Cloud & Enterprise
Cloud and enterprise IT covers identity, access, SaaS, hybrid infrastructure and corporate attack surfaces. The analysis helps readers follow risks, incidents and architectural decisions relevant to complex environments.

ZDI-26-438: RCE in Rockwell Arena Simulation via DOE File, Patch Available
The ZDI-26-438 vulnerability enables remote code execution in Rockwell Automation Arena Simulation through malicious DOE files. Coordi…

ArcGIS Server Path Traversal Masqueraded as Moderate: CVSS Jumps from 7.5 to 9.8 in Two Days
Esri updated the CVE-2026-9181 record on July 8, 2026, raising the CVSS score from 7.5 to 9.8. The NVD–CNA discrepancy risked leaving…

SAP Patches CVSS 9.9 ABAP Kernel Bug: Mandatory Downtime or SAP GUI for HTML Breaks
CVE-2026-44747 is an out-of-bounds write in the SAP NetWeaver ABAP kernel with total impact on confidentiality, integrity, and availab…

Microsoft July 2026 Patch Tuesday: Record Vulnerability Volume Forces a Reckoning
Microsoft's July 2026 Patch Tuesday delivers a record-breaking number of vulnerabilities. Two zero-days are already under active explo…

FortiBleed: 75,000 Firewalls at Risk from Stolen Credentials, Not a Zero-Day
FortiBleed hits already-patched FortiGate devices: credentials stolen in prior incidents enable administrative access without exploiti…

LVM: Weeks of Blackout After Ransomware Hits System Unpatched for Two Years
Latvia's state-owned forestry company Latvijas valsts meži (LVM) remains paralyzed weeks after a June 22 ransomware attack. Roughly tw…

AssuranceAmerica: 7 Million Driver's Licenses Exposed, No Credit Monitoring Offered
A single compromised employee account opened access to nearly 7 million driver's license numbers. AssuranceAmerica is not offering cre…

Agentic AI: A Lone Attacker Compromises Enterprise AWS in 72 Hours
Sygnia documents the first operational case of a lone threat actor using AI-assisted workflows to compress an enterprise AWS attack fr…

GhostLock: 15-Year Linux Kernel Bug Now Publicly Exploitable, Guarantees Root
CVE-2026-43499 enables root escalation and container escape on nearly every Linux distribution since 2011. Nebula Security published t…

Gartner: By 2028, 60% of Enterprises Will Drop Annual Pentesting for Continuous Validation
Gartner formalizes the COST framework for continuous vulnerability validation. Exploit time has compressed to under 10 hours, and 53%…

Accenture Confirms Data Breach: 35 GB of Data Up for Sale by Threat Actor '888'
Accenture has confirmed a security breach after threat actor '888' listed 35 GB of allegedly stolen data for sale on a cybercrime foru…

CAI Worm Kills Rival Cloud Malware, Steals Credentials
The CAI cloud-native worm eliminates TeamPCP and PCPJack processes to monopolize compromised hosts, marking an escalation in criminal…