Today’s Briefing
Google Threat Intelligence Group has disclosed UNC6508, a China-nexus actor that spent over a year inside North American academic, medical, and military research networks, compromising externally facing web applications and deploying custom malware to reach sensitive internal systems focused on artificial intelligence, cyber, medical, and national defence research. The watchlist carries three critical Apache CXF vulnerabilities today: CVE-2026-50628, an inverted IP allowlist in OAuthRequestFilter; CVE-2026-50627, missing JWT audience validation allowing token replay across resource servers; and CVE-2026-49875, XXE via unconfigured SAX parsers in endpoint reference handling.
Top Stories
Full brief available to subscribers
The complete operator brief — action items with patch deadlines, the vulnerability appendix and named actor activity — goes out by email each morning. Subscribe free to receive it.
Get the brief at 07:00, every weekday.
The day's UK security intelligence, read and ranked so you start informed: the stories that matter, the IOCs your SIEM needs, and the actions worth taking first.