April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More
Critical SAP, Adobe, Fortinet, and Microsoft flaws disclosed in April Patch Tuesday, enabling RCE and data theft risks.
WAFPlanet Blog
Insights, tutorials, and news about Web Application Firewalls and application security.
CSA Warns: AI Vulnerability Storm Coming After Anthropic Mythos Launch
A Cloud Security Alliance (CSA) paper warns of an "AI vulnerability storm" triggered by the introduction of Anthropic's ...
Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS
CVE-2026-35616 (CVSS 9.1) exploited since March 31, 2026, affects FortiClient EMS 7.4.5-7.4.6, enabling privilege escalation via pre-authentication API access bypass.
Thousands of Zero-Days Are About to Go Public. Is Your WAF Ready?
CVSS scores assume exploiting vulnerabilities requires human expertise. Anthropic's Mythos just produced thousands of working exploits for $2K each. Every "medium" in your backlog is now effectively a "high." Here's the data and what to do about it.
Claude Mythos Just Found Thousands of Zero-Days. Expect an Exploit Explosion.
Anthropic's Claude Mythos Preview found thousands of zero-days in every major OS and web browser, many critical, some surviving decades of human review. Project Glasswing launches with Apple, Amazon, Google, Microsoft, CrowdStrike to deploy the model defensively. But when these findings inevitably leak, expect an AI-driven wave of exploits. Time to verify your WAF is actually in place.
⚡ Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and More
Phishing surge, LinkedIn tracking claims, spyware use, and rising stealers expose growing abuse of trusted systems.
New Fortinet Flaw Allows Unauthorized Access to Enterprise Systems
Fortinet warns of a critical FortiClient EMS zero-day vulnerability that is currently being exploited, allowing attackers to ...
Cloudflare 2026 Threat Report: Attackers Shift from Breaking In to Logging In
Cloudflare's inaugural 2026 Threat Report reveals attackers are shifting from breaking in to logging in. AI lowers the barrier for sophisticated attacks, DDoS hits 31.4 Tbps, and nation-state actors pre-position inside critical infrastructure. 230 billion threats blocked daily.
Palo Alto Networks Patches DoS Bug That Lets Hackers Disable Firewalls
Palo Alto Networks patches CVE-2026-0227, a high-severity DoS flaw in PAN-OS that lets unauthenticated attackers push firewalls into maintenance mode. Nearly 6,000 devices are exposed online.
CISA Orders US Government to Patch Maximum Severity Cisco Flaw
CISA gives federal agencies three days to patch CVE-2026-20131, a CVSS 10 RCE flaw in Cisco Secure Firewall Management Center already exploited by Interlock ransomware since January.
CISA orders feds to patch max-severity Cisco flaw by Sunday
The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a maximum-severity vulnerability, CVE-2026-20131, in Cisco Secure Firewall Management Center (FMC) by Sunday,
Magento PolyShell Flaw Enables WAF Bypass and Remote Code Execution
Sansec discloses PolyShell, a critical Magento REST API flaw that lets unauthenticated attackers upload malicious files for RCE and account takeover. All versions up to 2.4.9-alpha2 are affected.