Today’s Briefing
CISA added CVE-2026-10520, an OS command injection flaw in Ivanti Sentry, to the Known Exploited Vulnerabilities catalog based on evidence of active exploitation. Russian APTs continue exploiting the previously patched WinRAR vulnerability CVE-2025-8088, and ShinyHunters is targeting the education sector with an Oracle PeopleSoft exploit. Microsoft issued 49 security updates today, including five critical-severity flaws affecting Windows components from HTTP.sys to the DHCP client.
Top Stories
Full brief available to subscribers
The complete operator brief — action items with patch deadlines, the vulnerability appendix and named actor activity — goes out by email each morning. Subscribe free to receive it.
Get the brief at 07:00, every weekday.
The day's UK security intelligence, read and ranked so you start informed: the stories that matter, the IOCs your SIEM needs, and the actions worth taking first.