Today’s Briefing
CVE-2026-20253 in Splunk Enterprise allows remote unauthenticated attackers to create arbitrary files and potentially execute code, flagged by NHS Digital as medium severity but carrying full compromise risk. Oracle's June Critical Patch Update includes six critical severity flaws in JD Edwards EnterpriseOne Tools and E-Business Suite products, all easily exploitable with network access. The NCSC CEO stated that hostile states are linked to three quarters of cyber attacks affecting UK critical infrastructure, speaking at RUSI's Annual Security Lecture. Rockwell Automation released advisories for FactoryTalk Analytics PavilionX CVE-2025-14272 and multiple vulnerabilities in FLEX I/O EtherNet/IP Adapters that could enable unauthorised access and availability loss.
Top Stories
Full brief available to subscribers
The complete operator brief — action items with patch deadlines, the vulnerability appendix and named actor activity — goes out by email each morning. Subscribe free to receive it.
Get the brief at 07:00, every weekday.
The day's UK security intelligence, read and ranked so you start informed: the stories that matter, the IOCs your SIEM needs, and the actions worth taking first.