Current security notes, without the noise.
Agentic AI security, exploited-vulnerability briefs, lab practices, OSINT reporting, and workflow guidance for people doing authorized security work.
Library Snapshot
- Posts
- 24
- Topics
- 4
- Words
- 8,298
ActiveMQ KEV Message Broker Review
CISA added CVE-2026-34197 for Apache ActiveMQ to the KEV catalog on April 16, 2026. The catalog describes it as an improper input validation issue that can allow code...
Latest Signals
Current writing stays short and sharp. The full archive sits below it without stretching the page sideways.
After Physical Access Tests
Physical access testing can create temporary changes: opened rooms, moved equipment, test accounts, evidence files, device approvals, and security alerts. The work is...
Agentic Coding Tools Need Permission Design
Agentic coding tools ask for trust constantly: read this file, edit that module, run this command, install this package, open this URL. After enough prompts, humans...
April 2026 KEV Patch Triage
CISA's Known Exploited Vulnerabilities catalog moved again in mid-April 2026, with the live feed showing catalog version 2026.04.16 and 1,569 entries. That number...
Claude Code Source Map Leak Release Artifacts
The Claude Code source-map incident is interesting because it was not a dramatic intrusion story. Public reporting described a routine release that accidentally...
Client Ready OSINT Reports
An OSINT report should not be a dump of everything found. It should be a filtered set of exposures that matter to the client. The difference is judgment. A public...
Edge Appliance KEV Review 2026
CISA's recent KEV entries include Citrix NetScaler and F5 BIG-IP vulnerabilities, continuing a familiar pattern: edge and access appliances remain high-value targets...
Apr 20, 2026
2 min read
Fake Claude Code Leaks Malware Lure
When a popular developer tool leaks, people go looking. They search GitHub, click mirrors, compare forks, and download archives with names that promise “unlocked”...
Apr 20, 2026
2 min read
FortiClient EMS KEV Response
CISA added multiple FortiClient EMS issues to KEV in April 2026, including CVE-2026-21643 and CVE-2026-35616. Endpoint management systems are sensitive because they...
Apr 20, 2026
2 min read
GitHub Actions AI Agent Prompt Injection
AI review bots make pull requests feel more alive. They summarize diffs, find vulnerable patterns, and leave comments in places a tired human reviewer might miss. The...
Apr 20, 2026
4 min read
HID Automation Lab
A good HID automation lab starts with a contract, even when the work is internal. Write down which machines are in scope, which accounts may be used, which controls...
Apr 20, 2026
1 min read
Ivanti EPMM Mobile Management Review
CISA added CVE-2026-1340 affecting Ivanti Endpoint Manager Mobile to KEV on April 8, 2026. Mobile management platforms are often discussed as device tools, but...
Apr 20, 2026
2 min read
Keyboard Layouts For HID Tests
Keyboard layout can make or break an HID automation test. A script that behaves correctly on one layout may produce different characters on another. In a lab, that...
Apr 20, 2026
2 min read
Legacy Office Acrobat Flaws 2026
April 2026 KEV additions included legacy document-handling issues across Microsoft Office, VBA, and Adobe Acrobat. Some of the CVEs are old by calendar age, but...
Apr 20, 2026
2 min read
MCP Inspector RCE Localhost Is Not A Wall
Local debugging tools often assume that localhost is a private place. That assumption gets shaky when browsers, local proxies, developer servers, and AI toolchains...
Apr 20, 2026
3 min read
OSINT Workflow Hygiene
Open-source intelligence work can produce a huge amount of data very quickly. That speed is useful, but it also creates risk. Without structure, raw links, usernames,...
Apr 20, 2026
3 min read
Red Team Device Prep
Red-team hardware work looks exciting from the outside, but the reliable part is preparation. Before the engagement window opens, the device should already be...
Apr 20, 2026
2 min read
Secure Firmware Update Routine
Firmware updates are easy to treat as a quick maintenance task. In a security lab, they deserve a repeatable routine. The device may be used to validate controls,...
Apr 20, 2026
2 min read
SharePoint Exchange Collaboration Server Review
CISA's April 2026 KEV additions included Microsoft SharePoint Server CVE-2026-32201 and Microsoft Exchange Server CVE-2023-21529. The products are different, but the...
Apr 20, 2026
2 min read
Supply Chain Scanner AI Workflow Triage
Recent KEV entries include issues affecting Aqua Security Trivy and Langflow. These tools live in different parts of the stack, but they share a defensive lesson:...
Apr 20, 2026
2 min read
Team Security Lab Kit
Security teams often build labs from leftover equipment. That can work, but it usually creates inconsistent results. A better lab kit is intentional: a small set of...
Apr 20, 2026
3 min read
USB Policy Validation
USB policy validation is often treated as a yes-or-no check. Did the device work, or was it blocked? That is only one part of the story. A useful validation also...
Apr 20, 2026
2 min read
Workspace Trust Is The New Git Hooks
Developers already know to be careful with Git hooks, workflow files, package scripts, Dockerfiles, and editor tasks. Agentic coding tools add another category:...
Apr 20, 2026
2 min read
Writing Better Security Evidence
Security teams often think of evidence as something collected after the real work. In practice, evidence is part of the work. It is the thing that lets another person...
Want us to cover a workflow?
Send a topic request to admin@zerotrace.pw and we will consider it for the next field note.