Weekly Threat Landscape Digest – Week 20
- Privilege Escalation Vulnerability in VMware Fusion
Overview:
- A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in a SETUID binary operation within VMware Fusion.
- The flaw involves a race condition between validation and execution, allowing manipulation of privileged operations.
Impact:
- Local authenticated users with non-administrative privileges can escalate to root, gaining full control of the host system.
Affected / Fixed Versions:
- Affected: VMware Fusion 25H2 (any platform)
- Fixed: VMware Fusion 26H1 or later
Recommendations:
- Update VMware Fusion to version 26H1 or later to mitigate the vulnerability.
Reference link:
- Multiple Vulnerabilities in Palo Alto Networks PAN-OS
Overview:
- Three high-severity vulnerabilities identified in PAN-OS with CVSS scores of 7.2.
- CVE-2026-0263: Buffer overflow in IKEv2 processing allowing unauthenticated arbitrary code execution or denial of service (DoS).
- CVE-2026-0264: Buffer overflow in DNS proxy and DNS Server features potentially enabling DoS or arbitrary code execution via crafted network traffic.
- CVE-2026-0265: Authentication bypass in Cloud Authentication Service (CAS) when enabled, allowing unauthenticated access.
Impact:
- Arbitrary code execution with elevated privileges.
- Denial of service conditions.
- Authentication bypass leading to unauthorized access.
Affected / Fixed Versions:
- PAN-OS 12.1.x: Fixed in 12.1.7 and 12.1.4-h5.
- PAN-OS 11.2.x: Fixed in 11.2.12, 11.2.10-h6, 11.2.7-h13, and 11.2.4-h17.
- PAN-OS 11.1.x: Fixed in 11.1.15, 11.1.13-h5, 11.1.10-h25, 11.1.7-h6, 11.1.6-h32, and 11.1.4-h33.
- PAN-OS 10.2.x: Fixed in 10.2.18-h6, 10.2.16-h7, 10.2.13-h21, 10.2.10-h36, and 10.2.7-h34.
- Older unsupported versions require upgrading to supported fixed releases.
Recommendations:
- Upgrade to the latest fixed versions as per respective PAN-OS versions.
- Apply currently available security patches immediately.
- Implement vendor-recommended mitigations where patches are pending.
- Restrict internet exposure of affected services and management interfaces.
- Enable security protections and monitoring for suspicious activity.
- Follow vendor best practices to minimize attack surface.
Reference links:
- https://security.paloaltonetworks.com/CVE-2026-0263
- https://security.paloaltonetworks.com/CVE-2026-0264
- https://security.paloaltonetworks.com/CVE-2026-0265
- Critical Remote memory corruption vulnerability in EXIM
Overview:
- A critical remote memory corruption vulnerability, tracked as EXIM-Security-2026-05-01.1 (CVE pending), has been identified in the GnuTLS backend of Exim mail server.
- The flaw is a remote Use-After-Free (UAF) triggered during SMTP BDAT/CHUNKING message handling when a malicious client prematurely terminates a TLS session with a close_notify alert and then sends cleartext data over the same TCP connection.
- Affects Exim versions 4.97 through 4.99.2 compiled with GnuTLS support enabled (USE_GNUTLS=yes).
- OpenSSL and other TLS backends are unaffected.
Impact:
- Heap corruption
- Potential remote code execution (RCE) on vulnerable mail servers
- No authentication or user interaction required for exploitation
Affected / Fixed Versions:
- Affected: Exim 4.97 to 4.99.2 with GnuTLS support
- Fixed: Exim 4.99.3
Recommendations:
- Upgrade all vulnerable Exim instances to version 4.99.3 or later immediately
Reference link:
- Security Updates – Mozilla Firefox
Overview:
- Multiple high-severity vulnerabilities have been addressed in Firefox, affecting the JavaScript Engine, WebAssembly, and Profile Backup components.
Impact:
- Vulnerabilities could lead to memory corruption, sandbox escape, and arbitrary code execution.
- Specific issues include incorrect boundary conditions (CVE-2026-8388), JIT miscompilation (CVE-2026-8389), use-after-free (CVE-2026-8390), an unspecified JavaScript Engine flaw (CVE-2026-8391), and sandbox escape (CVE-2026-8401).
