Cloud & Enterprise
Cloud and enterprise IT covers identity, access, SaaS, hybrid infrastructure and corporate attack surfaces. The analysis helps readers follow risks, incidents and architectural decisions relevant to complex environments.

Januscape: 16-Year-Old KVM Bug Enables Guest-to-Host Escape on Intel and AMD
CVE-2026-53359 strikes the shared shadow MMU code in Linux KVM used by both Intel and AMD. The flaw has existed since 2010 and require…

Elastic Automates CVE Advisory Writing with RAG on MITRE Data
Elastic Security Labs has put into production an AI pipeline that generates complete CVE advisory drafts with CWE, CAPEC, and CVSS, gr…

CVE-2026-9787: RCE in Quest NetVault Backup with SYSTEM Execution
A vulnerability in the NVBULogDaemon component of Quest NetVault Backup enables remote code execution with authentication bypass. The…

FortiBleed Fuels INC and Lynx: One Operator Serving Two Ransomware Clients
SOCRadar has documented the link between FortiBleed and the INC and Lynx ransomware groups. A single operator accessed the negotiation…

ToddyCat's Umbrij Malware Steals Gmail OAuth Tokens by Abusing Enterprise Browsers
The Umbrij malware automates OAuth 2.0 token theft via the Chrome DevTools Protocol, bypassing passwords and MFA on corporate Gmail ac…

Cisco Confirms: Unified CM SSRF Exploited, 48-Hour Window from PoC to Attacks
Cisco confirmed on July 1, 2026, that CVE-2026-20230, an SSRF vulnerability in Unified Communications Manager, is under active in-the-…

FortiBleed, the Missing Link: From 430,000 Targeted Firewalls to INC and Lynx Ransomware
SOCRadar ties the FortiBleed credential theft campaign to the INC and Lynx ransomware groups, revealing a single operator managing bot…

ZDI-26-377: XSS in NetVault Backup Enables Auth Bypass and SYSTEM RCE Chain
An XSS flaw in the viewclient page of Quest NetVault Backup lets a remote attacker bypass authentication and, when chained with other…

ScreenConnect Abused to Deliver AsyncRAT via 90+ Spoofed Freeware Domains
Kaspersky MDR uncovered a large-scale campaign that weaponizes the legitimate remote-access tool ScreenConnect to deploy AsyncRAT thro…

Citrix Patches Six NetScaler Flaws: The Trap Is Manual
Citrix released patches on June 30, 2026 for six vulnerabilities in NetScaler ADC and NetScaler Gateway, including a new CitrixBleed i…

Phantom Squatting: When AI Generates Your Next Supply-Chain Threat
Unit 42 documents a novel attack vector: adversaries proactively register domains hallucinated by LLMs to intercept traffic from AI-in…

Langflow RCE Exploited for Miner Worm: 19-Day Campaign
CVE-2026-33017: Commodity operators exploit exposed AI endpoints to deploy Lambsys, an SSH worm that compromises entire enterprise inf…