top of page

The Security Brief


CVE-2026-8451: A New NetScaler Memory Leak, Exploited Within a Day
Citrix patched a new NetScaler flaw on 30 June. Attackers were exploiting it within 24 hours. CVE-2026-8451 is a pre-authentication memory leak in the same family as CitrixBleed, the 2023 bug that fed a wave of intrusions worldwide. The gap between a vendor advisory and mass scanning is now measured in hours, not weeks. What Happened On 30 June, Citrix published bulletin CTX696604, disclosing six vulnerabilities in NetScaler ADC and NetScaler Gateway. The one drawing scrutiny
5 days ago3 min read


SharePoint RCE Under Active Attack: What CVE-2026-45659 Means for On-Premises Servers
CISA has confirmed that attackers are exploiting a remote code execution flaw in Microsoft SharePoint Server, and it has told United States federal agencies to patch by 4 July. The bug, CVE-2026-45659, carries a CVSS score of 8.8 and needs nothing more than a low-privileged account to work. For any Australian organisation still running SharePoint on-premises, that deadline is worth watching just as closely. What Happened On 1 July, CISA added CVE-2026-45659 to its Known Explo
Jul 83 min read


Cisco Unified CM Under Attack: What CVE-2026-20230 Means for Your Phone System
A patch released three weeks ago has turned into a live incident. CVE-2026-20230, a flaw in Cisco Unified Communications Manager, is now being exploited in the wild, and an attacker who pulls it off lands with root on the server running an organisation's phone system. Cisco shipped the fix on 3 June. The attacks started over the weekend of 21 to 22 June. What Happened CVE-2026-20230 is a server-side request forgery weakness in Cisco Unified Communications Manager and its Sess
Jun 263 min read
bottom of page