CISA added eight new vulnerabilities to the Known Exploited Vulnerabilities (KEV) Catalog during the past seven days, spanning legacy Cisco infrastructure, multiple Joomla ecosystem extensions, Adobe ColdFusion, Langflow, and Microsoft SharePoint Server. The most significant operational trend is the concentration of unauthenticated file upload vulnerabilities affecting public-facing web applications, many of which provide immediate paths to web shell deployment and remote code execution. Security, vulnerability management, and infrastructure teams should prioritise internet-facing web applications and collaboration platforms for immediate exposure validation and remediation activity.
Reading time 10 minutes
Executive TL;DR:
CISA added one new vulnerability to the Known Exploited Vulnerabilities (KEV) Catalog during the past seven days: CVE-2026-45659, affecting Microsoft SharePoint Server. The addition confirms active exploitation and elevates patching from routine maintenance to an operational priority for organisations running on-premises SharePoint infrastructure. Security, vulnerability management and infrastructure teams should identify exposed SharePoint deployments immediately, validate patch status, and prioritise remediation ahead of routine patch cycles.
Reading time 15 minutes
The UK NCSC warns that an imminent AI-driven "patch wave" will completely overwhelm traditional security update pipelines. This guide breaks down the threat mechanics and delivers a practical playbook to help teams scale automation and deploy risk-based triage before exploit windows collapse.
Reading time 5 minutes
Executive TL;DR:
» CISA’s June 2026 KEV additions target high-value enterprise consoles and infrastructure management platforms across your deployment footprint.
» Threat actors are actively chaining the new Ubiquiti flaws to gain unauthenticated root access and completely wipe local device logs.
» Prioritizing these six network-reachable flaws using combined EPSS and KEV telemetry immediately neutralizes active edge compromise vectors.
Reading time 15 minutes
COOKIE / PRIVACY POLICY: This website uses essential cookies required for basic site functionality. We also use analytics cookies to understand how the website is used. We do not use cookies for marketing or personalization, and we do not sell or share any personal data with third parties.