n8n RCE Hits CISA KEV: 24,700 Automation Instances Still Exposed

March 12, 2026March 12, 2026 ~ larshilse ~ Leave a comment

So after the Apple iOS zero-days landing on CISA's KEV catalog yesterday this shit is the first news of the morning, Haven't even washed my coffee cup (I really rarely do) — when CISA dropped another KEV addition that made me slam my espresso cup down hard enough to slosh the thing. n8n. The workflow … Continue reading n8n RCE Hits CISA KEV: 24,700 Automation Instances Still Exposed

Cisco SD-WAN CVE-2026-20122: Mass Exploitation, Patch or Die

March 9, 2026March 9, 2026 ~ larshilse ~ Leave a comment

I had literally just wrapped up the Android zero-day write-up — another "patch your damn devices, yes right now" piece — and before I could finish my fourth coffee of the morning, Cisco drops the confirmation that two more vulnerabilities in Catalyst SD-WAN Manager are being actively exploited in the wild. Mass exploitation. Web shells … Continue reading Cisco SD-WAN CVE-2026-20122: Mass Exploitation, Patch or Die

Cisco SD-WAN CVSS 10.0 Zero-Day: Your Network’s Been Open Since 2023

February 27, 2026February 27, 2026 ~ larshilse ~ Leave a comment

Oh, for fuck's sake. Here we go again. So Cisco drops a zero-day advisory last week — CVE-2026-20127, CVSS score of 10.0. That's a perfect score, for those keeping track at home. A clean, beautiful, maximum-severity authentication bypass in the Cisco Catalyst SD-WAN Controller (that's the thing formerly known as vSmart, because Cisco loves renaming … Continue reading Cisco SD-WAN CVSS 10.0 Zero-Day: Your Network’s Been Open Since 2023