Skip to main content

Cyber Threat Intelligence

Weekly threat briefings and advisories from the SOClogix Security Operations Center.

Looking for guides, best practices, and how-tos? Browse the full SOClogix blog.

Read the Blog
Weekly Threat Awareness Report | July 9, 2026
CriticalJul 9, 2026

Weekly Threat Awareness Report | July 9, 2026

A critical Fortinet FortiWeb path-traversal authentication bypass in the CISA KEV catalog (CVE-2025-64446, CVSS 9.8), a Windows .LNK UI-spoofing RCE actively exploited by APT3, Lazarus Group, and Mustang Panda (CVE-2025-9491), and a SharePoint deserialization RCE (CVE-2026-26114, CVSS 8.8) - plus the China-linked WP-SHELLSTORM webshell brokerage and Sysdig's 'Jade Puffer', the first documented AI agentic ransomware. Includes this week's Top Mentioned CVEs chart.

Read full report
Weekly Threat Awareness Report | July 2, 2026
CriticalJul 2, 2026

Weekly Threat Awareness Report | July 2, 2026

Three actively-exploited Microsoft flaws - an Exchange Server SSRF privilege escalation (CVE-2026-45504, CVSS 8.8), an Excel out-of-bounds read RCE (CVE-2025-60727), and a Defender security-feature bypass (CVE-2024-20671) - plus the Gentlemen (Storm-2697) GentleKiller EDR-killer framework and a WhatsApp-borne VBScript campaign that silently installs ManageEngine RMM. Includes this week's Top Mentioned CVEs chart.

Read full report
Weekly Threat Awareness Report | June 25, 2026
CriticalJun 25, 2026

Weekly Threat Awareness Report | June 25, 2026

The Fortinet 'Fortibleed' mega-leak of ~73,000 firewalls and VPNs, an actively exploited SharePoint code-injection flaw added to CISA KEV (CVE-2025-49704), a Microsoft Teams information disclosure vulnerability (CVE-2026-21535), the carried-over SharePoint deserialization RCE (CVE-2026-45659), and the PAN-OS GlobalProtect authentication bypass under active exploitation (CVE-2026-0257). Includes this week's threat intelligence mindmap.

Read full report
Weekly Threat Awareness Report | June 18, 2026
CriticalJun 18, 2026

Weekly Threat Awareness Report | June 18, 2026

The 'RoguePlanet' elevation-of-privilege flaw in Microsoft Defender's Malware Protection Engine (CVE-2026-50656, no patch yet), the PAN-OS GlobalProtect authentication bypass (CVE-2026-0257, CVSS 9.1), the Cisco Catalyst SD-WAN CVSS 10.0 unauthenticated auth bypass (CVE-2026-20127), and the Fortinet 'Fortibleed' 73K firewall and VPN credential leak.

Read full report
Weekly Threat Awareness Report | June 11, 2026
CriticalJun 11, 2026

Weekly Threat Awareness Report | June 11, 2026

Microsoft SharePoint authenticated RCE (CVSS 8.8), the Windows 'YellowKey' security feature bypass (SVRS 81), Exchange Server XSS under active exploitation, the UAT-8616 Cisco SD-WAN CVSS 10.0 campaign under CISA Emergency Directive 26-03, and the TeamPCP GitHub internal breach via a poisoned VS Code extension.

Read full report
Weekly Threat Awareness Report | June 4, 2026
CriticalJun 4, 2026

Weekly Threat Awareness Report | June 4, 2026

Critical Fortinet FortiClientEMS auth bypass (CVSS 9.8, actively exploited), Microsoft SharePoint RCE (CVSS 8.8), Exchange XSS under active exploitation, TeamPCP GitHub breach via poisoned VS Code extension, and Cisco SD-WAN CVSS 10.0 campaign by UAT-8616.

Read full report
Cyber Threat Intel - Monday | February 23, 2026
CriticalFeb 23, 2026

Cyber Threat Intel - Monday | February 23, 2026

Critical OS command injection in Fortinet FortiSIEM (CVSS 9.8) hands attackers control of the security monitoring stack itself. VMware vCenter heap-overflow still actively exploited. Microsoft Office security bypass with public PoC code listed in CISA KEV. CrashFix Python RAT campaign delivers ModeloRAT via fake browser extensions.

Read full report
Cyber Threat Analysis - August 18, 2025
CriticalAug 18, 2025

Cyber Threat Analysis - August 18, 2025

Microsoft's August Patch Tuesday addressed 107+ vulnerabilities including a Windows Kerberos zero-day (CVE-2025-53779) with 13 Critical flaws. WinRAR zero-day (CVE-2025-8088) under active exploitation by RomCom/Storm-0978. Active exploitation warnings for N-able N-central and Citrix NetScaler.

Read full report
Cyber Threat Intel - Monday | July 28, 2025
CriticalJul 28, 2025

Cyber Threat Intel - Monday | July 28, 2025

Multiple Chinese-linked threat groups exploiting SharePoint zero-days to deploy ransomware. Aeroflot disrupted by coordinated cyberattack wiping 7,000 servers and stealing 20TB of data. AI-powered deepfake scams reach unprecedented scale with $20M stolen in a single incident.

Read full report
CVE-2025-53770: "ToolShell" RCE Hits On-Prem SharePoint Servers
CriticalJul 21, 2025

CVE-2025-53770: "ToolShell" RCE Hits On-Prem SharePoint Servers

A critical remote code execution vulnerability (CVSS 9.8) targeting on-premises Microsoft SharePoint allows unauthenticated network-based code execution via deserialization. Added to CISA's Known Exploited Vulnerabilities catalog. Affects SharePoint Server 2016, 2019, and Subscription Edition.

Read full report

Subscribe to Weekly Threat Reports

Get the latest threat intelligence delivered to your inbox every week.

Subscribe Now

Get Intelligence Tailored to Your Industry

Talk to our team about integrating SOClogix threat intelligence into your security program - weekly briefings and real-time alerting on active campaigns.