PatchDayAlert
Subscribe →

Free · Wednesday mornings

The weekly digest. Straight to your inbox.

Written for sysadmins. Not security researchers. Not CISOs. You: the person who just got 12 CISA tickets assigned with zero context and is expected to triage them by lunch.

One issue, every Wednesday. The week Microsoft ships Patch Tuesday, it's in the same issue.

New subscribers get the CVE triage cheat sheet, a printable one-pager for triaging fresh CVEs, in the welcome email.

What you get

  1. 01

    Plain-English CVE summaries

    If you can't read a CVE writeup cold and know what to do, the digest is for you. No CVSS jargon dumps.

  2. 02

    Patch urgency in one line

    Patch today, patch this week, or safe to skip. Every entry. No ambiguity about what the ticket needs.

  3. 03

    Exploited-in-the-wild front and center

    CISA KEV catches things NVD-severity alone misses. Anything actively exploited gets flagged before anything else.

  4. 04

    Rare alerts when it can't wait

    Most weeks, Wednesday is soon enough. When something is actively exploited and a fix exists, you get a separate heads-up. Only when it matters, never for filler.

Latest sample issue

Jun 17, 2026 · Subject: Firefox sandbox escape + 4 high-severity patches

Firefox sandbox escape, a Dell RCE, and a Pacemaker crasher walk into your queue

Nothing's on fire, but don't sleep on this one. A Firefox/Thunderbird sandbox escape (CVE-2026-12289, CVSS 8.8) lets attackers escalate privileges through the WebRender graphics component if a user hits a malicious page or opens a crafted email. No exploitation in the wild yet, but the attack surface is huge. Four more high-severity bugs round out the day, including a Dell OpenManage RCE and a Pacemaker cluster crasher.

One item / urgency verdict

Patch this week

CVE-2026-12289

An attacker can escalate privileges through the WebRender graphics component in Firefox and Thunderbird.

Update Firefox to 152 (or ESR 140.12 / ESR 115.37) and Thunderbird to 152 (or ESR 140.12) through your package manager or Mozilla's update channel.

Read the full issue Browse archive