πŸ“ž (210) 538-3669
βœ‰ [email protected]
US FlagEN Mexico FlagES
Free Consultation
Home β€Ί News

πŸ“° BVTech News β€” Cybersecurity Intelligence

Daily cybersecurity vulnerability reports, threat intelligence, and expert remediation guidance from Jordan Polasek, Founder of BVTech LLC. Real CVEs sourced from CISA KEV and NVD β€” analyzed for Texas businesses.

πŸ›‘οΈ Weekly Threat Intelligence β€” Now in its ninth edition

This Week in Cybersecurity

Fresh CISA KEV analysis with real remediation steps. Written personally by Jordan Polasek every Sunday β€” plus a mid-week supplement when the catalog gets noisy. Drawing on 13+ years of Texas MSP experience.

πŸ”΄ POSTED TODAY Β· MID-WEEK INTEL May 25, 2026 Β· 10 min read Β· Jordan Polasek

Drupal SQL Injection, Microsoft Defender Double, Cisco SD-WAN Emergency Directive 26-03

CISA added Drupal Core CVE-2026-9082 to KEV this morning β€” active exploitation within days of the patch. Plus last Wednesday's Microsoft Defender double (CVE-2026-41091 + CVE-2026-45498) and the Cisco Catalyst SD-WAN Controller Emergency Directive 26-03 from May 14. Three urgent items in one week.

CVE-2026-9082 CVE-2026-41091 CVE-2026-20182 Drupal Defender ED 26-03
Read Jordan's Full Analysis β†’
SUNDAY RECAP Β· AI STACK May 24, 2026 Β· 9 min read

Langflow and Trend Micro Apex One: When the AI Stack Becomes the Attack Surface

Two CVEs added to CISA KEV β€” Langflow (LLM workflow builder) and Trend Micro Apex One. Why "AI tooling" is now real attack surface, and how to inventory LLM and security-product dependencies for the rest of 2026.

CVE-2025-34291CVE-2026-34926LLM Security
DEEP DIVE May 17, 2026 Β· 11 min read

AI-Driven Phishing Hits 41% of SMB Attacks β€” What Texas Businesses Should Actually Change

Voice cloning, perfect business English, vendor impersonation that references real ongoing matters. The 2018 anti-phishing training playbook does not work in 2026 β€” here are the four concrete changes that still do.

AI PhishingDMARCBEC Defense
CVE RECAP May 10, 2026 Β· 8 min read

Ivanti EPMM Hits KEV (Again), Cisco Catalyst SD-WAN Auth Bypass β€” Edge Perimeter Patterns Continue

CVE-2026-6973 formally lands on KEV. CVE-2026-42897 is patched but the PoC is loose. Eight months of weekly recaps and the perimeter story has not changed β€” here is why, and what to actually do about it.

CVE-2026-6973Ivanti EPMMCisco SD-WAN
QUIET WEEK May 3, 2026 Β· 7 min read

Microsoft Defender CVE-2026-33825 and Supply-Chain Hardening for Texas SMBs

After two manic weeks at CISA, just one KEV add this time around. Use the spare bandwidth for what most SMBs never do: vendor security posture review and a real MFA audit. The checklist is here.

CVE-2026-33825Microsoft DefenderVendor Audit
12 CVEs Β· ACTIVE April 26, 2026 Β· 10 min read

Eight Vulnerabilities in One Day: Cisco Catalyst SD-WAN Manager Triple, PaperCut, JetBrains, SimpleHelp

Twelve CVEs across two CISA KEV updates in one week, three of them a Cisco SD-WAN Manager critical-triple with a three-day federal deadline. Plus PaperCut ransomware (Lace Tempest / Clop) and the SimpleHelp pair Akira is running against MSPs.

CVE-2026-20122PaperCutSimpleHelpAkira
VINTAGE CVE April 19, 2026 Β· 9 min read

When 14-Year-Old CVEs Come Back: Microsoft VBA, Fortinet SQLi, Medusa Ransomware

CISA added six CVEs to KEV β€” including a 2012 Microsoft VBA flaw and a Fortinet SQL injection (CVE-2026-21643) that Storm-1175 is using to deploy Medusa ransomware. Technical debt is security debt that eventually comes due.

CVE-2012-1854CVE-2026-21643Medusa Ransomware
ZERO-DAY April 12, 2026 Β· 8 min read

Fortinet FortiClient EMS Zero-Day (CVE-2026-35616), Ivanti EPMM, and the Edge-Device Problem

A Fortinet pre-authentication API bypass with a three-day federal deadline, plus the Shadowserver early warning on Ivanti EPMM. Why 22% of breaches in 2025 came through edge appliances and what Texas SMBs should do about it.

CVE-2026-35616Fortinet EMSEdge Devices
CVE RECAP April 5, 2026 Β· 7 min read

Critical Vulnerabilities: Chrome Dawn WebGPU, Citrix NetScaler SAML, TrueConf Client β€” Patch Now

Three critical CVEs that opened our weekly recap cadence β€” CVE-2026-5281 (Chrome), CVE-2026-3055 (Citrix NetScaler), and the TrueConf integrity flaw. Step-by-step remediation for each.

CVE-2026-5281CVE-2026-3055Chrome / Citrix
BVTech News cybersecurity vulnerability intelligence β€” Jordan Polasek Texas MSP
How BVTech News Works

Real Intelligence, Real Remediation

Every BVTech News post is written personally by Jordan Polasek, drawing from the CISA Known Exploited Vulnerabilities catalog, the National Vulnerability Database, and 13+ years of Texas MSP experience. No AI slop, no rewritten press releases β€” just actionable intelligence for small and medium businesses.

  • βœ“Sourced from CISA KEV β€” authoritative list of actively exploited vulnerabilities
  • βœ“NVD-indexed β€” complete coverage of the National Vulnerability Database
  • βœ“CVSS-scored β€” every CVE ranked by real-world severity
  • βœ“SMB-focused β€” no enterprise noise, just what Texas small businesses need
  • βœ“Step-by-step remediation β€” not just alerts, actual fix guides
  • βœ“Call for help β€” BVTech responds same-day to critical incidents across Texas

Need Help with a Critical Vulnerability?

Call Jordan Polasek directly. BVTech provides emergency cybersecurity remediation for Texas businesses β€” same-day response across San Antonio, Houston, Austin, and the rest of the state.

Get Emergency Help β†’ πŸ“ž (210) 538-3669
[email protected]