How real attackers operate, and what to do about it.
Built from data we observe across our customers and the public threat landscape. Each piece walks the attacker's decision tree end-to-end: what they're doing right now, why it works, and the concrete steps a defender takes this week to break it. Verifiable security.
Threat actors do not exploit one vulnerability. They compose a sequence: get in, read secrets, move sideways, take control. A program that tests one CVE at a time never sees the chain. Here is how we turn each day's published threat intelligence into composed, multi-step detection chains, with this week's Cisco Catalyst SD-WAN Manager double-CVE controller takeover, CVE-2026-20182 and CVE-2026-20262, as the worked example.
An edge appliance ships with a self-signed certificate so it can boot before you provision it. If you never finish provisioning, that certificate stays on the public internet, and its private key is shared across every unit of the product line. Here is why a factory default certificate is a default-credential problem in disguise, grounded in CWE-1392 and CWE-295, how to spot it, and the one provisioning step that closes it.
On a shared host, the boundary between two tenants is the file system, and the file system trusts a symlink. A privileged plugin follows a link a low-privileged tenant planted, then acts on the other side of the jail. Grounded in CVE-2026-54420 (CVSS 8.5, CWE-61), the LiteSpeed cPanel plugin symlink-following flaw that escalates a web shell to root on CloudLinux and CageFS shared hosting, here is the link-following decision tree and the contract that ends the class.
Most security tooling optimizes for recall: catch everything, sort it out later. We optimize for the opposite. A finding ships only if a human can reproduce the underlying fact off the wire at verification time. Here are the four tests every candidate must pass before we sign it, and why a scanner that calls everything critical is worse than no scanner at all.
A CVE is a backlog item until the moment it lands on the CISA Known Exploited Vulnerabilities catalog. Then it is an emergency with a deadline, sometimes measured in days. Mid-June 2026 put three edge-and-hosting CVEs on the KEV list inside one week, each with a short remediation window. Here is how the KEV clock should drive your prioritization, and how to act inside the window.
The defining SaaS breach pattern of 2026 is not a cracked password and not a phish. It is a stolen third-party-integration OAuth token that skips your login, never triggers MFA, and pivots across your connected platforms. Here is how integration-token theft works, why your login alerts stay quiet, and how to audit your connected-app surface with evidence.
Your read endpoints are authorization-hardened. Your DELETE route is one line of code nobody tenant-scoped, and a single request erases every tenant's sources, agents, and assessments at once. Destructive operations are routinely under-gated relative to reads. Here is the decision tree from finding the destructive endpoint to platform-wide destruction, grounded in CVE-2026-53469, and the class test that covers every write and delete route.
The token's signature is valid. The agent verifies it and proceeds. But it never checks that the token's source_id claim matches the resource the caller asked for, so a tenant with a perfectly valid token of its own reads and rewrites another tenant's object. Here is the JWT claim-binding decision tree, grounded in CVE-2026-53471 against the kubev2v migration-planner, and the contract that ends the class.
The main application authenticates every request. A PostgreSQL helper process bundled alongside it listens on the network and authenticates nothing. Truncate the right file, a config, a license, an audit log, and a weird endpoint becomes an integrity and availability compromise. Grounded in CVE-2026-20253 (CVSS 9.8), the unauthenticated file create and truncate in Splunk's PostgreSQL sidecar. Here is the trust-boundary decision tree your front-door scanner never walks.
OWASP's State of Agentic AI names the lethal trifecta: untrusted input, access to private data, and the ability to act or exfiltrate. When one agent holds all three, no prompt filter saves you. Here is why the fix is an architecture boundary, not a smarter guardrail, and the controls that break the chain.
A migration agent installed to manage infrastructure hardcodes an insecure TLS configuration when it connects to vCenter. An adjacent-network attacker intercepts the session and harvests vCenter admin credentials. CVE-2026-53475 (CVSS 9.3, CWE-295) is the anchor. Here is the attacker decision tree, why version scanners miss it, and the fix that ends the class.
