Today’s Briefing
Microsoft has patched a Defender zero-day known as RoguePlanet disclosed after June Patch Tuesday, though the signal does not name a CVE or specify the vulnerability class. CISA added three KEV entries today: CVE-2026-48908 in JoomShaper SP Page Builder (unrestricted file upload) and CVE-2026-55255, both under active exploitation, plus a third not named in the extract. Separately, six critical Apache vulnerabilities appeared on the watchlist.CVE-2026-33264 in Airflow (deserialisation allowing arbitrary import), CVE-2026-53913 in Camel Keycloak (authentication bypass), CVE-2026-48205 in Camel DNS (SSRF), and CVE-2026-48204 in Camel MongoDB GridFS (improper input validation).alongside two critical Esri ArcGIS Server flaws, CVE-2026-9182 (unrestricted file upload) and CVE-2026-9181 (directory traversal). Campaign reporting includes RedWing Android spyware distributed via Telegram and an Armored Likho APT campaign using AI-generated malware, though neither appears tied to today's vulnerability disclosures.
Top Stories
Full brief available to subscribers
The complete operator brief — action items with patch deadlines, the vulnerability appendix and named actor activity — goes out by email each morning. Subscribe free to receive it.
Get the brief at 07:00, every weekday.
The day's UK security intelligence, read and ranked so you start informed: the stories that matter, the IOCs your SIEM needs, and the actions worth taking first.