Posts by Matt Jastram
Threat intel | 5 min read
Patch Tuesday: February 2026 (Expel’s version)We're highlighting three critical CVEs, and we're also sharing some thoughts around the deprecation timeline of NTLM.
Threat intel | 5 min read
Patch Tuesday: January 2026 (Expel’s version)We're highlighting five critical CVEs, and we're also recapping our vulnerability prioritization recommendations from 2025 to see how we did.
Threat intel | 5 min read
Patch Tuesday: December 2025 (Expel’s version)This month we're highlighting top critical vulnerabilities, including three zero-day and three critical remote code execution vulnerabilities.
Rapid response | 2 min read
Active exploitation notice: React2Shell critical vulnerability (CVE-2025-55182)A React2Shell critical vulnerability (CVE-2025-55182) is under active exploitation. Here's what you need to know and how to identify it.
Threat intel | 3 min read
Patch Tuesday: November 2025 (Expel’s version)This month, we're highlighting top critical vulnerabilities, including one zero-day and an update on Windows Server Update Services (WSUS).
Threat intel | 2 min read
Patch Tuesday: October 2025 (Expel’s version)This month, we're highlighting top critical vulnerabilities, including six zero-day vulnerabilities, and one in Cisco IOS.
Threat intel | 3 min read
Patch Tuesday: September 2025 (Expel’s version)This month, we're highlighting top critical vulnerabilities, including an SAP S/4HANA code injection vulnerability currently being exploited.
Threat intel | 4 min read
Patch Tuesday: August 2025 (Expel’s version)The August 2025 edition of Patch Tuesday is live, and this month we're highlighting targeted SharePoint vulnerabilities.
Rapid response | 2 min read
Update on the SharePoint ToolShell vulnerability exploitation (CVE-2025-53770)Over the weekend, a zero-day vulnerability for SharePoint 16.0.0.0 and earlier versions was targeted. Here's what you need to know.
Threat intel | 3 min read
Patch Tuesday: July 2025 (Expel’s version)The July 2025 edition of Patch Tuesday is live, and this month we're highlighting a couple of vulnerabilities in Citrix NetScaler.
Threat intel | 3 min read
Patch Tuesday: June 2025 (Expel’s version)The June 2025 edition of Patch Tuesday is live, and this month we're highlighting a handful of Ivanti critical vulnerabilities.
Threat intel | 4 min read
Patch Tuesday (Expel’s version): May 2025The May 2025 edition of Patch Tuesday is live, and this month we highlighted a SAP NetWeaver vulnerability Expel has seen recently.
Threat intel | 5 min read
Patch Tuesday (Expel’s version): April 2025The April 2025 edition of Patch Tuesday is live, and this month we included PHP vulnerability data Expel has seen recently.
SOC | 4 min read
Patch Tuesday (Expel’s version): March 2025The March 2025 edition of Patch Tuesday is live, and this month we included ColdFusion vulnerability data Expel has seen recently.
Cloud security | 9 min read
Vulnerability management for cloud environmentsVulnerability management in the cloud has its own unique challenges and strategies. Dive into the nuances and how Expel can help.
Current events | 2 min read
Patch Tuesday roundup for February 2025The February 2025 edition of Patch Tuesday is live, including 63 published CVEs from Microsoft. Here are our top takeaways.
Current events | 2 min read
Patch Tuesday roundup for January 2025The January 2025 edition of Patch Tuesday is live, including 159 published CVEs from Microsoft. Here are our top takeaways.
Current events | 2 min read
Patch Tuesday roundup for December 2024The December 2024 edition of Patch Tuesday is live, including 73 published CVEs from Microsoft. Here are our top takeaways.
Current events | 2 min read
Patch Tuesday roundup for November 2024The November 2024 edition of Patch Tuesday is live, including 89 published CVEs from Microsoft. Here are our top takeaways.
Current events | 2 min read
Patch Tuesday roundup for October 2024The October 2024 edition of Patch Tuesday is live, including 117 published CVEs from Microsoft. Here are our top takeaways.
Current events | 2 min read
Patch Tuesday roundup for September 2024The September 2024 edition of Patch Tuesday is live, including 79 published CVEs from Microsoft. Here are our top four takeaways.
Data & research | 5 min read
MDR insights: using vulnerability data to inform remediation strategiesMDR vulnerabilities data can be used with EPSS scoring and the CISA catalog to glean insights, reduce alert noise, and guide remediation.
Current events | 3 min read
A recap: Expel’s 2024 Black Hat experienceBlack Hat 2024 is over, and the big themes this year were vulnerabilities, election infrastructure, and evaluating security maturity.
Current events | 2 min read
Patch Tuesday roundup for August 2024The August 2024 edition of Patch Tuesday is live, including 53 published CVEs from Microsoft. Here are our top takeaways.
Company news | 1 min read
Black Hat 2024: Expel’s betting on black(hat)Find Expel at Black Hat 2024, booth #3009 at the Mandalay Bay Convention Center to beat the heat (from burnout and that toasty Vegas weather).
Current events | 2 min read
Patch Tuesday roundup for July 2024The July 2024 edition of Patch Tuesday is live, including 53 published CVEs from Microsoft. Here are our top takeaways.
Current events | 2 min read
Patch Tuesday roundup for June 2024The June 2024 edition of Patch Tuesday is live, including 53 published CVEs from Microsoft. Here are our top takeaways.
Current events | 1 min read
Patch Tuesday roundup for May 2024Patch Tuesday for May 2024 includes 67 published CVEs from Microsoft, and VMware joins the party with four CVEs of its own.
Company news | 2 min read
RSA Conference 2024: Community unlocks possibilityAt RSAC 2024, we're sharing what we learned and observed at this year's conference. Here's how we can achieve great outcomes together.
Company news | 2 min read
Expel returns to RSA Conference and embraces “The Art of Possible”Expel is back exhibiting at RSAC 2024, and we’re sharing the outcomes we enable that provide peace of mind and even help make PTO possible.
Current events | 2 min read
Patch Tuesday roundup for April 2024The April 2024 Patch Tuesday included 150 CVEs from Microsoft and 24 CVEs from Adobe. Here’s what our team recommends to reduce exploit risk.
Current events | 2 min read
Patch Tuesday roundup for March 2024The March 2024 Patch Tuesday included 60 CVEs from Microsoft and 68 CVEs from Apple. Here’s what our team recommends to reduce exploit risk.