// FORTIBLEED — CREDENTIAL COMPROMISE ACTIVE — JUN 2026 // CVE-2025-47981 — WINDOWS NEGOEX — CVSS 9.8 // ANGULARJS 1.7.x — CLIENT-SIDE AUTH BYPASS — CLINICAL APPS AT RISK // ENTRA ID PASSKEY ROLLOUT — URL ALLOWLIST ADVISORY PUBLISHED // FORTIBLEED — CREDENTIAL COMPROMISE ACTIVE — JUN 2026 // CVE-2025-47981 — WINDOWS NEGOEX — CVSS 9.8 // ANGULARJS 1.7.x — CLIENT-SIDE AUTH BYPASS — CLINICAL APPS AT RISK // ENTRA ID PASSKEY ROLLOUT — URL ALLOWLIST ADVISORY PUBLISHED

◈

// vulnerability research & coordinated disclosure

Original CVE research
and validation methodology.

Not just 'here's the CVE' — the actual approach to confirming exposure, building safe detection tooling, and coordinating disclosure. Written for practitioners who need answers before the patch window opens.

// 3 posts in this category

CVE Research 26 Jun 2026

FortiBleed: What the June 2026 Campaign Tells Us About Internet-Facing Appliance Risk

Mass credential exfiltration from internet-exposed FortiGate management interfaces. IOC analysis and a validated patch-check methodology.

8 min →

CVE Research Coming soon

Client-Side Auth Bypass in Legacy AngularJS Clinical Applications// coming soon

How CVE-2019-10768 prototype pollution enables authorization bypass in AngularJS 1.x — and a safe demonstration methodology for developer briefings.

~11 min ·

CVE Research Coming soon

CVE-2025-47981: Assessing Windows SPNEGO/NEGOEX Exposure Without Running Exploit Code// coming soon

CVSS 9.8, unauthenticated RCE via NEGOEX token parsing. A safe detection and exposure assessment script for security teams.

~9 min ·

Original CVE researchand validation methodology.

FortiBleed: What the June 2026 Campaign Tells Us About Internet-Facing Appliance Risk

Client-Side Auth Bypass in Legacy AngularJS Clinical Applications// coming soon

CVE-2025-47981: Assessing Windows SPNEGO/NEGOEX Exposure Without Running Exploit Code// coming soon

Original CVE research
and validation methodology.