Today’s Briefing
Mandiant reports active zero-day exploitation of CVE-2026-20245 in Cisco Catalyst SD-WAN Manager at a service provider in early 2026, marking the lead item today. CISA added two vulnerabilities to the KEV catalog: CVE-2026-12569, an unauthenticated remote code execution flaw in PTC Windchill and FlexPLM, and CVE-2026-20230, a server-side request forgery vulnerability in Cisco Unified Communications Manager allowing unauthenticated file write. NHS Digital issued CC-4801 covering CVE-2025-67038, an unauthenticated OS command injection vulnerability in Lantronix serial-to-ethernet device servers now under active exploitation. The watchlist includes critical flaws in Apache APISIX (authentication bypass in jwe-decrypt plugin), Microsoft Exchange Online (privilege escalation via missing authorisation), and Azure Active Directory (privilege escalation via improper authentication).
Top Stories
Full brief available to subscribers
The complete operator brief — action items with patch deadlines, the vulnerability appendix and named actor activity — goes out by email each morning. Subscribe free to receive it.
Get the brief at 07:00, every weekday.
The day's UK security intelligence, read and ranked so you start informed: the stories that matter, the IOCs your SIEM needs, and the actions worth taking first.