This morning, before my second coffee, we ran a hunt-protect-publish loop on a live CVE. CVE-2026-32201, SharePoint Server, being actively targeted as of today. We pulled the proof-of-concept off GitHub, extracted the specific attack paths the exploit hits, ingested the detection rules into our corpus, and had a post out with the exact paths defenders need to block — all in under twenty minutes. The WP Maps Pro plugin exploit that is also hitting sites today? We had that one

Microsoft is warning that CVE-2026-32201, an improper input validation flaw in SharePoint Server, is being actively targeted. The vulnerability allows an unauthenticated attacker to spoof trusted content or interfaces over a network, affecting SharePoint Subscription Edition and SharePoint Server 2016 Enterprise. The technical surface is narrow enough to be actionable. A proof-of-concept published in April identified two specific layout paths as the attack vectors: the notify

This morning's headline: CVE-2026-8732, a critical flaw in the WP Maps Pro WordPress plugin, CVSS 9.8, is under active exploitation. Unauthenticated attackers are using it to mint rogue administrator accounts and take over sites. If you run that plugin, you are being attacked right now. We have had the detection rules since May 30. Three days early. Here is the receipt, with timestamps. Our exploit harvester, which sweeps GitHub on a six-hour cycle, picked up three separate p

AI is redefining networking at both ends, and Cisco is spending like a company that knows it. At one end is the fabric. The new Silicon One G300 is built to power gigawatt-scale AI clusters for training, inference, and real-time agentic workloads, and Cisco just raised its expected hyperscaler AI-infrastructure orders for fiscal 2026 to nine billion dollars, up from five. Hypershield runs security enforcement on a smart switch without adding latency. Nexus One correlates netw

We have been saying it for months: the hard perimeter holds, and the soft surfaces bleed. May 2026 made the case for us in one ugly stretch, and the soft surface this time was the developer's own toolbox. Not the firewall. Not the VPN. The IDE extension, the npm install, the CI workflow that everybody trusts because everybody uses it. Start with the GitHub breach that CISA flagged on May 28. Attackers used a prior compromise of Nx developer systems to poison a third-party VS

Rapid7 published an intrusion this week that they attribute to MuddyWater, the unit affiliated with Iran's Ministry of Intelligence and Security, wearing a ransomware costume. The credit for the analysis is theirs, and it is good work. The entry point was social engineering over a Microsoft Teams screen share. From there: credential harvesting, MFA manipulation, and a quiet transition to operating through legitimate accounts. No file-encrypting ransomware ever dropped. It was

The headline writes itself, and that is exactly the trap. Over the weekend ShinyHunters claimed a 340-million-record OnlyFans haul, a number engineered for screenshots rather than scrutiny. We have had a ShinyHunters adversary profile on file since May 23, and we wrote up their May spree, Charter, Carnival, Vimeo, 7-Eleven, and Instructure, when it was the dominant criminal pool of the month. This is the same crew, and the pattern is the same: the count is the weapon. Here is