Today’s Briefing
CVE-2026-48558 in SimpleHelp RMM allows unauthenticated remote attackers to bypass authentication and gain full technician-level access to managed endpoints; NHS Digital issued CC-4804 yesterday and CISA added the vulnerability to the Known Exploited Vulnerabilities catalog overnight. Adobe released patches for six critical-severity flaws in ColdFusion versions 2025.9 and 2023.20, including arbitrary code execution vulnerabilities via improper input validation, path traversal, and unrestricted file upload (CVE-2026-48315, CVE-2026-48313, CVE-2026-48283, CVE-2026-48282, CVE-2026-48281, CVE-2026-48277). CISA published advisories for Delta Electronics DVP12SE PLC vulnerabilities enabling unauthenticated remote command execution and control logic modification, and for an XZ Utils flaw affecting B&R industrial automation products.
Top Stories
Full brief available to subscribers
The complete operator brief — action items with patch deadlines, the vulnerability appendix and named actor activity — goes out by email each morning. Subscribe free to receive it.
Get the brief at 07:00, every weekday.
The day's UK security intelligence, read and ranked so you start informed: the stories that matter, the IOCs your SIEM needs, and the actions worth taking first.