Identity Exposure Management: Risks and Response

Start with the path that carries risk. Security teams need a clear view of access risk. Stolen tokens and excessive privileges turn legitimate access into an attack route. Identity risk becomes urgent when one exposed account opens a path across critical systems. Identity exposure management is t...

What 45 Days of Watching Your Own Tools Will Tell You About Your Real Attack Surface

In Your Biggest Security Risk Isn't Malware — It's What You Already Trust , we made a simple argument: the most dangerous activity inside most organizations no longer looks like an attack. It looks like administration. PowerShell, WMIC, netsh, Certutil, MSBuild — the same trusted utilities your I...

l4ki-TooL

TCP Port Scanner A simple Python tool that scans TCP ports on...

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm in the key generation. An attacker can compromise the confidentiality of generated cryptographic keys by exploiting weak or predictable key material. Remediation A fix was pushed into the...

CVE-2026-5588

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix. The PKIX draft CompositeVerifier implementation improperly accepts an empty signature sequence as a valid cryptographic signature. This issue allows a remote attacker to bypass signature verification mechanisms, potentially...

CVE-2026-32959

SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a use of a broken or risky cryptographic algorithm. Information in the traffic may be retrieved via man-in-the-middle attack...

UBUNTU-CVE-2026-5588

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all pkix modules, Legion of the Bouncy Castle Inc. BCPKIX-FIPS bcpkix on All pkix modules, Legion of the Bouncy Castle Inc. BCPIX-LTS bcpkix on All pkix modules. This vulnerability...

CVE-2026-5588

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all pkix modules, Legion of the Bouncy Castle Inc. BCPKIX-FIPS bcpkix on All pkix modules, Legion of the Bouncy Castle Inc. BCPIX-LTS bcpkix on All pkix modules. This vulnerability...

PT-2026-33031

Name of the Vulnerable Software and Affected Versions BC-JAVA versions 1.49 through 1.83 BCPKIX-FIPS versions 2.0.6 through 2.0.10 BCPKIX-FIPS versions 2.1.7 through 2.1.10 Description The PKIX draft CompositeVerifier accepts an empty signature sequence as valid. This issue is associated with the...

EUVD-2026-19482

A vulnerability has been found in Meesho Online Shopping App up to 27.3 on Android. Affected is an unknown function of the file /api/endpoint of the component com.meesho.supply. Such manipulation leads to risky cryptographic algorithm. The attack may be performed from remote. The attack requires ...

CVE-2026-5682 Meesho Online Shopping App com.meesho.supply endpoint risky encryption

A vulnerability has been found in Meesho Online Shopping App up to 27.3 on Android. Affected is an unknown function of the file /api/endpoint of the component com.meesho.supply. Such manipulation leads to risky cryptographic algorithm. The attack may be performed from remote. The attack requires ...

CVE-2026-5682

CVE-2026-5682 affects Meesho Online Shopping App (Android) in the com.meesho.supply component, specifically an unknown function in /api/endpoint. The issue arises from manipulation that leads to a risky cryptographic algorithm. Attack surface is remote, with high complexity required for exploitat...

Use of a Cryptographic Primitive with a Risky Implementation

Overview Affected versions of this package are vulnerable to Use of a Cryptographic Primitive with a Risky Implementation in the HelloChrome120, HelloChrome120PQ, HelloChrome131 and HelloChrome133 symbols due to inconsistent ciphersuite selection between the outer ClientHello and ECH for GREASE...

CVE-2026-2618

A vulnerability was determined in Beetel 777VR1 up to 01.00.09. This impacts an unknown function of the component SSH Service. This manipulation causes risky cryptographic algorithm. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The...

CVE-2026-20137 Risky Commands Safeguards Bypass through preloaded Data Models due to Path Traversal vulnerability in Splunk Enterprise

In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below 10.1.2507.0, 10.0.2503.9, 9.3.2411.112, and 9.3.2408.122, a low-privileged user who does not hold the "admin" or "power" Splunk roles could bypass the SPL safeguards for risky...

CVE-2026-2618

A vulnerability was determined in Beetel 777VR1 up to 01.00.09. This impacts an unknown function of the component SSH Service. This manipulation causes risky cryptographic algorithm. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The...

CVE-2026-2618

Beetel 777VR1 SSH Service is affected. Across connected sources, the vulnerability impacts Beetel 777VR1 versions prior to 01.00.10, stemming from the SSH Service component and involving the use of risky cryptographic algorithms. This vulnerability is described as remotely exploitable with high a...

CVE-2026-2618 Beetel 777VR1 SSH Service risky encryption

A vulnerability was determined in Beetel 777VR1 up to 01.00.09. This impacts an unknown function of the component SSH Service. This manipulation causes risky cryptographic algorithm. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The...

CVE-2026-2618 Beetel 777VR1 SSH Service risky encryption

A vulnerability was determined in Beetel 777VR1 up to 01.00.09. This impacts an unknown function of the component SSH Service. This manipulation causes risky cryptographic algorithm. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The...

PT-2026-20336

Name of the Vulnerable Software and Affected Versions Beetel 777VR1 versions prior to 01.00.10 Description A security issue exists in the SSH Service component of Beetel 777VR1. The issue involves the use of risky cryptographic algorithms and is potentially exploitable remotely. The exploitabilit...