Get Free Access
CTI WEEKLY · Every SUNDAY NIGHT
Get Nightwatch
Sunday, July 12, 2026
Microsoft Defender escalates privileges while global content management platforms deploy completely unsolicited webshells.
July 12, 2026
Severity
July 5, 2026
Adversaries spent their holiday weekend reviewing your unpatched SharePoint servers and Defender logs
June 28, 2026
Your edge, your business applications, and a quarter century of code just called to negotiate.
June 21, 2026
Microsoft patched 200 vulnerabilities; the internet responded by adding three more.
June 14, 2026
Threat actors spent the week turning backup platforms, cloud databases, and core edge gateways into personal playgrounds.
June 7, 2026
Nation-states got destructive, open source got poisoned, and SolarWinds reminded everyone it still exists.
May 31, 2026
Syndicates turned build pipelines into credential buffets while zero day exploits burned through unpatched perimeters.
May 24, 2026
Trusted tools auditioned as access brokers while AI sped up vulnerability discovery to machine speed.
May 17, 2026
Your firewall, your learning platform, and your supplier all got the memo. You may not have.
May 10, 2026
Your firewall had root-level visitors, your disk image tool was a Trojan horse, Iran was cosplaying as ransomware, and cPanel gave attackers a master key to 44,000 servers. Busy week.
May 3, 2026
Three exploited CVEs, four CISA deadlines, and one very bad patch hygiene habit collide at once.
April 26, 2026
Twelve CISA KEV entries in five days. One CVSS 9.9 in active ransomware chains. One hundred and eight browser backdoors in the official store.
April 19, 2026
Storm-1175 timed ransomware deployment to lunch breaks, and Microsoft needed 165 patches to say sorry.
April 12, 2026
Attackers finally read the docs.
April 5, 2026
Nation-states attended your conferences, your inbox, and your water supply. Busy week