Today’s Briefing
Microsoft published an incident report documenting two separate threat actors operating simultaneously inside a single compromised environment, each deploying distinct tooling and evasion techniques that complicated attribution and detection. Kaspersky released campaign reports on Cloud Atlas, detailing new tooling and payloads observed in late 2025 and early 2026, and on a VBScript campaign distributed via WhatsApp that deploys remote monitoring and management software. Palo Alto Unit 42 published tracking on Iranian APT Screening Serpens espionage campaigns active in 2026, and Malwarebytes reported thousands of end-of-life D-Link routers now controlled by the AryStinger botnet.
Top Stories
Full brief available to subscribers
The complete operator brief — action items with patch deadlines, the vulnerability appendix and named actor activity — goes out by email each morning. Subscribe free to receive it.
Get the brief at 07:00, every weekday.
The day's UK security intelligence, read and ranked so you start informed: the stories that matter, the IOCs your SIEM needs, and the actions worth taking first.