“Before you close your laptop — confirm at least one domain controller per client is healthy and authenticated. Five minutes now beats a Sunday evening call later.”
Outlook Classic crashes when Teams Meeting Add-in enabled with older build versions
Service degradation affecting users attempting to use Microsoft Outlook Classic with Microsoft Teams Meeting Add-in and previous Outlook build versions enabled. Workaround: disable Teams Meeting Add-in or perform Online Repair of Office.
Read more →Linux kernel CVE-2026-31431 Copy Fail privilege escalation in production
Critical local privilege escalation (CVSS 7.8) affecting virtually all Linux distributions with kernels since 2017. Public exploit available. Workaround: disable algif_aead kernel module until patched kernel available.
Read more →Apache HTTP/2 double-free RCE in httpd 2.4.66 (CVE-2026-23918)
Critical vulnerability (CVSS 8.8) in mod_http2 allowing DoS and potential RCE. Upgrade from 2.4.66 to 2.4.67 immediately; mod_http2 ships by default in most deployments.
Read more →ConnectWise ScreenConnect path traversal (CVE-2026-32202) actively exploited
Path traversal vulnerability allowing remote code execution or data compromise. On CISA KEV catalog with May 12 deadline. Apply vendor patch immediately.
Read more →WatchGuard critical Windows agent vulnerability allows total system takeover
Critical security update released for WatchGuard Windows-based agent software. Vulnerability allows attackers to seize total control of local systems.
Read more →Microsoft Edge multiple in-the-wild exploits (CVE-2026-5281, CVE-2026-3909, CVE-2026-3910)
Chromium team reports multiple CVEs with active exploitation in the wild. Edge 146.0.3856.84 and later contain fixes.
Read more →Ivanti Endpoint Manager Mobile (EPMM) multiple CVEs (May 2026 advisory)
Ivanti released May 2026 security advisory for EPMM vulnerabilities. Check Ivanti security hub for patched versions and workarounds.
Read more →vm2 Node.js library 12 critical vulnerabilities disclosed May 7 2026
Dozen critical security flaws disclosed in vm2 library that could be exploited by attackers. Published May 7; recommend urgent review if vm2 is used in production.
Read more →Palo Alto PAN-OS out-of-bounds write in User-ID Authentication Portal
Unauthenticated RCE with root privileges on PA-Series and VM-Series firewalls. Workaround: restrict User-ID Authentication Portal access to trusted zones only.
Read more →SonicWall SMA1000 SQL injection (CVE-2026-4112) enables admin privilege escalation
High-severity SQL injection in SMA1000 firewalls allowing privilege escalation from read-only to admin. Patch available; no known wild exploitation yet but immediate deployment recommended.
Read more →Fortinet FortiGate 20 CVEs on CISA KEV catalog; healthcare ransomware campaigns ongoing
Fortinet devices remain primary entry point for Qilin, Akira, and Mora_001 ransomware groups targeting healthcare. 10,000+ unpatched firewalls globally as of January 2026.
Read more →NinjaOne earns Gartner Leader status, launches new product lines in Q1 2026
NinjaOne (formerly NinjaRMM) achieved $5B valuation with 35K+ customers and multi-year Audi F1 partnership. Announced asset management and vulnerability management expansions competing directly with ConnectWise and Kaseya.
Read more →ConnectWise 2026 MSP Threat Report: identity abuse is primary attack vector
ConnectWise Cyber Research Unit reports shift from exploit-driven attacks to identity abuse, credential theft, and OTP bypass. Ransomware groups prioritizing speed and backup disruption.
Read more →This is what you get — every weekday, free.
Subscribers get the full “From the Floor” take with every issue — not just the news summary you just read.
Written from 12 years on the helpdesk floor. Always free.