ENKVA #010 — CISA's BOD 26-04 rewrites the KEV patch clock
CISA published Binding Operational Directive 26-04, "Prioritizing Security Updates Based on Risk," on June 10. If you use the KEV catalog as a patch SLA,...
ENKVA #009 — June Patch Tuesday: triage the network-facing RCEs first
Microsoft shipped its June 2026 security updates on June 9. If you run Windows fleets, the headline is volume without a fire drill: the June CVRF lists 683...
ENKVA #008 — PAN-OS GlobalProtect auth bypass on KEV under active exploitation
Palo Alto Networks published advisory CVE-2026-0257, "GlobalProtect Authentication Bypass Vulnerabilities," for an authentication bypass in the GlobalProtect...
ENKVA #007 — FBI warns Kali365 PhaaS hijacks M365 tokens via device code phishing
The FBI published Public Service Announcement I-052126-PSA on May 21 warning about Kali365, a phishing-as-a-service platform first seen in April 2026 and...
ENKVA #006 — Cisco Catalyst SD-WAN auth bypass on KEV at CVSS 10.0
Cisco published advisory cisco-sa-sdwan-rpa2-v69WY2SW on May 14 at 16:00 GMT for an authentication bypass in Cisco Catalyst SD-WAN Controller (formerly...
ENKVA #005 — Netlogon and DNS Client RCEs lead May Patch Tuesday
Microsoft shipped the May 2026 security update on May 12 with 137 Microsoft CVEs. Two of them are unauthenticated network remote-code-execution flaws in...
ENKVA #004 — cPanel auth bypass on KEV with ransomware flag
CISA added CVE-2026-41940 to the Known Exploited Vulnerabilities catalog on April 30 with the knownRansomwareCampaignUse: Known flag and a remediation due...
ENKVA #003 — RMM tools back on the KEV catalog
security-vulnerabilities-01-2025" used_in: "lead — SimpleHelp advisory, fixed versions 5.5.8 / 5.4.10 / 5.3.9" - url:...
ENKVA #002 — Threat actors impersonate IT support via Teams external access, use Quick Assist to install RMM tools and exfiltrate data — restrict Quick Assist now
If your end users receive a Teams message from someone claiming to be IT support, they have no reliable way to distinguish your real helpdesk from an...
ENKVA #001 — Microsoft's April Patch Tuesday shipped 165 CVEs plus 82 third-party advisories. Five need attention this week.
Microsoft's April 2026 security release landed on the 14th with 165 Microsoft CVEs plus 82 third-party advisories bundled under the same release banner — 247...