Affected / Fixed Versions:
- Fixed in Firefox 150.0.3 and later.
Recommendations:
- Update to Firefox version 150.0.3 or later immediately to mitigate these vulnerabilities.
Reference link:
- Fortinet Security Updates
Overview:
- Multiple high-severity and critical vulnerabilities disclosed affecting Fortinet enterprise security products including FortiOS, FortiAuthenticator, and FortiSandbox.
- Vulnerabilities allow authenticated or unauthenticated attackers to execute arbitrary code or commands, impacting wireless controller services, API endpoints, and web UI authorization.
Impact:
- CVE-2025-53844 (FortiOS): Out-Of-Bounds Write in capwap daemon enabling attackers controlling an authenticated FortiAP/FortiExtender/FortiSwitch to execute code on FortiGate devices. CVSS 8.3.
- CVE-2026-44277 (FortiAuthenticator): Improper Access Control vulnerability permitting unauthenticated attackers to run unauthorized code via crafted requests. CVSS 9.1.
- CVE-2026-26083 (FortiSandbox): Missing Authorization vulnerability allowing unauthenticated attackers to execute unauthorized code or commands via HTTP requests. CVSS 9.1.
Affected / Fixed Versions:
- FortiOS 7.6.0 through 7.6.3 fixed in 7.6.4 and above.
- FortiOS 7.4.0 through 7.4.8 fixed in 7.4.9 and above.
- FortiOS 7.2.0 through 7.2.11 fixed in 7.2.12 and above.
- FortiAuthenticator 8.0.0 and 8.0.2 fixed in 8.0.3 and above.
- FortiAuthenticator 6.6.0 through 6.6.8 fixed in 6.6.9 and above.
- FortiAuthenticator 6.5.0 through 6.5.6 fixed in 6.5.7 and above.
- FortiSandbox 5.0.0 through 5.0.1 fixed in 5.0.2 and above.
- FortiSandbox 4.4.0 through 4.4.8 fixed in 4.4.9 and above.
- FortiSandbox Cloud and FortiSandbox PaaS all affected versions require migration to fixed releases.
Recommendations:
- Immediately upgrade all affected Fortinet products to the latest patched versions.
- Prioritize updating internet-facing FortiAuthenticator and FortiSandbox deployments to prevent exploitation.
Reference links:
- https://fortiguard.fortinet.com/psirt/FG-IR-26-136
- https://fortiguard.fortinet.com/psirt/FG-IR-26-128
- https://fortiguard.fortinet.com/psirt/FG-IR-26-123
- Ivanti May 2026 Security Updates
Overview:
- Multiple vulnerabilities disclosed across Ivanti Secure Access Client, Ivanti Virtual Traffic Manager (vTM), Ivanti Xtraction, and Ivanti Endpoint Manager (EPM).
- Vulnerabilities include privilege escalation, SQL injection, remote code execution (RCE), OS command injection, information disclosure, arbitrary file write, and client-side attack vectors.
- The most critical vulnerability is CVE-2026-8043 in Ivanti Xtraction with a CVSS score of 9.6, allowing remote authenticated attackers to read sensitive files and write arbitrary HTML content to web-accessible directories.
- No active exploitation observed at the time of disclosure.
Impact:
- Unauthorized remote code execution, data disclosure, privilege escalation, and arbitrary file writes may lead to system compromise and data breaches.
Affected / Fixed Versions:
- Ivanti Secure Access Client: CVE-2026-7431, CVE-2026-7432 – Fixed in version 22.8R6
- Ivanti Virtual Traffic Manager (vTM): CVE-2026-8051 – Fixed in version 22.9r4
- Ivanti Xtraction: CVE-2026-8043 – Fixed in version 2026.2
- Ivanti Endpoint Manager (EPM): CVE-2026-8109, CVE-2026-8110, CVE-2026-8111 – Fixed in version 2024 SU6
Recommendations:
- Immediately apply the latest patches for all affected Ivanti products.
- Review exposure and access controls of affected systems to prevent unauthorized access.
