Olivia
Online
PatchDayAlert
@patchdayalert
Weekly CVE triage & patch urgency for sysadmins | Exploited-in-wild first →
Joined May 2026
259 Following
52 Followers
78 Posts
Pinned Tweet
If you run IT or security ops, this is for you:
PatchDay Alert is a concise daily CVE digest with clear actions, not vendor fluff.
Subscribe here:
https://t.co/skT6QckbGu
A US directive pulled Claude Fable 5 four days after launch for being too good at finding bugs. The takeaway for your patch queue: severity stopped being the question. How fast someone can weaponize the fix is.
https://t.co/PME7YL6q9O
Scattered Spider didn't need a zero-day. They used a decade-old Intel driver Windows still loads to reach the kernel and patch out your EDR. CVE-2015-2291, BYOVD, and the defenses you can turn on right now. https://t.co/ubqpWZ0Dq1
RobbinHood ransomware shipped a signed GIGABYTE driver to turn off Windows' own security checks, then loaded its unsigned malware from the kernel. Four CVEs explain how it happened. https://t.co/WDzlwosmMw
Patching CVE-2022-40684 won't save you. This Fortinet auth bypass let attackers plant admin accounts before the fix. If your FortiOS, FortiProxy, or FortiSwitchManager got hit, you need forensics, not just patches. https://t.co/ycLJtTsUOZ
That 'test connection' button in your FortiGate just handed your LDAP credentials to an attacker. CVE-2018-13374 shows why diagnostic features that transmit stored secrets are a design trap. https://t.co/EJqZP4P09p
Unauthenticated SQL injection in FortiClient EMS that runs OS commands as SYSTEM. No auth needed. CISA KEV. Here's how to check your environment and patch it. https://t.co/ET04MzTLXd
SolarWinds Serv-U DoS got a CISA KEV listing in 48 hours. A 7.5 isn't usually urgent, so why the speed? The answer matters for how you triage your queue. https://t.co/6LArSJeMwu
CERT-CC says CVE-2026-41089 is exploited in the wild. Microsoft says it isn't. Either way, pre-auth RCE on every domain controller goes to the top of your queue. Here's why the disagreement doesn't matter. https://t.co/VdCHxTzKrG
Your patch triage meeting is too long and too pointless. Here's how to run it in 15 minutes with actual decisions instead of arguments. https://t.co/5VlAvTsYP3
A third of last year's CVEs hit High or Critical. But only a few percent ever get exploited. Your patch queue treats CVSS like a crystal ball. It isn't. Here's why that costs you 43 days on confirmed exploits. https://t.co/avOGnuUBKf
Three CVEs, one name, only one story worth your time. VS Code marketplace, 3,800 GitHub repos, 18 minutes. The delivery channel nobody was watching. https://t.co/3ZRWNoK9Vi
CVE-2026-0257 is a GlobalProtect auth bypass with a KEV deadline that's passed. But your patch urgency hinges on one config setting, not your PAN-OS version. Here's what actually matters. https://t.co/UGZSwiaQrD
Microsoft just quietly closed another identity loophole. Two Entra Conditional Access changes in two weeks, and they're signaling something bigger. Your org may have exemptions you forgot you set up. https://t.co/illM3UbU7X
Solid breakdown on SeBackupPrivilege – classic for post-initial-access. In production, we've layered this with AppLocker + tight privilege auditing to catch enumeration early. Detection tip: watch for unexpected SAM/SYSTEM hive access via Sysmon Event ID 4656/4663. Seen this in any recent IRs?
@BleepinComputer Thanks for the alert – Veeam is core for so many DR setups. Immediate steps we're taking: isolate backup networks further + review exposed management ports. Anyone already tested the hotfix in a lab? Curious about impact on immutable backups specifically.
@The_Cyber_News Critical one for us endpoint folks - V8 issues hit hard in managed Chrome environments. We've been pushing auto-updates via GPO/Intune + blocking outdated versions. Quick check: anyone scripting a fleet-wide chrome://version report yet? Saves chasing stragglers.
Thanks for the heads-up; nftables is everywhere now. Quick tip for fellow sysadmins: if you can't patch immediately, consider dropping to iptables legacy or isolating affected systems. We also script a quick uname -r check across fleet weekly. Anyone running Debian/Ubuntu seeing this pop in vuln scans yet?
Tool sprawl is always the silent killer. In my environments, we standardized on 2-3 core platforms max and used native logging + free tiers (e.g., ELK or built-in EDR) for the rest. Cut alert fatigue dramatically. Curious what 'basic features' you see most orgs actually using from those megasuites?
AWS buried two SageMaker SDK bugs on its own bulletins page. No CVE IDs. No CISA KEV list. Patching is your job, not theirs. This visibility gap is the real problem. https://t.co/6cH8STVkTY
Magento shops running Mirasvit Cache Warmer: CVE-2026-45247 is live RCE, no auth needed, already under attack. CISA deadline is Saturday. Patch now, not later. https://t.co/zklPlSsucI
Last Seen Users on Sotwe
TS SUCI AURA|SHEMALE TOP||Ladyboy JKT
Seen from Indonesia
ilhamgottt111
Seen from Japan
𝓜𝓪𝓻𝔂 🌸 Ö𝓩𝓢𝓔𝓡 📌 Ö𝔃𝓰𝓮 & 𝓢𝓮𝓻𝓴𝓪𝓷 🌸
Seen from Turkey
.
Seen from Turkey
ÇITIR KIZLARIN İÇERİKLERİ
Little Asians
Seen from Indonesia
Awek melayu belen
pria solo
Seen from Indonesia
S4bleng_nade
Seen from Indonesia
𓂀 𝕄𝕠𝕕𝕖𝕝 𝕘𝕚𝕣𝕝 𓂀
Seen from India
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.9M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.3M followers
Taylor Swift
@taylorswift13
81.1M followers
Lady Gaga
@ladygaga
72.6M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.3M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.7M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62M followers
CNN
@cnn
61.9M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.4M followers