> infrastructure security
for people who build things

Tracking vulnerabilities, supply chain attacks, and threat intelligence that matters to engineers running real infrastructure.

vulnerabilities 2026-04-01 Critical
F5 BIG-IP APM Flaw Silently Upgraded from DoS to RCE — Now Actively Exploited
A five-month-old F5 BIG-IP APM bug just got reclassified from denial-of-service to pre-auth RCE. Attackers didn't wait for the memo.
f5 big-ip rce cisa-kev network-appliance cve-2025-53521
vulnerabilities 2026-04-01 High
Chrome Zero-Day CVE-2026-5281: WebGPU Use-After-Free Under Active Exploitation
Google patches fourth Chrome zero-day of 2026 — a use-after-free in the Dawn WebGPU implementation that enables arbitrary code execution via crafted HTML pages.
chrome zero-day webgpu cve-2026-5281 use-after-free google browser-security
vulnerabilities 2026-04-01 Critical
CVE-2026-20127: Cisco SD-WAN Zero-Day Exploited for Three Years Before Disclosure
UAT-8616 abused a CVSS 10.0 auth bypass in Cisco Catalyst SD-WAN Controller and Manager since 2023, inserting rogue control-plane peers and escalating to root via a deliberate version-downgrade chain. Cisco disclosed in late February.
cisco sd-wan authentication-bypass zero-day uat-8616 cvss-10 network-security privilege-escalation
supply-chain 2026-03-31 Critical
Axios npm Hijacked: Compromised Maintainer Account Drops Cross-Platform RAT in 100M-Download Package
DPRK-linked UNC1069 compromised the axios npm maintainer's account and published two backdoored versions that deployed the WAVESHAPER.V2 RAT to macOS, Windows, and Linux — present in ~80% of cloud environments.
npm supply-chain rat north-korea waveshaper unc1069 javascript nodejs
vulnerabilities 2026-03-31 Critical
CVE-2026-3055: NetScaler SAML IDP Memory Overread Is Under Active Recon — Patch Before April 2
Attackers are actively probing Citrix NetScaler ADC/Gateway for CVE-2026-3055, a CVSS 9.3 memory overread that can leak session tokens from SAML IDP-configured appliances. CISA deadline is April 2.
citrix netscaler saml cve-2026-3055 memory-disclosure session-hijacking cisa-kev
vulnerabilities 2026-03-31 Critical
Cisco FMC Zero-Day Exploited by Interlock Ransomware for 36 Days Before Disclosure
CVE-2026-20131 scores a perfect CVSS 10.0. Interlock ransomware had 36 days of free rein before Cisco went public.
cisco zero-day ransomware network-appliances cve
supply-chain 2026-03-30 Critical
CanisterWorm and GlassWorm: Two Independent Supply Chain Attacks Using Blockchain as C2
Both attacks use blockchain infrastructure — ICP and Solana respectively — as command-and-control channels. Trivy itself was compromised.
supply-chain blockchain trivy npm rust-crates c2
vulnerabilities 2026-03-29 High
CrackArmor: Nine AppArmor Flaws Enable Container Escape on Debian, Ubuntu, and SUSE
Every Kubernetes node running these distros is potentially exposed. Root escalation from within containers confirmed.
apparmor containers kubernetes linux container-escape
analysis 2026-03-28 High
Three Chrome Zero-Days Patched in March Alone — What's Driving the Surge
Google patched three actively exploited Chrome zero-days this month. The browser attack surface is expanding faster than it's being hardened.
chrome zero-day browser-security google

> infrastructure securityfor people who build things

> infrastructure security
for people who build things