Reference links:
- https://hub.ivanti.com/s/article/May-2026-Security–Ivanti-Secure-Access-Client-CVE-2026-7431-CVE-2026-7432?language=en_US
- https://hub.ivanti.com/s/article/Security—-Ivanti-Xtraction-CVE-2026-8043?language=en_US
- https://hub.ivanti.com/s/article/May-2026-Security–Ivanti-Virtual-Traffic-Manager-vTM-CVE-2026-8051?language=en_U
- https://hub.ivanti.com/s/article/Security–Ivanti-Endpoint-Manager-EPM-May-2026?language=en_US
- https://hub.ivanti.com/s/article/May-2026-Security-Advisory-Ivanti-Secure-Access-Client-CVE-2026-7431-CVE-2026-7432?language=en_US
- https://hub.ivanti.com/s/article/Security-Advisory—Ivanti-Xtraction-CVE-2026-8043?language=en_US
- https://hub.ivanti.com/s/article/May-2026-Security-Advisory-Ivanti-Virtual-Traffic-Manager-vTM-CVE-2026-8051?language=en_U
- https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-EPM-May-2026?language=en_US
- Security Updates – Chrome OS
Overview:
- Google released a Long Term Support (LTS) channel update for Chrome OS, upgrading most supported devices to LTS-144 version 144.0.7559.250 (Platform Version 16503.82.0).
- The update addresses multiple high-severity use-after-free vulnerabilities affecting critical browser components including TextEncoding, WebCodecs, WebMIDI, network components, media, codecs, Blink rendering engine, MediaStream, compositing, canvas, and WebUSB policy enforcement.
Impact:
- Exploitation of these vulnerabilities could lead to system compromise or denial of service.
Affected / Fixed Versions:
- Fixed in LTS-144 version 144.0.7559.250 (Platform Version 16503.82.0).
Recommendations:
- Apply the Chrome OS LTS-144 security update promptly to mitigate risks associated with these high-severity use-after-free vulnerabilities.
Reference link:
- Security Updates – SAP
Overview:
- SAP released May 2026 security updates addressing multiple vulnerabilities across various SAP products.
- Vulnerabilities include SQL injection, missing authentication, OS command injection, code injection, cross-site scripting (XSS), cross-site request forgery (CSRF), content spoofing, denial of service (DoS), and improper certificate validation.
Impact:
- Exploitation could lead to arbitrary command execution, code injection, authentication bypass, privilege escalation, unauthorized data access, system compromise, and service disruption.
Critical Vulnerabilities:
- CVE-2026-34260 (CVSS 9.6): SQL injection in SAP S/4HANA (SAP Enterprise Search for ABAP).
- CVE-2026-34263 (CVSS 9.6): Missing authentication check in SAP Commerce Cloud configuration.
High Severity:
- CVE-2026-34259 (CVSS 8.2): OS command injection in SAP Forecasting & Replenishment.
Medium Severity:
- CVE-2026-40135 (CVSS 6.5): OS command injection in SAP NetWeaver Application Server for ABAP and ABAP Platform.
- CVE-2026-40133 (CVSS 6.3): Missing authorization check in SAP S/4HANA Condition Maintenance.
- CVE-2026-40137 (CVSS 6.1): XSS in Business Server Pages Application (TAF_APPLAUNCHER).
- CVE-2026-0502 (CVSS 5.4): CSRF in SAP BusinessObjects Business Intelligence Platform.
- CVE-2026-40132 (CVSS 5.4): Missing authorization check in SAP Strategic Enterprise Management.
- CVE-2025-68161 (CVSS 4.8): Potential improper certificate validation in SAP Commerce Cloud (Apache Log4j).
- CVE-2026-34258 (CVSS 4.7): Content spoofing in SAPUI5 (Search UI).
- CVE-2026-27682 (CVSS 4.7): Reflected XSS in SAP NetWeaver Application Server ABAP.
- CVE-2026-40136 (CVSS 4.3): DoS in SAP Financial Consolidation.
- CVE-2026-40134 (CVSS 4.3): Missing authorization check in SAP Incentive and Commission Management.
- CVE-2026-40129 (CVSS 4.3): Code injection in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform.
Low Severity:
- CVE-2026-40131 (CVSS 3.4): SQL injection in SAP HANA Deployment Infrastructure (HDI) Deploy Library.
Recommendations:
- Apply the May 2026 SAP security updates immediately to mitigate these vulnerabilities.
- Review SAP security notes corresponding to each CVE for detailed affected versions, fixed releases, and mitigation procedures.
