Today’s Briefing
CVE-2026-48558, an authentication bypass in SimpleHelp's OIDC flow that accepts identity tokens without verifying cryptographic signatures, has been added to CISA's Known Exploited Vulnerabilities catalogue following evidence of active exploitation. NHS Digital has issued a high severity alert for CVE-2026-46817 in Oracle E-Business Suite Payments, which permits unauthenticated remote takeover of the component. Microsoft removed 119 malicious Edge extensions that delivered malware hidden in images, and separate reporting describes a Chromium extension campaign using AI branding to redirect browser search traffic.
Top Stories
Full brief available to subscribers
The complete operator brief — action items with patch deadlines, the vulnerability appendix and named actor activity — goes out by email each morning. Subscribe free to receive it.
Get the brief at 07:00, every weekday.
The day's UK security intelligence, read and ranked so you start informed: the stories that matter, the IOCs your SIEM needs, and the actions worth taking first.