Today’s Briefing
Microsoft reports a phishing campaign running since April 2026 against hospitality organisations using fake guest complaint emails to deliver TonRAT with resilient persistence mechanisms. The FBI and CISA updated their March advisory on Russian intelligence phishing to note that operators now prioritise stealing Signal backup recovery keys for long-term account access rather than verification codes alone. Six critical CVEs published today span Chrome on Android WebGL use-after-free flaws (CVE-2026-13032, CVE-2026-13028), Microsoft Exchange Online privilege escalation (CVE-2026-48582), Azure Active Directory authentication bypass (CVE-2026-45480), and Apache APISIX vulnerabilities including authentication bypass in the jwe-decrypt plugin (CVE-2026-49230) and CSRF in cas-auth (CVE-2026-49871).
Top Stories
Full brief available to subscribers
The complete operator brief — action items with patch deadlines, the vulnerability appendix and named actor activity — goes out by email each morning. Subscribe free to receive it.
Get the brief at 07:00, every weekday.
The day's UK security intelligence, read and ranked so you start informed: the stories that matter, the IOCs your SIEM needs, and the actions worth taking first.