// security intelligence

Security Research & Blog

In-depth CVE analysis, Zero Trust architecture guides, and threat intelligence written for defenders, architects, and anyone serious about security.

Showing 8 articles
Featured
CVE-2025
-53770
ToolShell
// Critical — CVSS 9.8 — Zero-Day — Active Exploitation

ToolShell: Unauthenticated SharePoint RCE That Shook Governments Worldwide

CVE-2025-53770 chains an authentication bypass (CVE-2025-53771) with unsafe deserialization to grant unauthenticated attackers full remote code execution on Microsoft SharePoint Server 2016, 2019, and Subscription Edition. Active exploitation began mid-July 2025 and rapidly compromised government, finance, healthcare, and energy organizations globally.

Critical RCE Auth Bypass Jul 2025 • 12 min read
All Articles
P > D + R
Architecture SANS SEC530 Mar 2026
P > D + R: Time-Based Security and the Architecture of Effective Defense

If it takes longer to detect and respond than your protection holds, effective security is impossible — the attacker just takes the safe home. SANS SEC530's time-based security model reframes security as a race against the clock and shows why detection velocity and response automation are as critical as prevention.

P > D + R Read more
CVE-2026-20127
Critical Auth Bypass Feb 2026
Cisco SD-WAN Zero-Day: Phantom Peer Operated Undetected for Three Years

CVE-2026-20127 (CVSS 10.0) — an authentication bypass in Cisco Catalyst SD-WAN's peering mechanism allowed state-sponsored UAT-8616 to inject a rogue peer into enterprise network fabric and silently monitor traffic since at least 2023. CISA Emergency Directive 26-03 issued.

CVSS 10.0 Read more
CVE-2026-22769
Critical RCE Feb 2026
Dell RecoverPoint: Hard-Coded Credentials Give Attackers Root Access

CVE-2026-22769 (CVSS 10.0) — hard-coded Tomcat admin credentials in Dell RecoverPoint for VMs enabled China-linked UNC6201 to silently deploy root web shells and GRIMBOLT malware across enterprise backup infrastructure for nearly two years.

CVSS 10.0 Read more
CVE-2026-20700
High Code Exec Feb 2026
Apple dyld Zero-Day: Memory Corruption Exploited Across All Apple Platforms

CVE-2026-20700 — a memory corruption flaw in Apple's dyld dynamic linker — was chained with two WebKit zero-days in an "extremely sophisticated" state-sponsored attack campaign targeting high-value individuals on iOS, macOS, watchOS, and tvOS.

CVSS 7.8 Read more
CVE-2026-2441
High RCE Feb 2026
Chrome Zero-Day: CSS Use-After-Free Enables Sandboxed RCE in the Wild

CVE-2026-2441 is the first actively exploited Chrome zero-day of 2026 — a use-after-free in the CSS CSSFontFeatureValuesMap allows a remote attacker to execute arbitrary code in Chrome's renderer sandbox by simply visiting a malicious webpage.

CVSS 8.8 Read more
CVE-2025-55182
Critical RCE Dec 2025
React2Shell: CVSS 10.0 Pre-Auth RCE Targeting 165,000+ Servers

CVE-2025-55182 is the most severe web framework vulnerability of 2025 — a CVSS 10.0 pre-authentication remote code execution flaw in React Server Components affecting Next.js, Remix, and other RSC-powered applications.

CVSS 10.0 Read more
CVE-2025-32463
High Privilege Escalation Jul 2025
Sudo Chroot Privilege Escalation: Any Local User to Root

CVE-2025-32463 exploits a subtle NSS module loading flaw in sudo's chroot feature, allowing low-privileged local users to escalate to root on virtually any Linux system running sudo 1.9.14 through 1.9.17.

CVSS 9.3 Read more
🔒
Architecture Zero Trust Jan 2025
Zero Trust Across Every OSI Layer: A Security Engineer's Field Guide

The OSI model gives us seven distinct planes of defense. This guide applies Zero Trust principles to each layer, from physical port lockdowns to application-level API auth.

Architecture Read more
// Architecture Deep Dive

Zero Trust Across the OSI Model: Security in Every Layer

Architecture Zero Trust January 2025 • By Boney Warikozi

The OSI model provides a fundamental blueprint for network communication — from physical devices to application software. For security engineers, implementing Zero Trust means eliminating any assumption of inherent trust. Every request, packet, and session must be continuously verified and validated.

Physical & Data Link (L1–L2): The Forgotten Perimeter

Zero Trust begins at the physical layer. Access restrictions, biometric controls, and tamper-evident hardware prevent unauthorized individuals from touching infrastructure. At the data link layer, IEEE 802.1X port-based authentication ensures that only authorized endpoints can attach to switch ports. VLAN segmentation isolates device groups, making lateral movement expensive for attackers who breach one segment.

Network Layer (L3): Microsegment Everything

Zero Trust at L3 mandates per-packet verification. Microsegmentation carves the network into fine-grained zones, so an attacker who compromises one workload cannot freely reach another. Next-generation firewalls perform deep packet inspection. IDS/IPS systems flag anomalous traffic in real time. Software-defined networking enables dynamic policy enforcement that adapts to threat signals.

Transport Layer (L4): Encrypt & Authenticate In-Transit

Mutual TLS (mTLS) replaces one-way trust with bidirectional certificate validation — clients prove who they are, servers prove who they are, and every session is encrypted end-to-end. TLS 1.3 eliminates weak cipher suites and removes risky renegotiation features. Certificate transparency logs provide auditable proof of certificate issuance.

Session, Presentation & Application (L5–L7): Trust Nothing, Verify Everything

Short-lived sessions with continuous re-authentication prevent token hijacking. Behavioral analytics flag session anomalies — logins from unusual geos, access at odd hours, or excessive data transfers. At the application layer, Zero Trust means OAuth 2.0 scopes, strict API gateway policies, content security policies, and rigorous input sanitization. Every user action is logged, every API call is rate-limited and authenticated.

✓ Key Takeaway

Zero Trust is not a product you deploy — it's a philosophy you architect. Applying it at every OSI layer creates defense-in-depth where a breach at one layer does not cascade into a catastrophic compromise across the entire network.