Resources
Recent public security alerts, in plain language, plus guidance on the technology decisions that matter for mission-driven organizations.
Recent public security alerts worth knowing about
A plain-language roundup of alerts from the FBI/IC3 and CISA over the last several months. We track these so the organizations we serve don’t have to. Each card links to the official source.
May 2026
“Kali365” phishing kit hijacks Microsoft 365, no password needed
A phishing-as-a-service kit abuses Microsoft’s device-code sign-in to steal access tokens and walk past MFA. The FBI urges blocking device-code flow in Entra ID and using phishing-resistant MFA.
Read the alert CISAApril 20, 2026
Eight actively-exploited vulnerabilities added to CISA’s catalog
CISA flagged eight vulnerabilities being exploited in the wild. If any of your software is on the list, patch it promptly.
Read the alert CISAApril 6, 2026
New actively-exploited vulnerability flagged by CISA
CISA added a vulnerability with confirmed active exploitation to its Known Exploited Vulnerabilities catalog.
Read the alert CISAMarch 20, 2026
Five actively-exploited vulnerabilities added to CISA’s catalog
Five more flaws confirmed as exploited in the wild. Worth checking your systems and updates against the list.
Read the alert CISAFebruary 3, 2026
SolarWinds, GitLab, and FreePBX flaws under active attack
CISA added four exploited vulnerabilities, including issues in SolarWinds Web Help Desk, GitLab, and Sangoma FreePBX. Patch promptly if you run these.
Read the alert CISAJanuary 7, 2026
Two actively-exploited vulnerabilities added to CISA’s catalog
CISA confirmed two more vulnerabilities being exploited in the wild and added them to its catalog.
Read the alertSources: FBI IC3 and the CISA Known Exploited Vulnerabilities catalog. This roundup is updated periodically; it is not a complete list of every advisory.