SolarWinds Serv-U Zero-Day Exploited — Patch Now
SolarWinds Serv-U zero-day exploited via unauthenticated POST. C0XMO botnet targets DD-WRT routers. Meta AI tool hijacks 20K Instagram accounts.
Posts
Containment Decisions Under Pressure — Why Network Isolation Isn't Always Right
Containment is a trade-off, not a reflex. When network isolation is wrong, when pulling the plug destroys your case, and the decision matrix for choosing the …
Building an Incident Response Playbook from Zero
A practical template for writing an incident response playbook from scratch — what to include, how to map it to NIST 800-61, roles and RACI, comms templates, …
Cisco SD-WAN Zero-Day CVE-2026-20245 — Exploited, No Patch
CVE-2026-20245 gives root on Cisco SD-WAN with no patch available. Plus IronWorm hits 36 npm packages and Five Eyes warns on Chinese recruiter ops.
Malware Triage in 5 Minutes — A First-Responder Checklist
A first-responder malware triage checklist — what to do in the first 5 minutes of finding a suspicious binary. Static-vs-dynamic decision tree, hashing, …
Cisco Unified CM PoC Exploit — Critical Root Access Flaw
Cisco Unified CM critical flaw with public PoC exploit code. Plus CISA warns on fuel tank ATG attacks and Miasma npm supply chain compromise hits 32 packag.
The NIST 800-61 Incident Response Lifecycle — Plain English
NIST SP 800-61 Rev. 2 explained in plain English — the four-phase incident response lifecycle, what each phase actually means in practice, and the mistakes that …
HTTP/2 Bomb DoS Hits Every Major Web Server Stack
HTTP/2 Bomb DoS exploits default configs on NGINX, Apache, IIS, and Envoy. Plus Acer Wave 7 CVSS 10.0 zero-days and a VS Code GitHub token stealer.
Memory Forensics with Volatility 3 — A Practical First Walkthrough
Memory forensics with Volatility 3 — capture, profile selection, pslist, malfind, netscan, hivelist, and a 30-minute first-investigation walkthrough.
EXIF Metadata in Digital Forensics: How Hidden Image Data Cracks Cases
EXIF metadata for forensic examiners — GPS coordinates, camera serial, software signature, real-case examples, and how attackers strip it.