Safeguard
Tag

cisa-kev

Safeguard articles tagged "cisa-kev" — guides, analysis, and best practices for software supply chain and application security.

22 articles

Vulnerability Management

Vulnerability fatigue and the case for risk-based prioritization

48,185 CVEs were published in 2025 alone. Most teams can't triage that volume — reachability and exploit maturity data show which ones actually matter.

Jul 10, 20267 min read
Vulnerability Management

A prioritization framework for triaging security alerts at scale

Only 2.6% of CVEs tracked in 2019 saw real-world exploitation, per Kenna Security/Cyentia — yet most teams still triage by CVSS alone. Here's a better framework.

Jul 9, 20267 min read
Best Practices

A Step-by-Step Methodology for Mapping and Prioritizing Attack Surface

CVE-2023-34362 sat in one internet-facing file-transfer server and still produced thousands of downstream breaches — attack surface mapping is what catches that server before Cl0p does.

Jul 8, 20267 min read
Application Security

Beyond vulnerability management: a risk-based approach to AppSec

Fewer than 5% of published CVEs are ever exploited in the wild, yet most teams still triage by raw count — here's the exploitability-first alternative.

Jul 8, 20267 min read
Vulnerability Management

Continuous vulnerability management: the discovery-to-verification lifecycle

CISA's new BOD 26-04 gives federal agencies as little as 3 days to remediate the highest-risk flaws — a preview of the SLA pressure every engineering org now faces.

Jul 8, 20267 min read
Vulnerability Management

Exploitability vs. breakability: a practical rubric for vulnerability triage

CVSS says a flaw could be bad. CISA's KEV catalog, now past 1,300 entries, says one actually was exploited. Most teams still triage as if the two are the same.

Jul 8, 20267 min read
Vulnerability Management

Prioritizing vulnerabilities by real-world risk, not raw CVSS score

Kenna/Cyentia found just 2.6% of 2019's tracked CVEs were ever actively exploited — yet most teams still triage backlogs by CVSS score alone.

Jul 8, 20267 min read
Vulnerability Management

The libwebp heap overflow that patched half the internet: CVE-2023-4863

One heap buffer overflow in a 15-year-old image codec forced Chrome, Firefox, Edge, Electron apps, and entire Linux distros to ship emergency patches within days.

Jul 8, 20266 min read
Vulnerabilities

Edge Appliances Are the Soft Underbelly: VPN Zero-Days as Initial Access in 2026

Check Point's CVE-2026-50751 and Cisco's seventh SD-WAN zero-day of the year are not isolated bugs — they are the same story. Here is why VPN and edge appliances keep becoming the front door for ransomware, and how to monitor and segment them.

Jun 17, 20267 min read
Vulnerability Analysis

Ivanti EPMM CVE-2026-6973: Authenticated RCE on CISA KEV in May 2026

Ivanti disclosed CVE-2026-6973 on May 7, 2026, an improper-input-validation RCE in Endpoint Manager Mobile already seeing limited exploitation. CISA gave federal agencies a three-day patch deadline.

May 8, 202610 min read
Vulnerability Response

CVE-2026-0300 in Palo Alto PAN-OS: Patch Posture & SBOM Response

PAN-OS Captive Portal pre-auth RCE scored CVSS 9.3 and landed on CISA KEV with a three-day patch deadline. Defender playbook below.

May 7, 20267 min read
Vulnerability Analysis

Citrix NetScaler CVE-2026-3055: The SAML Memory-Overread CitrixBleed Echo of 2026

CVE-2026-3055 is an unauthenticated memory overread in NetScaler ADC/Gateway configured as a SAML IdP, CVSS 9.3, exploited since late March 2026 and drawing direct CitrixBleed comparisons. Full analysis.

May 6, 202611 min read
cisa-kev — Safeguard Blog