Reference link:
- Security Updates – Apple
Overview:
- Apple released security updates addressing multiple vulnerabilities in core operating system components including kernel, WebKit browser engine, sandbox protections, memory handling, networking, image parsing, and application sandboxing.
- Key vulnerabilities include privilege escalation (CVE-2026-28951), sandbox escape (CVE-2026-28995), WebKit security bypass (CVE-2026-43660, CVE-2026-28907), kernel memory corruption (CVE-2026-28972), remote network-based memory corruption via mDNSResponder (CVE-2026-43668), sensitive information disclosure (CVE-2026-28962, CVE-2026-28920), and image parsing memory corruption (CVE-2026-43661, CVE-2026-28990).
Impact:
- Exploitation could allow privilege escalation, kernel memory corruption, sandbox escape, sensitive information disclosure, denial-of-service, and remote browser exploitation through malicious web content.
Affected / Fixed Versions:
- iOS 26.5 / iPadOS 26.5 for iPhone 11 and later, iPad Pro 12.9-inch 3rd gen and later, iPad Pro 11-inch 1st gen and later, iPad Air 3rd gen and later, iPad 8th gen and later, iPad mini 5th gen and later
- iOS 18.7.9 / iPadOS 18.7.9 for iPhone XS, XS Max, XR, iPad 7th gen
- iPadOS 17.7.11 for iPad Pro 12.9-inch 2nd gen, iPad Pro 10.5-inch, iPad 6th gen
- iOS 16.7.16 / iPadOS 16.7.16 for iPhone 8, 8 Plus, X, iPad 5th gen, iPad Pro 9.7-inch, iPad Pro 12.9-inch 1st gen
- iOS 15.8.8 / iPadOS 15.8.8 for iPhone 6s, 7, iPhone SE 1st gen, iPad Air 2, iPad mini 4th gen, iPod touch 7th gen
- macOS Tahoe 26.5
- macOS Sequoia 15.7.7
- macOS Sonoma 14.8.7
- tvOS 26.5 for Apple TV HD and Apple TV 4K (all models)
- watchOS 26.5 for Apple Watch Series 6 and later
- visionOS 26.5 for Apple Vision Pro (all models)
Recommendations:
- Install the latest available updates promptly to mitigate exploitation risks.
Reference link:
- Critical Vulnerabilities in vm2 Node.js Sandbox Library
Overview:
- Multiple critical vulnerabilities identified in vm2, a Node.js sandboxing library used for executing untrusted JavaScript.
- These vulnerabilities enable attackers to bypass sandbox protections, escape isolation, and execute arbitrary code on host systems.
Impact:
- Code injection allowing full sandbox escape and arbitrary host code execution.
- Prototype pollution leading to application compromise and remote code execution.
- Bypass of allowlists permitting loading of restricted modules like child_process, enabling system command execution.
- Various sandbox escape techniques exploiting JavaScript features (__lookupGetter__, species property, inspect function, SuppressedError, Symbol coercion, neutralizeArraySpeciesBatch, null proto exception handling).
- Execution of arbitrary operating system commands on the host environment.
Affected / Fixed Versions:
- Vulnerabilities affect all unpatched vm2 versions prior to 3.11.2.
- Fixed in vm2 version 3.11.2 and later.
Recommendations:
- Immediately update vm2 to version 3.11.2 or later to mitigate all listed vulnerabilities.
- Review integrations using vm2 for untrusted JavaScript execution to ensure sandbox protections are intact.
Reference link:
- Actively Exploited SQL Injection Vulnerability in BerriAI LiteLLM
Overview:
- A critical SQL Injection vulnerability (CVE-2026-42208) exists in LiteLLM Proxy API key verification.
- The vulnerability allows unauthenticated remote attackers to inject malicious SQL queries via Authorization headers.
- Exploitation is active in the wild and the vulnerability is listed in the Known Exploited Vulnerabilities (KEV) Catalog.
Impact:
- Attackers may access or modify database content without authorization.
- Potential exposure of stored credentials, API keys, and proxy management resources.
Affected / Fixed Versions:
- Affected: LiteLLM versions >= 1.81.16 and < 1.83.7
- Fixed: Version 1.83.7 and later
Recommendations:
- Upgrade LiteLLM to version 1.83.7 or later immediately.
