Post by Black Kite

An 18-year-old flaw in NGINX. A 4th critical bug in Langflow. Active exploitation on cPanel. We’re dropping this week’s Focus Friday a day early to give security teams an immediate head start on a massive week of vulnerability disclosures. We are tracking 7 new FocusTags® where legacy technical debt meets active adversary orchestration: 🔹 NGINX Rift Chain: An 18-year-old flaw with a massive global attack surface, a public PoC, and a high EPSS of 14.45%. 🔹 Langflow (CVE-2026-5027): The 4th critical AI orchestration flaw in weeks, enabling unauthenticated RCE via a zero-credential path. 🔹 LiteSpeed cPanel Plugin & SimpleHelp: Both facing active, in-the-wild exploitation—with LiteSpeed already landing on the CISA KEV list. 🔹 FortiBleed, Jenkins, & MongoDB: High-severity threats targeting exposed perimeter infrastructure and privileged access. For TPRM professionals, these aren't just patches—they represent hidden access points into your digital supply chain. Get the exact remediation steps and vendor questionnaire guidance you need to secure your ecosystem today.