Tag

#secure-by-design

2 posts tagged #secure-by-design.

Analysis · May 17, 2026 · Colten Anderson

Three CitrixBleeds in 30 months is not a streak, it is a code surface

CVE-2026-3055 is the third pre-auth memory disclosure in NetScaler's authentication stack in 30 months. Citrix says they are unrelated. The endpoints, the class, and the exploitation tempo say otherwise.
Analysis · May 8, 2026 · Colten Anderson

Ivanti Connect Secure: the perimeter that keeps breaking

Five KEV-listed Ivanti Connect Secure bugs in fifteen months, all ransomware-tagged, all on the unauthenticated path. The pledge bought goodwill. The code did not change.