A serverless platform hands tenants a builder and a router so they can ship functions without touching the cluster. The moment either is reachable without authentication, or accepts an unvalidated pod spec, the convenience becomes the breach: deploy a pod, reach the node, lift the service-account token, own the cluster. Grounded in the Fission RCE pair CVE-2026-50545 and CVE-2026-50563 (CVSS 9.9) and the unauthenticated-router invocation CVE-2026-46614.
You run untrusted code inside a sandbox and trust the boundary. CI jobs, AI tool-execution, multi-tenant build runners: all of it leans on the assumption that the box holds. A sandbox or micro-VM escape collapses that assumption and the host runs the attacker's code. Here is the escape decision tree, grounded in CVE-2026-46695 (Boxlite, CVSS 10.0) and the runc and cgroups escapes before it, and the defense-in-depth that ends the class.
A team stands up a low-code LLM app builder for a prototype, leaves the UI and API reachable, and forgets it. That instance holds the model-provider keys, the database credentials, and the tools the agent can call. CVE-2026-46442 (CVSS 9.9) turns Flowise into authenticated remote code execution through the custom-function node. Here is the decision tree from a discovered builder to host compromise, and the boundary that ends it.
A WordPress plugin ships a frontend AJAX endpoint that skips the capability check and trusts the client-supplied Content-Type. An unauthenticated visitor uploads what they want, or self-registers as an administrator. CVE-2026-9067 and CVE-2025-6254 are this week's reminders that the per-plugin CVE churn never ends, but the underlying class is one repeatable test. Here is the decision tree, and the control that closes the whole family.
A framework's own templating is trusted as safe. Then attacker-influenced text reaches the template compiler and edit your profile bio becomes code execution on the app server. Server-side template injection recurs across every framework, from Jinja2 sandbox escapes to OGNL remote code execution to modern HEEx-style HTML templating. Here is the decision tree from a template-rendered sink to RCE, why a CVE-by-CVE scanner lags a class test, and the fix that ends the class.
Your ops and monitoring tooling holds every tenant's server inventory, configs, and the SSH credentials it uses to reach them. When its object-level authorization is the weakest link, a scoped guest account reads and rewrites another tenant's data with no exploit at all. Here is the cross-tenant BOLA decision tree in ops tooling, grounded in CVE-2026-45550, CVE-2026-45552, and CVE-2026-45563 against Roxy-WI, and the contract that ends the class.
A product ships with a fixed JWT signing key baked into its source, image, or binary. Anyone who pulls the artifact mints valid tokens and walks in as anyone. CVE-2026-48031 set the secret to the literal string random. Here is the attacker decision tree, why runtime scanners never see it, and the fix that ends the class.
A developer wraps untrusted input in a quoting helper they believe neutralizes the shell, then hands the result to a command. But the helper has a bypass, or was never applied to the path that re-parses the string back into argv. The input arrives at the shell as a flag or an operator, and a trusted dependency executes attacker commands. Atril (CVE-2026-46529), Dulwich (CVE-2026-42563), and Gogs (CVE-2026-52806) all shipped this class in 2026. Here is the attacker decision tree and the dependency-aware test that finds it.
A time-of-check to time-of-use window in a privileged service is a quiet primitive: win the race and a low-privilege account is handed SYSTEM. CVE-2026-47281 is the clean specimen. Here is the decision tree from a local foothold to full host control, why a banner-matching scanner misses it, and the fix that closes the window.
A record-setting Patch Tuesday buried the one fix that actually mattered: an Exchange zero-day already exploited in the wild. Here is how to read a giant patch batch for the vulnerabilities that change your risk this week, the decision tree behind the Exchange flaw, and the prioritization that beats patching by CVSS alone.
The remote-access gateway is the front door to the building, and CVE-2026-50751 lets an attacker walk through it without a password. An IKEv1 authentication bypass on a Check Point edge appliance is a pre-auth pivot into the internal network. Here is the attacker decision tree, and why a single-request probe misses it.
A misused pull_request_target workflow runs a fork's untrusted code with the repository's own secrets, and that single trust mistake poisoned 172 packages (CVE-2026-45321). Here is the decision tree from an opened pull request to credential theft and supply-chain compromise, and the workflow contract that ends the class.
