Today’s Briefing
CISA and the FBI updated their public service announcement warning that Russian Intelligence Services continue to target commercial messaging applications in phishing campaigns, the second such alert since March. Google Threat Intelligence published details of STOCKSTAY, a new intelligence collection tool attributed to Turla, while Microsoft released analysis of StealC and Amadey infostealers and the cybercrime services delivering them. The watchlist includes two critical use-after-free vulnerabilities in Chrome on Android (CVE-2026-13032 and CVE-2026-13028) rated for sandbox escape, a critical missing authorisation flaw in Exchange Online (CVE-2026-48582), and an improper authentication vulnerability in Azure Active Directory (CVE-2026-45480), all disclosed within the current patch cycle.
Top Stories
Full brief available to subscribers
The complete operator brief — action items with patch deadlines, the vulnerability appendix and named actor activity — goes out by email each morning. Subscribe free to receive it.
Get the brief at 07:00, every weekday.
The day's UK security intelligence, read and ranked so you start informed: the stories that matter, the IOCs your SIEM needs, and the actions worth taking first.