Tag

#perimeter-security

3 posts tagged #perimeter-security.

Analysis · Jun 16, 2026 · Colten Anderson

Sophos has seven CISA KEV entries. Five hit the same management interface.

The User Portal and Webadmin surface runs through SQL injection, buffer overflow, authentication bypass, and code injection across five years. Chinese state actors exploited several of them as zero-days, and the exploitation often started before Sophos knew about the bugs.
Analysis · May 11, 2026 · Colten Anderson

Cisco is now telling you the patch doesn't clean the box

Cisco's April 23 PSIRT advisory says the ArcaneDoor implant survives upgrading to the September 2025 fixes for CVE-2025-20333 and CVE-2025-20362. Reimage, do not patch.
Analysis · May 8, 2026 · Colten Anderson

Five critical Fortinet CVEs in 28 months is not a streak of bad luck

Three heap overflows, two auth bypasses, all pre-auth, all ransomware-linked. The pattern in FortiOS and FortiProxy is structural, and patching alone has not been enough to remove attacker access.