// FORTIBLEED — CREDENTIAL COMPROMISE ACTIVE — JUN 2026 // CVE-2025-47981 — WINDOWS NEGOEX — CVSS 9.8 // ANGULARJS 1.7.x — CLIENT-SIDE AUTH BYPASS — CLINICAL APPS AT RISK // ENTRA ID PASSKEY ROLLOUT — URL ALLOWLIST ADVISORY PUBLISHED // FORTIBLEED — CREDENTIAL COMPROMISE ACTIVE — JUN 2026 // CVE-2025-47981 — WINDOWS NEGOEX — CVSS 9.8 // ANGULARJS 1.7.x — CLIENT-SIDE AUTH BYPASS — CLINICAL APPS AT RISK // ENTRA ID PASSKEY ROLLOUT — URL ALLOWLIST ADVISORY PUBLISHED

◈

// vulnerability research · threat intel · detection

Vulnerability research,
threat intel, and sec ops.

CVE research, threat intelligence, and security operations — written from inside the wire. The actual approach to confirming exposure, building detection tooling, and coordinating disclosure.

◈ 3 posts in this category

Sec Ops 26 Jun 2026

FortiBleed: What the June 2026 Campaign Tells Us About Internet-Facing Appliance Risk

Mass credential exfiltration from internet-exposed FortiGate management interfaces. IOC analysis and validated patch-check methodology.

8 min →

Sec Ops Coming soon

Client-Side Auth Bypass in Legacy AngularJS Clinical Applications// coming soon

How CVE-2019-10768 prototype pollution enables authorization bypass in AngularJS 1.x — and a safe demonstration methodology for developer briefings.

~11 min ·

Sec Ops Coming soon

CVE-2025-47981: Assessing Windows SPNEGO/NEGOEX Exposure Without Running Exploit Code// coming soon

CVSS 9.8, unauthenticated RCE via NEGOEX token parsing. A safe detection and exposure assessment script for security teams.

~9 min ·

Vulnerability research,threat intel, and sec ops.

FortiBleed: What the June 2026 Campaign Tells Us About Internet-Facing Appliance Risk

Client-Side Auth Bypass in Legacy AngularJS Clinical Applications// coming soon

CVE-2025-47981: Assessing Windows SPNEGO/NEGOEX Exposure Without Running Exploit Code// coming soon

Vulnerability research,
threat intel, and sec ops.