Security news.
Today's cybersecurity landscape is dominated by active exploitation of critical vulnerabilities, major law enforcement actions against botnets, and the evolving role of AI in both attacks and defenses. CISA has added a SharePoint RCE flaw to its KEV catalog, while a significant residential proxy network has been disrupted.
SharePoint RCE (CVE-2026-45659) Added to CISA KEV
CISA has added a high-severity Microsoft SharePoint Server remote code execution vulnerability (CVE-2026-45659) to its Known Exploited Vulnerabilities catalog due to active exploitation.
FBI Seizes NetNut Proxy Platform, Popa Botnet
The FBI, in collaboration with industry partners including Google, has seized hundreds of domains associated with NetNut, a large residential proxy service linked to the Popa botnet, significantly degrading its operations.
Ransomware Groups Exploiting Citrix Bleed 2 (CVE-2025-5777)
Threat actors, including the Anubis ransomware operation, are actively exploiting the Citrix Bleed 2 vulnerability (CVE-2025-5777) for initial access, with public PoC code available immediately after disclosure.
FortiBleed Actors Collaborating With INC, Lynx Ransomware Gangs
Attackers exploiting the FortiBleed campaign, which gained access to thousands of Fortinet firewalls, are now monetizing this access and collaborating with INC and Lynx ransomware groups, also leveraging a Nextcloud zero-day.
Apple Reverses Patch Policy to Keep Up With AI-Driven Exploits
Apple is expected to implement more compressed patching cycles as attackers increasingly leverage artificial intelligence to accelerate time to exploit, signaling a shift in their long-standing update strategy.
ConsentFix and ClickFix Attacks Hijack Microsoft 365 Accounts
New ConsentFix and ClickFix attacks are stealing Microsoft 365 tokens in seconds by using fake prompts and OAuth flows, demonstrating effective MFA bypass tactics.
AI Agent Automates Database Ransomware Attack
Sysdig researchers have identified what they believe to be the first ransomware attack executed entirely by an AI agent, dubbed JADEPUFFER, which handled initial access, credential theft, lateral movement, and database encryption.
CISA Warns of Critical Vulnerabilities in Gardyn IoT Hub
CISA has issued an advisory for Gardyn IoT Hub vulnerabilities (CVE-2026-13768, CVE-2026-55726, CVE-2026-54477) with a CVSS score of 10, allowing unauthenticated users to access and control managed devices.