
Field Note · May 15, 2026 · Colten Anderson
A 30-minute Patch Tuesday triage you can actually run
How to get from 150 CVEs to the 4-8 that change your week, using only public signals and a clock.
-
Analysis · May 14, 2026 · Colten Anderson
Does this CVE actually apply to you? Three filters before you patch
Single-score triage fails in both directions: 10.0s that don't apply, 4.3s that get exploited for 13 days. Three filters reduce the queue.
-
Analysis · May 10, 2026 · Colten Anderson
Array Networks patched in a week and forgot to build a security program
CVE-2023-28461 is a CVSS 9.8 auth bypass on an SSL VPN that Earth Kasha was already exploiting. The fix shipped fast. The disclosure infrastructure around it doesn't exist.
-
Analysis · May 8, 2026 · Colten Anderson
Your LiteLLM proxy needs to be on 1.83.10 by May 11
CISA gave a three-day deadline on a pre-auth SQL injection in LiteLLM. The patch is one version bump; the rotation work after it is the real job.