Today’s Briefing
EclecticIQ reports an SEO poisoning campaign impersonating Gemini and Claude Code to distribute infostealers via search results. US and Canadian authorities have arrested and charged the alleged operator of the Kimwolf botnet. Apache Shiro CVE-2026-49268 permits LDAP injection via unsanitised username input in the DefaultLdapRealm class, and Apache Airflow SFTP provider CVE-2026-50203 allows path traversal when retrieving directories from a malicious SFTP server. Oracle E-Business Suite patches three critical flaws in Advanced Outbound Telephony and iSupport components, all exploitable by network attackers. Huntress has published defence evasion TTPs for The Gentlemen ransomware, which remains under watch for its BYOVD EDR-killing suite.
Top Stories
Full brief available to subscribers
The complete operator brief — action items with patch deadlines, the vulnerability appendix and named actor activity — goes out by email each morning. Subscribe free to receive it.
Get the brief at 07:00, every weekday.
The day's UK security intelligence, read and ranked so you start informed: the stories that matter, the IOCs your SIEM needs, and the actions worth taking first.