Daily Ramblings
Cyber Pulse: Technical Threat Deep Dives on Active CVEs — Ghost CMS SQL Injection Weaponized for ClickFix Poisoning
Intro CVE-2026-26980 has moved from disclosure to active mass exploitation, with attackers compromising more than 700 Ghost CMS websites and weaponizing trusted domains to distribute ClickFix-style malware lures. Security researchers observed attackers abusing the flaw to steal Ghost Admin API keys and inject malicious JavaScript into legitimate articles across universities, developer blogs, AI-related platforms, and…
Cyber Pulse: Technical Threat Deep Dives on Active CVEs — MiniPlasma and the Re-Emergence of CVE-2020-17103
Intro An active exploit targeting CVE-2020-17103 has resurfaced against fully updated Windows 11 systems, raising serious concerns about incomplete remediation or regression within the Windows Cloud Filter driver. Researchers report that the original Google Project Zero proof-of-concept from 2020 still functions against patched production systems as of May 2026. CVE Context The vulnerability impacts Microsoft…
Cyber Pulse: Technical Threat Deep Dives on Active CVEs — Remote Code Execution via PHP-CGI Argument Injection
Intro A critical 0-day vulnerability has been identified in Ivanti Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core. Tracked as CVE-2026-6973, this Improper Input Validation flaw allows a remotely authenticated attacker with administrative privileges to bypass security boundaries and achieve full Remote Code Execution (RCE). Given Ivanti’s historical footprint in enterprise environments, this vulnerability…
Cyber Pulse: Technical Threat Deep Dives on Active CVEs — TP-Link Command Injection Failure Analysis
Intro Exploitation attempts for CVE-2023-33538 have surged following its addition to the CISA KEV catalog. While early telemetry suggested high failure rates due to poorly constructed payloads, the risk remains severe. This vulnerability represents a critical failure in input sanitization, allowing authenticated attackers to achieve full remote code execution (RCE) and integrate legacy hardware into…
Cyber Pulse: Technical Threat Deep Dives on Active CVEs — Fortinet EMS RCE Under Active Exploitation
Intro CVE-2026-35616 is actively being exploited in the wild. Fortinet has issued an emergency hotfix for FortiClient EMS after confirming unauthenticated remote code execution via crafted requests. This is a live-fire situation on exposed EMS servers. CVE Context – Products & versions affected: FortiClient EMS 7.4.5 and 7.4.6- Disclosure timeline: Published April 3, 2026; active…
Something went wrong. Please refresh the page and/or try again.
Ramblings of a CyberSecurity Nerd 