This week's burn-down
10 fixes worth doing right now.
9 of these are being used in ransomware attacks as we speak, so they jump the line. Handle those first, then work down the rest. Newest at the top.
- CVE-2026-48282Patch this week
Adobe ColdFusion Path Traversal Vulnerability
Microsoft Defender Insufficient Granularity of Access Control Vulnerability
Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserialization of Untrusted Data Vulnerability
Start here
What to patch first.
160 of these vulnerabilities are actively used in ransomware attacks. Start with these — they're the ones criminals are exploiting right now.
- Patch now160used in ransomware
- Patch this week177critical, or high-severity on internet-facing gear
- Plan to patch420the working backlog
- Monitor54low urgency, fix on next maintenance
Microsoft updates
One Windows Update run clears all of these.
Windows updates are cumulative: the newest one includes every fix that came before it. Run Windows Update on your machines and everything below is covered. The KB numbers are the receipts, not a to-do list.
- KB5053618covered 7 actively-exploited CVEs
- KB5053594covered 7 actively-exploited CVEs
- KB5053886covered 7 actively-exploited CVEs
Not sure where to start
You don't have to triage 811 vulnerabilities yourself.
We watch this list daily and tell you which ones touch the software you actually run. Free 30-minute briefing — share what you have, get a prioritized short list back, and we tell you when you don't need us.
