editorially independent. We may make money when you click on links
to our partners.
Learn More
Major Threats & Vulnerabilities
Zero-Day and Actively Exploited Vulnerabilities
Microsoft patched CVE-2026-21509, a zero-day vulnerability in Office exploited via malicious OLE objects. Users are strongly urged to apply the emergency update immediately.
Fortinet confirmed active exploitation of CVE-2026-24858, a FortiCloud SSO authentication bypass flaw. Attackers can gain cross-tenant admin access. Fortinet recommends disabling unnecessary SSO and auditing admin accounts.
Critical Remote Code Execution and DoS Vulnerabilities
OpenSSL released emergency patches for vulnerabilities that could lead to pre-authentication stack overflows and remote code execution. Immediate patching is advised for all affected systems.
Python PLY library suffers from a critical flaw (CVE-2025-56005) that allows remote code execution during application startup via unsafe pickle deserialization. The risk is heightened due to execution before security controls activate.
Zoom patched CVE-2026-22844, a critical command injection flaw that could allow remote command execution during meetings. GitLab also addressed multiple vulnerabilities, including DoS and 2FA bypass.
Denial-of-Service and Access Control Flaws
React Server Components were found vulnerable to unauthenticated DoS attacks. Patches are available, and organizations are advised to audit endpoints and implement rate limiting.
Cal.com access control flaws could allow account takeovers and exposure of sensitive booking data. While no exploitation has been reported, patches are recommended.
WordPress sites using the LA-Studio Element Kit plugin are at risk due to a backdoor vulnerability that allows attackers to create admin accounts. Over 20,000 sites are affected.
Advanced Threats and Malware Campaigns
A Windows malware campaign disables Defender using PowerShell, then deploys Amnesia RAT and ransomware. The malware is distributed via fake accounting archives.
Okta discovered vishing kits that bypass MFA in real time by guiding victims through authentication via phone calls. These kits are now sold as-a-service.
SharePoint AiTM phishing campaigns are targeting energy firms using trusted links to steal session tokens and bypass MFA protections.
Industry News
Major Data Breaches
ShinyHunters claimed responsibility for stealing 14 million Panera Bread customer records, raising concerns about phishing and fraud risks.
Under Armour suffered a ransomware attack that leaked 343 GB of customer data, including 72 million email addresses.
An unsecured database exposed 149 million usernames and passwords, likely harvested by infostealer malware. The data included Gmail and Facebook credentials.
Nike is investigating claims by World Leaks of a 1.4TB internal data theft, reflecting a trend toward extortion without ransomware deployment.
Government and Corporate Developments
Google disrupted the IPIDEA residential proxy network, which routed malicious traffic through millions of consumer devices to support botnets.
Federal cyber agencies announced they will not attend RSAC 2026, raising concerns over diminished public-private collaboration.
CISA is reviewing an incident involving the alleged upload of sensitive documents to ChatGPT by its acting head.
Over 800 tech workers signed a letter urging companies to end contracts with ICE, citing ethical concerns over AI use in immigration enforcement.
Apple released broad software updates for iPhones and iPads, fixing bugs and extending certificate validity to prevent 2027 service disruptions.
Security Tips & Best Practices
Threat Intelligence and Supply Chain Security
To improve threat intelligence, focus on industry-specific risks, integrate feeds into SIEM/SOAR/EDR, and correlate with internal telemetry to reduce false positives.
For software supply chain protection, maintain SBOMs, secure CI/CD pipelines, enforce artifact signing, and implement runtime monitoring and patching.
Endpoint and Application Security
To mitigate Office zero-day risks, enable Protected View, apply patches or use registry kill switches, limit admin rights, and tighten ASR rules.
Database and Account Security
To secure databases, enforce least-privilege access, eliminate shared accounts, use segmentation, encrypt data, and monitor audit logs.
To protect online shopping accounts, use unique passwords, enable MFA, avoid suspicious links, and limit stored personal data.
Organizations are encouraged to leverage threat intelligence feeds and tools, SBOM tools, and secure CI/CD frameworks to bolster their defenses. Emergency patches from Microsoft, Cisco, Zoom, and GitLab are available and should be applied immediately to mitigate active threats.
If you want to see more from our Newsletter Archive please click here.
