Ivanti Sentry MDM Gateways Backdoored Within 48 Hours of Patch: CVSS 10.0 Pre-Auth RCE
A CVSS 10.0 pre-authentication OS command injection in Ivanti Sentry allows unauthenticated root-level code execution on MDM gateway appliances. Production instances were backdoored within 48 hours of the advisory. CISA has set a 14 June 2026 remediation deadline.
Flash Briefings
All briefings →Ivanti Sentry MDM Gateways Backdoored Within 48 Hours of Patch: CVSS 10.0 Pre-Auth RCE
A CVSS 10.0 pre-authentication OS command injection in Ivanti Sentry allows unauthenticated root-level code execution on MDM gateway appliances. Production instances were backdoored within 48 hours of the advisory. CISA has set a 14 June 2026 remediation deadline.
RoguePlanet: Seventh Zero-Day Dropped Hours After Patch Tuesday, Targets Microsoft Defender on Fully Patched Windows
The researcher behind the Nightmare-Eclipse exploit series has released a seventh zero-day — RoguePlanet — exploiting a race condition in Microsoft Defender to deliver SYSTEM privileges on fully patched Windows 10 and 11, hours after June Patch Tuesday closed the previous six.
CVE-2026-44963: Critical Veeam Backup RCE Gives Any Domain User a Path to Ransomware's Favourite Target
A CVSS 9.4 remote code execution flaw in Veeam Backup & Replication v12 lets any authenticated domain user execute arbitrary code on backup servers — recreating the low-barrier attack surface that ransomware groups have repeatedly weaponised in prior Veeam vulnerabilities.
Qilin Ransomware Affiliate Exploiting Authentication Bypasses Across Four VPN Platforms in Coordinated Campaign
A Qilin ransomware affiliate is systematically exploiting authentication bypass vulnerabilities across Check Point, Palo Alto Networks, Fortinet, and F5 VPN infrastructure simultaneously — with a month-long zero-day window on the Check Point flaw before any patch existed.
Deep Analysis
All analysis →APT41 / Winnti / Double Dragon: China's Dual-Mandate Cyber Threat Group
APT41 operates simultaneously as a state-directed espionage actor targeting strategic industries for Beijing and a financially motivated cybercriminal enterprise — a combination unique among Chinese threat groups. A 2026 ELF cloud credential backdoor with zero VirusTotal detections is the latest evidence of the group's continued operational sophistication.
Gamaredon (Primitive Bear, Aqua Blizzard) — Russia's FSB-linked APT targeting Ukraine since 2014 — has deployed a newly modularised malware framework in 2026, using HTML smuggling and CVE-2025-8088 WinRAR exploitation for initial access. Sekoia's June 2026 analysis reveals a four-stage VBScript loader chain, Telegram-based dead drop resolvers, and five distinct payload families covering every phase of the kill chain.
APT28: Russia's GRU Hacking Unit and the Twenty-Year Campaign Against Western Democracy
APT28 — Fancy Bear, Forest Blizzard, GRU Unit 26165 — is Russia's Military Intelligence cyber arm and the most prolific nation-state attacker targeting Western governments, militaries, and democratic institutions. This deep dive covers their operational history, tradecraft, tooling, and current targeting priorities.
Commentary
All commentary →The 2026 Iran Conflict and the Dawn of Cyber-Enabled Kinetic Targeting
Iran's conflict with the US and Israel in 2026 confirmed what threat analysts had long theorised: cyberspace is now inseparable from kinetic warfare. What the Iran war reveals about hybrid doctrine — and what it means for critical infrastructure operators.
The AI Patch Wave Is Already Here -- and Defenders Are Already Behind
The NCSC warned in May that AI-accelerated vulnerability discovery would create a forced correction of technical debt. One month later, Anthropic's Project Glasswing has already found over 10,000 critical vulnerabilities in open source. The bottleneck is no longer finding bugs. It's fixing them.
A joint advisory from CISA, NCSC, and ten allied nations describes how China-linked threat actors have abandoned dedicated attack infrastructure in favour of networks of compromised home routers and IoT devices. The implication for defenders is worse than it sounds.