The rug-pull was the symptom. The class behind it is an MCP server that invokes tools for a caller it never authenticated. CVE-2026-33032 is one CVE old. The official SDK ships DNS-rebinding protection off by default. Here is the decision tree from an exposed MCP server to unauthenticated tool execution, and the auth boundary that ends it.
Your IAM policy is correct. Your namespace RBAC is correct. And an attacker with a scoped foothold in one tenant still reads another tenant's data. Isolation fails at the runtime trust boundary your static cloud-posture scanner cannot see. Here is the cross-tenant read decision tree, grounded in CVE-2024-7646 and CVE-2024-9594, and the contract that ends the class.
The cyber-extortion economy runs on commodity tooling: TamperedChef's reused signing certs, ROADtools' Azure AD recon, the copy_file_range Linux LPE (CVE-2026-31431). None of it is exotic. All of it is instrumentable. Here is the detection decision tree defenders should wire up, signal by signal.
A cluster of PAN-OS and GlobalProtect CVEs landed this quarter, CVE-2026-0227 through CVE-2026-0265, with one captive-portal zero-day (CVE-2026-0300) already exploited in the wild. The common thread is an exposed management plane. Here is the attacker decision tree from an exposed mgmt interface to config and credential access, and the re-audit that closes it.
A SAML assertion is signed XML. The signature covers a digest of the document, but which bytes are the document? When the canonicalizer and the signature verifier disagree, an attacker injects a forged assertion the verifier validates and the application trusts. CVE-2024-45409 turned ruby-saml into exactly that. Here is the attacker decision tree from an altered assertion to any authenticated session, and the assertion-binding fix.
A developer accepts an extension auto-update. Buried in the bundle is a credential stealer that walks .npmrc, .git-credentials, the AWS profile and SSH keys, then phones home. CVE-2026-48027 turned the Nx Console extension into initial access for an entire CI estate. Here is the attacker decision tree from one malicious install to GitHub, cloud, and pipeline compromise.
CitrixBleed taught the world to read NetScaler memory. CVE-2026-4368 is the quieter sibling: a race-condition session mixup on the edge appliance that hands one user another user's authenticated session, and a probe that checks a banner or fires a single request misses it entirely. Here is the decision tree from an unauthenticated request to an internal pivot.
Commodity scanners stop at single-issue depth. Real operators don't. They cross a business-logic primitive into a cloud-admin primitive over five, six, seven steps. MOVEit (CVE-2023-34362) and Confluence (CVE-2023-22515) showed the world that the deep chain is the breach. Here is the attacker decision tree, and why your scanner never sees it.
Mandiant's M-Trends 2026 reports the median initial-access-to-handoff time has collapsed from eight hours to twenty-two seconds. The fastest observed lateral move took four minutes. If your detection pipeline runs on hourly batches, you are watching a movie of an attacker who already left.
Five new alg-confusion CVEs landed in Q1 2026 alone, rated CVSS 8.2 to 9.1, with working PoCs on day one. The pattern is fifteen years old. The libraries that ship with it are everywhere. Here is the attacker decision tree, and the one-line validation rule that ends the class.
OAuth's state parameter is the protocol's CSRF token. Most teams treat it as boilerplate, copy a sample value, and ship. Attackers know this. We walk the four-step exploit, the recent in-the-wild campaigns, and the validation contract that closes it permanently.
SSRF into the instance metadata service is the dominant 2025-2026 cloud-side initial-access pattern. We walk the attacker's decision tree from a benign-looking image upload to keys-of-the-kingdom IAM credentials, and the seven configuration changes that cut the class in one sprint.
Mandiant says mean time-to-exploit has gone negative: attackers now weaponise vulnerabilities before vendors patch. Quarterly pentests cannot keep up. Here is what a continuous, signed, replayable validation loop looks like at sixty-second cadence, and the operational changes it forces.
One piece every two weeks. Attacker-decision-first, defender-action-driven, sourced against public threat data. No vendor noise, no upsell letters. Proof beats promises.
One email every two weeks. Unsubscribe in one click. We do not share your address.
CELVEX Group