Today’s Briefing
CVE-2026-45659 in Microsoft SharePoint Server is under active exploitation, allowing authenticated attackers to achieve remote code execution via network access. NHS Digital has issued a CareCERT alert, and CISA has added the vulnerability to the Known Exploited Vulnerabilities catalogue. Two critical vulnerabilities in UltraVNC Repeater also warrant attention: CVE-2026-7839 exposes a hard-coded credential granting administrative control, and CVE-2026-7840 permits unauthenticated arbitrary code execution. Google Chrome 150.0.7871.46 patches six critical vulnerabilities, four of which could enable sandbox escape via crafted HTML pages, including CVE-2026-14419 in Skia and CVE-2026-14420 in Dawn.
Top Stories
Full brief available to subscribers
The complete operator brief — action items with patch deadlines, the vulnerability appendix and named actor activity — goes out by email each morning. Subscribe free to receive it.
Get the brief at 07:00, every weekday.
The day's UK security intelligence, read and ranked so you start informed: the stories that matter, the IOCs your SIEM needs, and the actions worth taking first.