TL;DR CVE-2025-55182 is a CVSS 10 unauthenticated RCE in React Server Components (RSC/Flight). Default Next.js apps using affected RSC implementations are a key vector.[1] A public PoC was available on Dec 4, 2025, and vendors report in‑the‑wild exploitation.[1][2]...
Investigating systemic patching failures on Windows 11 24H2. At endpointX we operate patching services for a variety of organisations, from small business to large global enterprises. Recently we’ve noticed a consistent and systemic reduction in patch success rates....
endpointX sent some of the team to Tanium’s annual Converge conference in Orlando this week. It was the 9th annual Tanium conference we’ve attended showcasing the future of endpoint management and security. The conference revealed several transformative...
Patching is an integral element of vulnerability management, but too few organisations recognise the link overtly We need to talk about patching. Most organisations now have processes in place to fix the security vulnerabilities that are periodically identified in...
How quickly could your organisation respond to a previously unknown threat? If you don’t know the answer, it’s probably not quickly enough – and you may need help. Cyber security leaders know what zero-day response means in principle – an immediate and effective...
