Enterprise Security Intelligence

Current Enterprise Security and PKI Topics

Source-backed security, PKI, certificate, identity, and post-quantum cryptography topics selected for enterprise relevance. Articles are reviewed before publication and include source attribution.

Last editorial review: June 22, 2026

Selected CISA KEV and Enterprise-Relevant Vulnerability Items

CVE IDs sourced from CISA KEV catalog and MSRC. Federal remediation deadlines shown are historical — verify current patch status at cisa.gov.

Certificate Security Hardening Reference

Evergreen Microsoft hardening items for ADCS, Kerberos, LDAP, and CryptoAPI — sourced from MSRC advisories. Not current-month Patch Tuesday releases.

CISA Advisories — Historical Reference

Joint advisories relevant to PKI and enterprise identity. Dates reflect original CISA publication; verify current guidance at cisa.gov.

Advisory Feed
CISA KEVJun 2026

CVE-2025-47984 — Windows LDAP RCE, CVSS 9.8. Patch applied November 2025 Patch Tuesday. Verify all DCs are updated.

SpecterOpsJun 2026

ESC8 NTLM relay to ADCS Web Enrollment remains unmitigated in most enterprise environments. EPA enforcement is the fix.

MicrosoftMay 2026

Azure AD CBA strict CA enforcement deadline: August 12, 2026. Audit your trusted CA store now — see our article.

CISAMay 2026

CISA updated its ADCS hardening guidance. Key recommendation: disable Web Enrollment if not required; enable EPA if it is.

NISTApr 2026

FIPS 203, 204, 205 finalized. ML-KEM and ML-DSA are the primary PQC replacements for RSA/ECDH and ECDSA.

CA/B ForumMar 2026

Ballot SC-081 passed: TLS certificate maximum validity reduced to 47 days effective March 2026 (phased rollout through 2029).

InsecurePlanet Security Brief

Weekly digest of CISA KEV additions, Patch Tuesday highlights, and PKI advisory coverage — delivered to your inbox.

Subscribe Free