- Restrict public access to LiteLLM proxy instances.
- Rotate all stored API credentials and tokens.
- Monitor logs for suspicious Authorization header activity.
- Audit databases for unauthorized modifications.
Reference link:
- Command Execution Vulnerability in Hikvision Switch Products
Overview:
- Authenticated remote command execution vulnerability (CVE-2026-3828) affects multiple discontinued Hikvision smart switch models.
- Caused by insufficient input validation in device firmware.
- Allows authenticated attackers to inject and execute arbitrary OS commands remotely.
- CVSS v3.1 score: 7.2 (High severity).
Impact:
- Remote attackers with valid credentials can execute arbitrary commands, compromising device confidentiality, integrity, and availability.
Affected / Fixed Versions:
- DS-3E1310P-SI: affected versions ≤ V1.2.4_210623, fixed in V1.2.5_260309.
- DS-3E1318P-SI: affected versions ≤ V1.2.0_210823, fixed in V1.2.1_260309.
- DS-3E1326P-SI: affected versions ≤ V1.2.0_210823, fixed in V1.2.1_260309.
Recommendations:
- Upgrade all affected devices to the latest fixed firmware versions immediately.
Reference links:
- https://www.hikvision.com/en/support/cybersecurity/security-/command-execution-vulnerability-in-some-hikvision-switch-product/
- https://www.hikvision.com/en/support/cybersecurity/security-advisory/command-execution-vulnerability-in-some-hikvision-switch-product/
- Multiple Vulnerabilities in cPanel & WHM
Overview:
- Three new vulnerabilities affect cPanel and Web Host Manager (WHM), allowing authenticated attackers to perform arbitrary file reads, execute arbitrary Perl code, and potentially escalate privileges or cause denial-of-service (DoS).
- CVE-2026-29202: Insufficient input validation in the “plugin” parameter of the create_user API can lead to arbitrary Perl code execution.
- CVE-2026-29203: Unsafe symlink handling allows modification of access permissions on arbitrary files, potentially causing DoS or privilege escalation.
- CVE-2026-29201: Insufficient input validation of feature file names in the adminbin call can result in arbitrary file reads.
- CVE-2026-41940: A previously disclosed critical vulnerability actively exploited to deploy Mirai variants and “Sorry” ransomware.
Impact:
- Remote code execution (RCE)
- Privilege escalation
- Denial-of-service
- Active exploitation related to previous critical vulnerability
Affected / Fixed Versions:
- Vulnerabilities are fixed in multiple patched versions, including cPanel & WHM 11.136.0.9 and higher, 11.134.0.25 and higher, down to 11.86.0.43 and higher.
- WP Squared patched from version 11.136.1.10 and higher.
Recommendations:
- Immediately update cPanel & WHM to the latest available patched version.
Reference link:
- Security Updates- React and Next.js
Overview:
- Multiple high-severity vulnerabilities disclosed in React Server Components and Next.js affecting authentication controls, middleware enforcement, server-side request handling, cache mechanisms, and cross-site scripting (XSS) protections.
Impact:
- CVE-2026-44574: Middleware/proxy bypass via dynamic route parameter injection.
- CVE-2026-44578: Server-Side Request Forgery (SSRF) in applications using WebSocket upgrades.
- CVE-2026-44581: Cross-Site Scripting (XSS) in App Router applications using Content Security Policy (CSP) nonces.
- CVE-2026-23870: Denial of Service (DoS) in Server Components.
- CVE-2026-44575: Middleware/proxy bypass in App Router applications via segment-prefetch routes.
- CVE-2026-44579: Denial of Service via connection exhaustion in applications using Cache Components.
Affected / Fixed Versions:
- Standard users should upgrade to Next.js versions 15.5.16 or 16.2.5.
- Turbopack users should upgrade to versions 15.5.18 or 16.2.6.
Recommendations:
- Upgrade Next.js immediately to the latest patched versions.
- Turbopack users should prioritize upgrading to 15.5.18 or 16.2.6.
- Update all React Server Component packages to their latest versions.
Reference links:
- https://github.com/vercel/next.js/releases/tag/v15.5.18
- https://github.com/vercel/next.js/releases/tag/v15.5.16
- 79 Chrome Vulnerabilities Patched, Including 14 Critical Ones – Update Now!
