CISA AA26-194A: FSB Center 16 Exploiting Default SNMP Credentials to Exfiltrate Router Configs from Critical Infrastructure
A 19-agency joint advisory from 13 countries details how FSB Center 16 has been harvesting router configurations and credentials from critical infrastructure networks globally by exploiting default SNMP community strings and unpatched Cisco Smart Install deployments.
Flash Briefings
All briefings →CISA AA26-194A: FSB Center 16 Exploiting Default SNMP Credentials to Exfiltrate Router Configs from Critical Infrastructure
A 19-agency joint advisory from 13 countries details how FSB Center 16 has been harvesting router configurations and credentials from critical infrastructure networks globally by exploiting default SNMP community strings and unpatched Cisco Smart Install deployments.
Fortinet FortiSandbox: Three OS Injection Flaws Under Active Exploitation, CISA Orders Patch by July 19
CISA added three critical OS command injection vulnerabilities in Fortinet FortiSandbox to the KEV catalog on July 16, 2026, citing active exploitation. Federal agencies face a July 19 patch deadline; enterprise defenders running FortiSandbox on-premises, cloud, or PaaS must act immediately.
Five Eyes Alert: Russian FSB Router Campaign Targets Critical Sectors Globally
CISA, NSA, FBI, and 15 international partners have issued a joint advisory warning that Russian FSB Center 16 actors are systematically exploiting poorly configured networking devices across energy, communications, healthcare, and financial services.
Oracle EBS Payments Component Hit with CVSS 9.8 Unauthenticated RCE — CISA Sets 72-Hour Federal Deadline
CVE-2026-46817 is a CVSS 9.8 unauthenticated remote code execution flaw in Oracle E-Business Suite's Payments File Transmission component. CISA added it to the Known Exploited Vulnerabilities catalogue on July 15 with a federal patch deadline of July 18 — 72 hours from disclosure to mandatory remediation.
Deep Analysis
All analysis →Akira Ransomware: The VPN-First Playbook Behind a $244 Million Operation
Akira has become one of the most prolific ransomware operations of 2025-26 by sticking to a disciplined playbook: compromised VPN credentials, ESXi encryptors, and a short negotiation window. Here's how the group operates, who it targets, and what defenders can do about it.
Infoblox and The Hacker News disclosed in July 2026 that Lurking Lizard, a China-based financially motivated threat group, operates an industrial-scale residential proxy business sustained by trojaned installers for legitimate software. The network has processed hundreds of millions of proxy requests and is actively rented to criminal and espionage-linked operators.
Microsoft disclosed Storm-2755 in April 2026 — a financially motivated threat actor conducting adversary-in-the-middle phishing campaigns against Canadian employees to redirect payroll deposits to attacker-controlled bank accounts. The group operates without traditional malware, using stolen session tokens to bypass MFA and modify direct deposit settings in HR portals.
Commentary
All commentary →Twenty-Two Seconds: What M-Trends 2026 Says About Attacker Speed and Defender Reality
Mandiant's M-Trends 2026 report, grounded in over 500,000 hours of incident investigations, contains several findings that should recalibrate how security teams think about detection windows, initial access economics, and the real mechanics of ransomware recovery denial. The headline statistic — 22 seconds from initial access to secondary threat group handoff — isn't the most important one.
The Agentic Attack Surface: Your AI Assistant Is the New Endpoint
Enterprise AI assistants now hold privileged access to code repositories, cloud credentials, internal APIs, and production systems. Security teams are not monitoring them. This is a structural blind spot with material consequences — and it's arriving faster than most organisations realise.
The 2026 Iran Conflict and the Dawn of Cyber-Enabled Kinetic Targeting
Iran's conflict with the US and Israel in 2026 confirmed what threat analysts had long theorised: cyberspace is now inseparable from kinetic warfare. What the Iran war reveals about hybrid doctrine — and what it means for critical infrastructure operators.