Fresh headlines auto-curated from leading cybersecurity sources appear here — each one reviewed before publishing.
Cybersecurity intelligence, curated and contextual.
In-depth analysis, threat research and industry perspective to help you stay ahead of what's next — new CVEs, model releases and attack patterns, without the breathless coverage.
Latest from the wire · auto-updated
SharePoint RCE lands on CISA's must-patch list — the bulletin came weeks after the fix
Microsoft shipped the fix for CVE-2026-45659 in May's cumulative update but published the bulletin weeks later. CISA has confirmed active exploitation and added it to the KEV catalog — the CVSS 8.8 flaw is RCE via unsafe deserialization. On-prem SharePoint? Confirm you're on the May cumulative update.
A perfect 10.0 in SimpleHelp puts MSPs back in the supply-chain blast radius
CVE-2026-48558 scores maximum CVSS severity in SimpleHelp, an RMM tool widely used by managed service providers; exploitation is tracked via the "TaskWeaver" loader. One vulnerable MSP endpoint can fan out into every client network that MSP touches — if you outsource IT, this is the week to ask your provider directly.
JetBrains patches auth bypass and RCE across Hub, YouTrack, IntelliJ and more
A cluster of critical flaws across JetBrains' on-prem tools chains into auth bypass, account takeover and RCE — the sharpest a CVSS 9.8 from predictable account-restore codes. An IDE runs with your privileges: patch before opening untrusted repositories in any JetBrains product.
Anthropic ships Claude Sonnet 5 as the new default — agentic performance near Opus, at Sonnet pricing
Claude Sonnet 5 went live June 30 and is the new default for Free and Pro users, pitched squarely at agentic work: planning, tool use and autonomous runs at a level that used to need a pricier model. If Claude is wired into your tooling, benchmark against your own eval set before switching wholesale.