STRATQUAD
CYBER THREAT INTELLIGENCE BRIEF
Daily Brief · 9 July 2026 · 24h windowRISKCRITICAL
StratQuad CTI Daily Brief, 9 July 2026
Compiled from 52 monitored sources · 290 articles reviewed

Today’s Briefing

Microsoft has patched a Defender zero-day known as RoguePlanet disclosed after June Patch Tuesday, though the signal does not name a CVE or specify the vulnerability class. CISA added three KEV entries today: CVE-2026-48908 in JoomShaper SP Page Builder (unrestricted file upload) and CVE-2026-55255, both under active exploitation, plus a third not named in the extract. Separately, six critical Apache vulnerabilities appeared on the watchlist.CVE-2026-33264 in Airflow (deserialisation allowing arbitrary import), CVE-2026-53913 in Camel Keycloak (authentication bypass), CVE-2026-48205 in Camel DNS (SSRF), and CVE-2026-48204 in Camel MongoDB GridFS (improper input validation).alongside two critical Esri ArcGIS Server flaws, CVE-2026-9182 (unrestricted file upload) and CVE-2026-9181 (directory traversal). Campaign reporting includes RedWing Android spyware distributed via Telegram and an Armored Likho APT campaign using AI-generated malware, though neither appears tied to today's vulnerability disclosures.

Top Stories

  1. Microsoft patches RoguePlanet Defender zero-day vulnerability
  2. CISA Adds Three Known Exploited Vulnerabilities to Catalog
  3. Hitachi Energy PROMOD V

Full brief available to subscribers

The complete operator brief — action items with patch deadlines, the vulnerability appendix and named actor activity — goes out by email each morning. Subscribe free to receive it.

Get the brief at 07:00, every weekday.

The day's UK security intelligence, read and ranked so you start informed: the stories that matter, the IOCs your SIEM needs, and the actions worth taking first.

← All briefs