Skip to content
Flash Briefing high Communicationsenergy

CISA AA26-194A: FSB Center 16 Exploiting Default SNMP Credentials to Exfiltrate Router Configs from Critical Infrastructure

A 19-agency joint advisory from 13 countries details how FSB Center 16 has been harvesting router configurations and credentials from critical infrastructure networks globally by exploiting default SNMP community strings and unpatched Cisco Smart Install deployments.

Adversary Wire · · 4 min read Read more →
All briefings →
high Communications

CISA AA26-194A: FSB Center 16 Exploiting Default SNMP Credentials to Exfiltrate Router Configs from Critical Infrastructure

A 19-agency joint advisory from 13 countries details how FSB Center 16 has been harvesting router configurations and credentials from critical infrastructure networks globally by exploiting default SNMP community strings and unpatched Cisco Smart Install deployments.

critical CNI

Fortinet FortiSandbox: Three OS Injection Flaws Under Active Exploitation, CISA Orders Patch by July 19

CISA added three critical OS command injection vulnerabilities in Fortinet FortiSandbox to the KEV catalog on July 16, 2026, citing active exploitation. Federal agencies face a July 19 patch deadline; enterprise defenders running FortiSandbox on-premises, cloud, or PaaS must act immediately.

high Communications

Five Eyes Alert: Russian FSB Router Campaign Targets Critical Sectors Globally

CISA, NSA, FBI, and 15 international partners have issued a joint advisory warning that Russian FSB Center 16 actors are systematically exploiting poorly configured networking devices across energy, communications, healthcare, and financial services.

critical Finance

Oracle EBS Payments Component Hit with CVSS 9.8 Unauthenticated RCE — CISA Sets 72-Hour Federal Deadline

CVE-2026-46817 is a CVSS 9.8 unauthenticated remote code execution flaw in Oracle E-Business Suite's Payments File Transmission component. CISA added it to the Known Exploited Vulnerabilities catalogue on July 15 with a federal patch deadline of July 18 — 72 hours from disclosure to mandatory remediation.

All analysis →
professional-servicesmanufacturing high

Akira Ransomware: The VPN-First Playbook Behind a $244 Million Operation

Akira has become one of the most prolific ransomware operations of 2025-26 by sticking to a disciplined playbook: compromised VPN credentials, ESXi encryptors, and a short negotiation window. Here's how the group operates, who it targets, and what defenders can do about it.

· 12 min read

FinanceCNI high

Lurking Lizard: How a China-Linked Cybercrime Group Built a Global Residential Proxy Network Through Fake Software

Infoblox and The Hacker News disclosed in July 2026 that Lurking Lizard, a China-based financially motivated threat group, operates an industrial-scale residential proxy business sustained by trojaned installers for legitimate software. The network has processed hundreds of millions of proxy requests and is actively rented to criminal and espionage-linked operators.

· 12 min read

Financeprofessional-services high

Storm-2755: Inside the Malware-Free Payroll Fraud Group Redirecting Canadian Salaries to Attacker Accounts

Microsoft disclosed Storm-2755 in April 2026 — a financially motivated threat actor conducting adversary-in-the-middle phishing campaigns against Canadian employees to redirect payroll deposits to attacker-controlled bank accounts. The group operates without traditional malware, using stolen session tokens to bypass MFA and modify direct deposit settings in HR portals.

· 11 min read

All commentary →
FinanceCNI

Twenty-Two Seconds: What M-Trends 2026 Says About Attacker Speed and Defender Reality

Mandiant's M-Trends 2026 report, grounded in over 500,000 hours of incident investigations, contains several findings that should recalibrate how security teams think about detection windows, initial access economics, and the real mechanics of ransomware recovery denial. The headline statistic — 22 seconds from initial access to secondary threat group handoff — isn't the most important one.

· 7 min read

technologyFinance

The Agentic Attack Surface: Your AI Assistant Is the New Endpoint

Enterprise AI assistants now hold privileged access to code repositories, cloud credentials, internal APIs, and production systems. Security teams are not monitoring them. This is a structural blind spot with material consequences — and it's arriving faster than most organisations realise.

· 8 min read

CNICommunications

The 2026 Iran Conflict and the Dawn of Cyber-Enabled Kinetic Targeting

Iran's conflict with the US and Israel in 2026 confirmed what threat analysts had long theorised: cyberspace is now inseparable from kinetic warfare. What the Iran war reveals about hybrid doctrine — and what it means for critical infrastructure operators.

· 8 min read