Daily cybersecurity vulnerability reports, threat intelligence, and expert remediation guidance from Jordan Polasek, Founder of BVTech LLC. Real CVEs sourced from CISA KEV and NVD β analyzed for Texas businesses.
Fresh CISA KEV analysis with real remediation steps. Written personally by Jordan Polasek every Sunday β plus a mid-week supplement when the catalog gets noisy. Drawing on two decades of Texas technology experience.
A Heavy Week of KEV Additions: SharePoint, FortiSandbox, and SonicWall Under Fire β July 18, 2026 | Jordan Polasek | BVTech LLC /* BVTech v28 critical CSSβ¦
SharePoint and FortiSandbox Under Attack β July 17, 2026 | Jordan Polasek | BVTech LLC /* BVTech v28 critical CSS β inline safety net */ .header-logoβ¦
CISA added three vulnerabilities to the KEV catalog on July 16, 2026: a Microsoft SharePoint deserialization flaw (CVE-2026-58644) and two Fortinet FortiSandbox command-injection flaws (CVE-2026-25089, CVE-2026-39808) ββ¦
CVE-2026-20253 is a critical (CVSS 9.8) missing-authentication flaw in Splunk Enterprise β confirmed exploited in the wild and added to CISA's KEV list on July 15 with a three-day federal deadline. It's the first Splunk vulnerability ever on the KEV catalog. Why a hole in your security tooling is uniquely dangerous, the punishing patch-to-exploit timeline, plus this week's Cisco SD-WAN and LiteSpeed cPanel additions.
CVE-2026-20253 is a critical (CVSS 9.8) missing-authentication flaw in Splunk Enterprise β confirmed exploited in the wild and added to CISA's KEV list on April 5 with a three-day federal deadline. It's the first Splunk vulnerability ever on the KEV catalog. Why a hole in your security tooling is uniquely dangerous, the punishing patch-to-exploit timeline, plus this week's Cisco SD-WAN and LiteSpeed cPanel additions.
CVE-2026-11645 is a high-severity flaw in Chrome's V8 engine, confirmed exploited in the wild and added to CISA's KEV list on April 5 with a June 23 federal deadline. The catch most teams miss: updating Chrome doesn't protect you until you relaunch the browser. Plus the Cisco SD-WAN and Arista EOS additions from the same batch, and what a proactive setup does about a week like this.
Anthropic released its first public "Mythos-class" model β state-of-the-art, and good enough at finding software flaws that it ships with safeguards blocking high-risk cybersecurity and biology questions. The hype, the substance, and the honest answer to the only question that matters for an owner: does this actually change anything for me?
One of the defining security stories of 2026, in plain English: a month-by-month look at the year's real breaches, how artists poison their own work with Glaze and Nightshade, how websites trap rogue AI crawlers, the new agentic-AI attack surface and AI governance, and why honeypots are the best low-effort defense a small business has. Plus our new free, shareable field manual β 67 pages, no email wall.
CISA added Drupal Core CVE-2026-9082 to KEV today after exploitation began within days of the patch. The May 20 Microsoft Defender double, the May 14 Cisco Catalyst SD-WAN Controller authentication bypass (covered byβ¦
CISA added two vulnerabilities to KEV this week β Langflow (an LLM workflow builder) and Trend Micro Apex One. Jordan Polasek explains what each one means for Texas SMBs, why \
Forty-one percent of SMB cyberattacks in 2025 were AI-driven. Jordan Polasek breaks down what AI-assisted phishing actually looks like in Texas small business environments, why traditional anti-phishing training isβ¦
Jordan Polasek breaks down the Ivanti EPMM RCE (CVE-2026-6973) formally added to CISA KEV this week, the new Cisco Catalyst SD-WAN authentication bypass (CVE-2026-42897), and why eight months of weekly recaps now readβ¦
After two manic weeks at CISA, this week's KEV addition was a single Microsoft Defender access-control flaw. Jordan Polasek explains why boring weeks are good for Texas SMBs β and what to do with the spare cycles.
CISA added twelve vulnerabilities to KEV this week across two major dumps, including three Cisco Catalyst SD-WAN Manager flaws, a PaperCut auth bypass used by the Clop ransomware affiliate Lace Tempest, and theβ¦
CISA added six vulnerabilities to KEV this week β including a 14-year-old Microsoft VBA flaw and a Fortinet SQL injection being weaponized for Medusa ransomware. Jordan Polasek explains why old CVEs are still hittingβ¦
Jordan Polasek breaks down the Fortinet FortiClient EMS zero-day (CVE-2026-35616) added to CISA KEV this week, plus a second critical Ivanti EPMM flaw, and why edge devices remain the single most-targeted segment ofβ¦
Jordan Polasek breaks down three critical CVEs added to the CISA KEV catalog this week β CVE-2026-5281 (Chrome Dawn WebGPU), CVE-2026-3055 (Citrix NetScaler), and the TrueConf Client integrity flaw. Remediation stepsβ¦
Every BVTech News post is written personally by Jordan Polasek, drawing from the CISA Known Exploited Vulnerabilities catalog, the National Vulnerability Database, and two decades of Texas technology experience. No AI slop, no rewritten press releases β just actionable intelligence for small and medium businesses.
Call Jordan Polasek directly. BVTech provides emergency cybersecurity remediation for Texas businesses β same-day response across San Antonio, Houston, Austin, and the rest of the state.