On-Prem Red Team AI — engineering notes from the front line
Deep dives, comparisons and field reports on autonomous red team AI, generative pentesting, deep-packet traffic intelligence, NIS2/DORA, and how to operate them air-gapped.
- ColdFusionCVE-2026-48282Data Exfiltration
ColdFusion CVE-2026-48282: Exploited Within Hours of the Patch
Adobe shipped six CVSS 10.0 ColdFusion flaws on July 1. Within hours CVE-2026-48282 was under attack — and the file-read window before you patch is exactly what most defenders never see.
10 min read - SharePointCISA KEVRemote Code Execution
SharePoint CVE-2026-45659: Patched in May, Exploited in July
CVE-2026-45659 is an authenticated RCE in on-prem SharePoint — silently fixed in May 2026, left off the bulletin, and now actively exploited and on the CISA KEV list.
9 min read - Prompt InjectionAI IDE SecurityRemote Code Execution
Cursor DuneSlide (CVE-2026-50548/50549): Prompt Injection Is Now Remote Code Execution
DuneSlide turns two Cursor IDE sandbox flaws into zero-click RCE via prompt injection — a poisoned web result or MCP server takes over a developer's machine. What it means and how to fix it.
8 min read - Oracle E-Business SuiteCVE-2026-46817Data Exfiltration
Oracle E-Business Suite CVE-2026-46817: The Unauthenticated File Read Into Payments
CVE-2026-46817 is a CVSS 9.8 missing-authentication flaw in Oracle E-Business Suite Payments, exploited in the wild six weeks after the patch and before any public PoC — a silent data-read door.
7 min read - SimpleHelpCVE-2026-48558RMM Security
SimpleHelp CVE-2026-48558: a CVSS 10 RMM Bypass That Steals Your Cloud and AI Keys
CVE-2026-48558 is a CVSS 10.0 auth bypass in SimpleHelp RMM, exploited to plant rogue technician accounts and deploy the Djinn stealer that harvests cloud, SSH and AI credentials.
10 min read - Linux Kernel LPEContainer EscapePrivilege Escalation
pedit COW and DirtyClone: Two Linux Page-Cache LPEs and Why 'Local' Means Root in 2026
Two Linux page-cache kernel bugs — pedit COW (CVE-2026-46331) and DirtyClone (CVE-2026-43503) — turn a container foothold into root. Why local privilege escalation is the 2026 breakout.
9 min read - PTC WindchillCVE-2026-12569Manufacturing Security
PTC Windchill CVE-2026-12569: A Web Shell on Your Engineering Crown Jewels
PTC Windchill CVE-2026-12569 is a CVSS 9.8 unauthenticated RCE now in CISA's KEV. Attackers are dropping JSP web shells on the PLM systems that hold manufacturing's CAD, BOMs and intellectual property.
9 min read - Cisco Unified CMCVE-2026-20230VoIP Security
Cisco Unified CM CVE-2026-20230: Root on the Phone System Nobody Watches
Cisco patched Unified CM's SSRF flaw CVE-2026-20230 on June 3. Attackers had file-write payloads landing by June 22 and CISA added it to KEV on June 25. The catch: you can't run EDR on the appliance.
6 min read - Ubiquiti UniFiCISA KEVZero-Day
Ubiquiti UniFi CVE-2026-34908: Patching Won't Evict the Intruder
CVE-2026-34908 is a CVSS 10.0 Ubiquiti UniFi auth bypass exploited to plant rogue admin accounts. Patching by the CISA deadline closes the door — not the intruder already inside.
7 min read