Weekly Cyber Briefing 17.07.2026

Weekly Cyber Update: 10 July 2026

A new campaign threatens vulnerable content management systems; Progress Software patches a zero-day; Microsoft issues a record patch haul; and Russia’s FSB is targeting routers again.

The Cyber Threat Intelligence Briefing is a weekly round-up of the latest cybersecurity news, trends and indicators, curated by our CISO, Nick Harris. Here’s our pick of the top stories, and why you should care.


Australian security agency warns of global CMS campaign

The Australian Cyber Security Centre (ACSC) has warned SMBs of a global threat campaign targeting vulnerabilities in popular content management systems (CMS). The ACSC said many SMBs in Australia have already been impacted. Threat actors are scanning for 18 vulnerabilities across roughly the same number of CMS products to plant webshells on them.

Why it matters

Webshells could enable remote access and control for web defacement, credential theft, and malware planting. The ACSC warned it could also provide attackers with a pathway for broader network compromise. It said the campaign could have been aided by automated, AI-powered scanning and exploitation.

Assured’s recommended action

Review the affected products and inspect your CMS for webshells. Isolate any infected servers and audit authentication and network logging for malicious events and network connections. Investigate logs and hosts for evidence of persistence, lateral movement or other malicious activity. Patch vulnerable systems and restore compromised websites from a recent known-good backup.


Progress Software patches zero-day bug that led to shutdown

Progress Software has patched a high-severity zero-day vulnerability which forced the file-sharing software specialist to shut down its servers last week. The firm explained that the path traversal vulnerability affects all 5.x and 6.x versions of ShareFile Storage Zone Controller. This is the customer-managed Windows Server product that handles file transfers between the cloud platform and customers’ on-premises environment.

Why it matters

Although Progress claims no customers have been breached this time, it’s another reminder of the challenges of supply chain risk management. Progress Software’s MOVEit software was hijacked in 2023 in a massive supply chain data extortion campaign which impacted nearly 3,000 corporate clients and tens of millions of downstream customers.

Assured’s recommended action

Patch Storage Zone Controller affected versions (5.x and 6.x) in line with vendor guidance. Review logs and account activity for any unusual patterns indicating a potential compromise. Review incident response/business continuity plans to improve resilience and readiness in the event of a future shutdown.


Microsoft’s mammoth Patch Tuesday a sign of things to come

Microsoft released security updates for a record-breaking 570 vulnerabilities in its July Patch Tuesday. This included 254 elevation of privilege vulnerabilities, 145 remote code execution (RCE) bugs, and 102 information disclosure flaws. Fifty-nine were rated critical, of which most (48) were RCE flaws.

Why it matters

Microsoft warned customers last week to expect more frequent security updates in the future, as it continues to hone its use of agentic AI to find vulnerabilities. Adobe has also responded to the impact of frontier AI on vulnerability discovery by moving to a twice-monthly patch release cycle. This could put extra strain on organisations already struggling with patch management.

Assured’s recommended action

Move to an automated, risk-based patch management process which triages and prioritises CVEs based on criticality of systems, likelihood of compromise, and potential impact.


NCSC and allies call out Russia for router exploitation campaign

The NCSC, alongside 18 agencies from 12 countries, has published a joint advisory attributing an ongoing global campaign to Russia’s FSB Centre 16 (also known as Berserk Bear, Energetic Bear, and Ghost Blizzard). The advisory was published on the same day the UK government sanctioned 24 individuals and entities linked to Russian cyber and hybrid operations. It formally attributed the December 2025 attack on Poland’s electricity grid, which the NCSC said could have cut power to 500,000 people, to the same FSB unit.

Why it matters

The tradecraft used in the campaign is almost embarrassingly low-tech, which makes it particularly dangerous. Centre 16 is scanning the internet for routers and network devices still using default or weak Simple Network Management Protocol (SNMP) credentials. These were widely deployed in the 1990s and are still running on several enterprise edge devices. Once they find a vulnerable device, the attackers use it as a beachhead for possible cyber espionage or operational sabotage. The advisory also references exploitation of Cisco’s Smart Install (SMI) feature and web portal vulnerabilities on Cisco devices. The sectors most at risk are communications, defence, energy, financial services, government, and healthcare.

Assured’s recommended action

Upgrade to SNMPv3, disable legacy SNMP versions, set strong unique device passwords, and restrict management plane access. Read the full technical advisory on the NSA website for more mitigations.

 

Latest articles

Be an insider. Sign up now!