Background  Palo Alto Networks GlobalProtect is widely used by enterprises to provide secure remote access to internal systems and applications. Because VPN gateways often sit at the edge of corporate networks, vulnerabilities […] The post Palo Alto Networks GlobalProtect Authentication Bypass: What Security Teams Should Know About CVE-2026-0257  appeared first on Ridge Security ... Read More

Background  Drupal powers millions of websites worldwide, including government portals, financial platforms, media outlets, and enterprise CMS deployments. On May 20, 2026, the Drupal Security Team published SA-CORE-2026-004, disclosing a highly critical SQL […] The post Anonymous PostgreSQL Injection in Drupal Core (CVE-2026-9082)  appeared first on Ridge Security ... Read More

Cisco recently disclosed several critical vulnerabilities in Catalyst SD-WAN Manager, some of which are actively being exploited in the wild. As a result, CISA has added these flaws (CVE-2026-20128, CVE-2026-20133, and CVE-2026-20122) […] The post Exploited Vulnerabilities in Cisco Catalyst SD-WAN Manager  appeared first on Ridge Security ... Read More

SmarterTools recently confirmed that the Warlock (aka Storm-2603) ransomware group breached its network by exploiting an unpatched SmarterMail instance via CVE-2026-24423. The incident underscores a growing security concern: several SmarterMail vulnerabilities listed in CISA’s Known […] The post SmarterMail Security Alert: Multiple CVEs Actively Exploited in the Wild  appeared first on Ridge Security ... Read More

Background  Gogs Path Traversal and Remote Code Execution is a critical vulnerability affecting the self-hosted Git service Gogs (Go Git Service) versions 0.13.3 and earlier. First observed in active exploitation in mid-2025, the flaw was […] The post Is Your Git Service Safe? How a Gogs Path Traversal Vulnerability Enables Remote Code Execution (CVE‑2025‑8110)  appeared first on ... Read More