Patch/Configuration Management

Here’s six ways teams can survive in the machine speed era.

The vulnerability, identified as CVE-2026-29014 with a CVSS score of 9.8, is a PHP code injection flaw that allows unauthenticated remote attackers to execute arbitrary code.

The vulnerability, which has a CVSS score of 9.3 when the User-ID Authentication Portal is exposed to untrusted networks, enables unauthenticated attackers to execute arbitrary code with root privileges on PA-Series and VM-Series firewalls.

The vulnerability specifically impacts the Android Debug Bridge daemon ("adbd"), a background process that facilitates communication between an Android device and a computer via the Android Debug Bridge tool.

Critical Weaver E-cology bug exploited for RCE, exposing core enterprise workflows and secrets.

The NCSC highlights that skilled attackers leveraging AI can identify software weaknesses at an unprecedented pace.

The vulnerability, tracked as CVE-2026-4670, affects multiple versions of MOVEit Automation.

Threat intelligence company Vega documented the attacks, which targeted organizations primarily in China that use Weaver E-cology for workflows, document management, and internal business processes.