NewIntroducing ISO360 — our all-in-one ISO compliance platform
Cybersecurity · Compliance · Cyber Risk Advisory
NewIntroducing ISO360 — ISO compliance platform

Cybersecurity, Compliance & Risk Advisory for the Digital Age

R4IM helps organizations strengthen security, achieve ISO compliance, manage cyber risk, and respond faster to emerging vulnerabilities — through practical, business-focused advisory services.

Trusted across
ISO 27001ISO 22301ITSM / ISO 20000VA / PTCloud SecurityGRC AdvisoryUAE Experience
Free Cyber Advisory Intelligence

Know what's exploited today. Act before it hits you.

Stay informed about critical vulnerabilities, actively exploited CVEs, vendor advisories, and emerging cyber risks. R4IM continuously monitors trusted public sources and simplifies the actions organizations should take.

HighCVE-2026-46323
linux · linux kernel

In the Linux kernel, the following vulnerability has been resolved: net: gro: don't merge zcopy skbs skb_gro_receive() can…

In the Linux kernel, the following vulnerability has been resolved: net: gro: don't merge zcopy skbs skb_gro_receive() can currently copy frags between the source and GRO skb, without checking the zerocopy status, and in particular the SKBFL_MANAGED_FRAG_REFS flag. When SKBFL_MANAGED_FRAG_REFS is set, the skb doesn't hold a reference on the pages in shinfo->frags. Appending those frags to another skb's frags without fixing up the page refcount can lead to UAF. When either the last skb in the GRO chain (the one we would append frags to) or the source skb is zerocopy, don't merge the skbs.

Updated Jul 8Remediation
HighCVE-2026-46324
linux · linux kernel

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: use list_del_rcu for netlink hooks…

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: use list_del_rcu for netlink hooks nft_netdev_unregister_hooks and __nft_unregister_flowtable_net_hooks need to use list_del_rcu(), this list can be walked by concurrent dumpers. Add a new helper and use it consistently.

Updated Jul 8Remediation
HighCVE-2026-14895
Vulnerability advisory

String::Util versions before 1.36 for Perl are susceptible to a regular expression denial of service.

String::Util versions before 1.36 for Perl are susceptible to a regular expression denial of service. The trim and rtrim functions stripped trailing whitespace with s/\s*$//u. Because \s* matches greedily and the $ anchor fails whenever a non-whitespace character follows the whitespace, the regex engine retries the match at each offset of a long whitespace run, producing quadratic backtracking. The fix replaces \s*$ with \s+$. Any caller that passes untrusted input to trim or rtrim can trigger CPU exhaustion with a string containing a long run of whitespace.

Updated Jul 8Remediation
HighCVE-2026-7017
Vulnerability advisory

HTTP::Tiny versions before 0.095 for Perl forward credential headers to cross-origin redirect targets.

HTTP::Tiny versions before 0.095 for Perl forward credential headers to cross-origin redirect targets. When the server returns a 3xx redirect, `_maybe_redirect` follows the `Location:` header and `_prepare_headers_and_cb` re-merges the caller's `headers` argument into the new request, without checking whether the redirect target shares an origin with the original URL. Caller-supplied `Authorization`, `Cookie` and `Proxy-Authorization` headers are therefore re-sent to whatever host the redirect names, across scheme, host or port boundaries, and including `https` to `http` downgrades that expose them in plaintext on the wire. The HTTP::Tiny POD note that "Authorization headers will not be included in a redirected request" applied only to the URL-userinfo Basic-auth path, not to headers passed explicitly by the caller.

Updated Jul 8Remediation
TrackedCVE-2026-49145
Vulnerability advisory

App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project .ackrc.

App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The project-source option blocklist in App::Ack::ConfigLoader does not include --files-from, so a project .ackrc can set it to a path whose listed files ack then reads and searches. Version 3.10.0 added --follow to the blocklist; --files-from remains accepted. A project .ackrc committed to an untrusted repository can make ack read files outside the project and print their matching lines.

Updated Jul 8Remediation
TrackedCVE-2026-49146
Vulnerability advisory

App::Ack versions before 3.10.0 for Perl allow memory exhaustion via an unbounded context value in a project .ackrc.

App::Ack versions before 3.10.0 for Perl allow memory exhaustion via an unbounded context value in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The -B and -C context options accepted any positive integer, and ack sized the before-context buffer to that value, so a project .ackrc setting --before-context=100000000 made ack allocate a buffer of 100 million elements. A project .ackrc committed to an untrusted repository can abort ack with an out-of-memory condition.

Updated Jul 8Remediation
New Product

Meet ISO360

The all-in-one platform to plan, implement, and sustain ISO compliance.

Built by R4IM consultants for security, quality, and business continuity teams. ISO360 streamlines controls, evidence, risk, audits, and continual improvement across ISO 27001, ISO 22301, ISO 20000, and more — in one workspace.

  • Multi-standard control library
  • Evidence & document management
  • Risk register & treatment plans
  • Internal audits & CAPAs
  • Real-time compliance dashboards
  • Team collaboration & workflows
ISO360 · Live workspace
Online
Controls
128 / 156
Open risks
7
ISO 27001 readiness82%
ISO 22301 readiness68%
ISO 20000 readiness54%
Powered by R4IM · iso360.r4im.com
Why R4IM

Practical advisory.
Audit-ready outcomes.

We work shoulder-to-shoulder with your teams to close compliance gaps, reduce cyber risk, and build security programs your auditors and your board can both trust. Two decades of UAE and global experience across ISO, cybersecurity, cloud, and GRC.

20+
Years of advisory experience
150+
Engagements delivered
ISO
27001 · 22301 · 20000 practice
UAE
Local presence, global reach
Talk to a Consultant

Get a clear next step on your cyber & compliance roadmap.

A senior R4IM advisor will reply within one business day. UAE-based teams available for on-site engagements across the region.