Overview:
- Google released a large security update for Chrome, addressing 79 vulnerabilities with 14 rated critical.
- Most issues are memory corruption bugs such as heap buffer overflows and use-after-free vulnerabilities in components like WebML, Skia, Blink, and others.
Impact:
- Vulnerabilities allow arbitrary code execution via malicious HTML content, risking sandbox escapes, data theft, and system compromise.
Affected / Fixed Versions:
- Chrome updated to version 148.0.7778.167/168 on Windows and Mac; version 148.0.7778.167 on Linux.
Recommendations:
- Manually update Chrome to the latest version immediately through the browser’s Help > About Google Chrome menu.
- Restart the browser to apply all patches and clear active sessions.
Reference link:
- CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits
Overview:
- CISA added a critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller (CVE-2026-20182) to its Known Exploited Vulnerabilities catalog.
- The vulnerability allows attackers to bypass authentication and gain administrative access.
Impact:
- Exploitation could lead to complete compromise of affected SD-WAN controllers, enabling full control over network traffic and configurations.
Affected / Fixed Versions:
- Specific affected or fixed versions were not detailed in the advisory.
Recommendations:
- Federal Civilian Executive Branch agencies must remediate the vulnerability by May 17, 2026.
- Organizations using Cisco Catalyst SD-WAN Controller should apply available patches or mitigations immediately to prevent exploitation.
Reference link:
- Hackers exploit auth bypass flaw in Burst Statistics WordPress plugin
Overview:
- A critical authentication bypass vulnerability in the Burst Statistics WordPress plugin is being actively exploited by hackers.
- The flaw allows attackers to gain admin-level access to affected WordPress websites without proper authentication.
Impact:
- Full admin privileges on compromised WordPress sites, enabling attackers to control site content, install malicious code, or launch further attacks.
Affected / Fixed Versions:
- Specific affected or fixed versions were not detailed in the report.
Recommendations:
- Immediately review installations of the Burst Statistics plugin.
- Update the plugin to the latest available version if a fix has been released.
- Temporarily disable or remove the plugin if an update is not available.
- Monitor website logs for any suspicious activity or unauthorized access attempts.
Reference link:
- Sandworm Hackers Pivot From Compromised IT Systems Toward Critical OT Assets
Overview:
- Russian state-sponsored group Sandworm (aka APT44, Seashell Blizzard, Voodoo Bear) is targeting operational technology (OT) environments after establishing footholds in IT networks.
- The campaign uses known exploits like EternalBlue, DoublePulsar, and WannaCry on systems with longstanding vulnerabilities.
- Analysis of 29 incidents across 7 countries showed Sandworm’s methodical lateral movement and focus on industrial control systems (engineering workstations, HMIs, RTUs, PLCs, IEDs).
Impact:
- Targets include critical infrastructure components controlling factories, power plants, and transportation.
- Sandworm intensifies activity after detection, increasing attack volume and scope.
- Partial detection without containment can worsen incidents; detected infections led to escalated attacks.
Recommendations:
- Treat alerts related to known exploits and attack tools as serious warnings.
- Prioritize rapid isolation of infected systems, especially those bridging IT and OT networks.
- Maintain strong cybersecurity hygiene: patch legacy vulnerabilities, remove unnecessary protocols, enforce strict IT-OT network segmentation.
- Treat engineering workstations and ICS management systems as high-value assets; limit internet exposure and monitor continuously.
- Incident response plans should expect threat actor escalation post-detection, requiring proactive containment and remediation.
Reference link:
- ‘Dirty Frag’ Exploit Poised to Blow Up on Enterprise Linux Distros
Overview:
- A new privilege escalation vulnerability affecting enterprise Linux distributions has emerged, named “Dirty Frag.”
- The exploit shares similarities with previous Linux kernel flaws such as Copy Fail and Dirty Pipe.
- Limited exploitation has been reported, indicating active threat actor interest.
Impact:
- Successful exploitation allows privilege escalation, potentially enabling attackers to gain root-level access on affected systems.
Recommendations:
- Monitor for vendor advisories addressing this vulnerability.
- Apply kernel updates and patches as they become available.
- Employ endpoint detection and response (EDR) solutions to detect exploitation attempts.
Reference link: