STRATQUAD
CYBER THREAT INTELLIGENCE BRIEF
Daily Brief · 26 June 2026 · 24h windowRISKHIGH
StratQuad CTI Daily Brief, 26 June 2026
Compiled from 52 monitored sources · 182 articles reviewed

Today’s Briefing

Mandiant reports active zero-day exploitation of CVE-2026-20245 in Cisco Catalyst SD-WAN Manager at a service provider in early 2026, marking the lead item today. CISA added two vulnerabilities to the KEV catalog: CVE-2026-12569, an unauthenticated remote code execution flaw in PTC Windchill and FlexPLM, and CVE-2026-20230, a server-side request forgery vulnerability in Cisco Unified Communications Manager allowing unauthenticated file write. NHS Digital issued CC-4801 covering CVE-2025-67038, an unauthenticated OS command injection vulnerability in Lantronix serial-to-ethernet device servers now under active exploitation. The watchlist includes critical flaws in Apache APISIX (authentication bypass in jwe-decrypt plugin), Microsoft Exchange Online (privilege escalation via missing authorisation), and Azure Active Directory (privilege escalation via improper authentication).

Top Stories

  1. Zero-Day Exploitation of Vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager
  2. CC-4802 - FFmpeg Releases Update for Vulnerability in MagicYUV Decoder
  3. CC-4801 - Exploitation of Critical Vulnerability in Lantronix Serial-to-Ethernet Device Servers
  4. Horner Automation Cscape
  5. EVoke Systems Charging Station Management System

Full brief available to subscribers

The complete operator brief — action items with patch deadlines, the vulnerability appendix and named actor activity — goes out by email each morning. Subscribe free to receive it.

Get the brief at 07:00, every weekday.

The day's UK security intelligence, read and ranked so you start informed: the stories that matter, the IOCs your SIEM needs, and the actions worth taking first.

← All briefs