CVE-2026-20230: Unauthenticated Critical SSRF and Root Privilege Escalation on Cisco

Introduction Enterprise voice and video communication infrastructures rely heavily on Cisco Unified Communications Manager (Unified CM / CUCM) as a core asset within modern corporate network architectures. Because these unified communications platforms handle sensitive proprietary data, orchestrate internal routing, and connect disparate branch offices, they represent highly attractive targets for sophisticated threat actors looking to establish a persistent foothold. Disclosed by Cisco PSIRT in

CVE-2026-33825 (BlueHammer) – Microsoft Defender Privilege Escalation Vulnerability

CVE-2026-33825 (BlueHammer) – MIcrosoft Defender PrIvIlege EscalatIon VulnerabIlIty

Introduction To achieve the highest level of privileges within an operating system, cyber threat actors frequently target the OS kernel or security software running with full system administrative rights. Discovered under the moniker “BlueHammer,” CVE-2026-33825 is a high-severity vulnerability that directly targets Windows’ native security mechanism, Microsoft Defender. Added by CISA to its Known Exploited Vulnerabilities (KEV) catalog due to evidence of active real-world exploitation, this

Exploitation of Ivanti Sentry – OS Command Injection CVE-2026-10520

ExploItatIon of IvantI Sentry - OS Command InjectIon CVE-2026-10520

Introduction Edge gateways that secure and route mobile traffic to back-end corporate networks are primary targets for threat actors due to their perimeter placement. In June 2026, Ivanti released a critical security advisory addressing a pre-authentication OS Command Injection vulnerability in Ivanti Sentry (formerly MobileIron Sentry), tracked as CVE-2026-10520 with a maximum CVSS score of 10.0. This vulnerability allows remote, unauthenticated