Attackers breached Okta's support system, stealing session tokens from 18,400 users. Learn the four control failures that enabled the attack, why MFA didn't help, how other organisation avoided compromise and get a security operator checklist with actions to take to protect your organisation.
Reading time 10 Minutes
CISA added eight new vulnerabilities to the Known Exploited Vulnerabilities (KEV) Catalog during the past seven days, spanning legacy Cisco infrastructure, multiple Joomla ecosystem extensions, Adobe ColdFusion, Langflow, and Microsoft SharePoint Server. The most significant operational trend is the concentration of unauthenticated file upload vulnerabilities affecting public-facing web applications, many of which provide immediate paths to web shell deployment and remote code execution. Security, vulnerability management, and infrastructure teams should prioritise internet-facing web applications and collaboration platforms for immediate exposure validation and remediation activity.
Reading time 10 minutes
The June 2026 HackerStorm report covers all 23 CISA KEV additions this month, active exploitation trends, and prioritisation guidance.
Reading time 10 minutes
Traditional CVSS triage and monthly patch cycles can't keep pace with modern exploitation timelines. Learn how to operationalise CISA KEV with a tiered decision framework, emergency workflows, and clear escalation paths that prioritise the 0.48% of vulnerabilities driving real-world breaches.
Reading time 10 minutes
COOKIE / PRIVACY POLICY: This website uses essential cookies required for basic site functionality. We also use analytics cookies to understand how the website is used. We do not use cookies for marketing or personalization, and we do not sell or share any personal data with third parties.