Skip to content
Veteran-Owned. Built by engineers who've actually done the work.
02 / Threat Briefs

What's on the wire,
plainly told.

Carbynix publishes a brief whenever something material crosses the wire. Each is drafted by our structured-reasoning pipeline from primary sources and customer telemetry. If you find an error, tell us and we'll correct it within 24 hours.

Severity
Sector
  1. CISA adds Fortinet FortiOS auth bypass to KEV — what to do this week

    An authentication bypass in FortiOS SSL-VPN was added to CISA's KEV catalog after observed exploitation. Federal agencies have 21 days to remediate. Carbynix Guardian and Fortress customers are already covered by detection rule CBNX-FORT-244.

    critical CVE-2025-32756 Actors UNC-3886 (suspected) Sectors Federal · Healthcare · Manufacturing
  2. Okta cross-tenant token leak — what your IdP logs should show

    A logging defect in Okta's admin console briefly exposed bearer tokens between tenants. We walk through what to grep for in System Log between April 11 and April 23.

    high CVE-2026-29104 Sectors SaaS · Financial Services · Law Firms
  3. A conditional-access bypass that survives password reset

    A persistent OAuth grant pattern observed across three customer tenants this week. Resetting credentials does not revoke the implant — here is the cleanup runbook.

    high Actors Storm-1247 Sectors Financial Services · Healthcare
  4. Cisco ASA / FTD pre-auth memory corruption — added to KEV

    Pre-auth RCE in the WebVPN SSL handler. We're seeing scanning from three known initial-access broker IP ranges. Patch level required: ASA 9.20.2.10, FTD 7.4.2.

    critical CVE-2026-20114 Actors Initial-access brokers Sectors Federal · Manufacturing
  5. The MSP supply-chain shift: ransomware-as-a-vendor

    A ten-week look at how four ransomware crews are explicitly targeting MSPs as their preferred initial-access vector — and the four telemetry signals that catch it before customer environments ignite.

    medium Actors BlackCat (rebranded) · Akira Sectors MSPs · SaaS
  6. ABA Formal Opinion 512 — what it changes for AI use at law firms

    A plain-English read of ABA Formal Opinion 512, with concrete posture changes most firms will want to make to the technology section of their engagement letter.

    low Sectors Law Firms