Network Solutions, Inc.

Network Solutions, Inc.

Share

Contact us: http://www.nsi1.com 888.247.0900 Follow us on Twitter http://twitter.com/NSIguy Subs

SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation 07/06/2026

LinkedIn CISA added CVE-2026-45659 to its Known Exploited Vulnerabilities catalog this week — a SharePoint Server deserialization flaw (CVSS 8.8) that lets an authenticated attacker with only Site Member permissions execute code remotely, no admin rights needed. Microsoft patched it in May 2026 for SharePoint Server Subscription Edition, 2019, and Enterprise Server 2016, but active exploitation has now been confirmed. Federal agencies have until July 4 to remediate. Worth noting: SharePoint has been a repeat target this year, including ransomware actor Storm-2603, which Microsoft recently found operating alongside a second, unrelated threat actor in the same compromised environment. Patch now if you haven't.

Twitter/X CISA just added CVE-2026-45659 to its KEV catalog — a SharePoint RCE (CVSS 8.8) exploitable by any authenticated user with basic Site Member access. Patched in May, actively exploited now. FCEB deadline: July 4. If you run on-prem SharePoint, check this today:

SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation CISA added CVE-2026-45659 SharePoint Server RCE to KEV following confirmed exploitation, requiring U.S. agencies to patch by July 4, 2026.

AI-Generated Browser Ransomware Abuses Chromium API on Windows, Linux, macOS, Android 07/03/2026

AI did not just help write malware here—it helped invent a new in‑browser ransomware path, without a local payload or root access. A single broad prompt plus a phishing page and File System Access API was enough.

As you embed AI and rely on Chromium-based browsers, how are you revisiting permissions, phishing defenses, and browser security today?

AI-Generated Browser Ransomware Abuses Chromium API on Windows, Linux, macOS, Android Uses Chromium’s File System Access API after user permission to encrypt files without a native payload or reported in-the-wild abuse

VEIL#DROP Malware Chain Uses Blogger Platform to Deliver PureLogs Stealer 07/03/2026

Trusted platform. Signed component. Hidden malware chain. VeilDrop is a strong reminder that attackers do not always rely on obviously suspicious infrastructure to reach users and endpoints. That is why web, email, identity, and endpoint defenses need to work together.

If this activity touched your environment, would your team see the full chain fast enough?

VEIL#DROP Malware Chain Uses Blogger Platform to Deliver PureLogs Stealer Securonix says PureLogs infection starts with a fake PDF JavaScript file and uses PowerShell, fileless .NET loading, and LOLBins.

Want your business to be the top-listed Computer & Electronics Service in Granger?
Click here to claim your Sponsored Listing.

Telephone

Address


12190 Adams Road
Granger, IN
46530

Opening Hours

Monday 8am - 5pm
Tuesday 8am - 5pm
Wednesday 8am - 5pm
Thursday 8am - 5pm
Friday 8am - 5pm