<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Incident-Report on CuraSec</title><link>https://curasec.metacog.co.kr/tags/incident-report/</link><description>Recent content in Incident-Report on CuraSec</description><generator>Hugo</generator><language>en-us</language><lastBuildDate>Sun, 12 Jul 2026 11:56:34 +0000</lastBuildDate><atom:link href="https://curasec.metacog.co.kr/tags/incident-report/index.xml" rel="self" type="application/rss+xml"/><item><title>CVE-2026-LGTM: Incident Report Post-Mortem</title><link>https://curasec.metacog.co.kr/insights/2026-07-12-incident-cve-2026-lgtm/</link><pubDate>Sun, 12 Jul 2026 11:56:34 +0000</pubDate><guid>https://curasec.metacog.co.kr/insights/2026-07-12-incident-cve-2026-lgtm/</guid><description>&lt;ul>
&lt;li>&lt;strong>Engineer — Learn:&lt;/strong> High HN engagement (598 points) suggests a meaningful incident post-mortem worth reviewing for design and response lessons, but no enrichment signals confirm active exploitation or a specific patch action needed now.&lt;/li>
&lt;li>&lt;strong>SOC/IR — Learn:&lt;/strong> No IOCs, TTPs, or detection surface described in available signals; read the full post-mortem to assess whether any behavioral indicators emerge from the incident timeline.&lt;/li>
&lt;li>&lt;strong>Leader — Learn:&lt;/strong> Strong community interest indicates a notable incident with potential governance lessons; review for any supply-chain or disclosure implications relevant to your risk register.&lt;/li>
&lt;/ul></description></item><item><title>Incident Report: CVE-2024-YIKES (developer post-mortem)</title><link>https://curasec.metacog.co.kr/insights/2026-07-12-incident-report-cve-2024-yikes/</link><pubDate>Sun, 12 Jul 2026 11:56:34 +0000</pubDate><guid>https://curasec.metacog.co.kr/insights/2026-07-12-incident-report-cve-2024-yikes/</guid><description>&lt;ul>
&lt;li>&lt;strong>Engineer — Learn:&lt;/strong> High community engagement (712 HN points) suggests a substantive technical incident post-mortem worth reading, but the summary contains no software names, patch targets, or affected versions — read the full post to determine if it touches systems you run.&lt;/li>
&lt;li>&lt;strong>SOC/IR — Learn:&lt;/strong> No IOCs, TTPs, or detection surface are visible in the summary; if the linked post-mortem contains campaign or exploitation details, revisit for detection value after reading.&lt;/li>
&lt;li>&lt;strong>Leader — Skip&lt;/strong>&lt;/li>
&lt;/ul></description></item></channel></rss>