Threat round-up

Stay ahead of emerging cyber threats with expert insights from Field Effect’s cybersecurity analysts.

The Threat Round-up is a weekly intelligence report that summarizes the most important threats, vulnerabilities, and active attack campaigns observed over the past seven days.

Each brief links to a detailed analysis, offering actionable guidance to help security teams mitigate risk, detect malicious activity, and strengthen defenses.

This week’s curated collection shines a spotlight on the BRICKSTORM campaign, the latest on the React Server Components RCE vulnerability, and more.

Apple addresses a critical flaw exploited in targeted attacks

Apple patched a critical flaw, CVE‑2026‑20700, which had been used in targeted attacks against outdated OS versions and allowed attackers to escalate an existing foothold to system‑level code execution. Timely updates are essential, especially since several legacy OS branches still lack backported fixes.

Keep reading...

Fortinet fixes a critical flaw in FortiClientEMS

Fortinet disclosed a critical vulnerability (CVE-2026-21643) in FortiClientEMS 7.4.4 that allows unauthenticated remote code execution via the web interface. With a CVSS score of 9.1, exposed management servers should be upgraded to 7.4.5 or later immediately.

Keep reading...

February 2026 Microsoft updates include six exploited flaws

Microsoft’s February 2026 Patch Tuesday addresses 59 vulnerabilities, including six confirmed exploited in the wild. The flaws enable SmartScreen bypass, legacy MSHTML abuse, privilege escalation to SYSTEM, and local denial of service, often requiring user interaction or existing access. Active exploitation and elevation-of-privilege risk make rapid patching across Windows and Office environments a priority.

Keep reading...

BeyondTrust addresses critical pre‑auth RCE vulnerability

BeyondTrust disclosed a critical pre-auth RCE vulnerability (CVE-2026-1731) affecting Remote Support and Privileged Remote Access. The command injection flaw allows unauthenticated attackers to execute OS-level commands with elevated privileges. While no active exploitation is confirmed, the CVSS 9.9 rating makes exposed systems a high-risk target requiring immediate patching.

Keep reading...

Global espionage operation employs eBPF rootkit targeting Linux systems

A global espionage campaign tracked as TGR-STA-1030 is targeting government and critical infrastructure across 37 countries. The group gains access via phishing and vulnerable internet-facing systems, then deploys obfuscated web shells and a custom eBPF rootkit on Linux to maintain stealthy, kernel-level persistence. The group's use of Go-based C2 frameworks and leased VPS infrastructure enables long-term access while evading traditional detection.

Keep reading...

Subscribe to the Field Effect Threat Round-up Newsletter

Join thousands of cybersecurity professionals and MSPs who trust Field Effect’s Threat Round-up Newsletter for the latest cyber threat intelligence. Delivered every Monday morning, it brings you the week’s most important new flaws, patches, and security news right to your inbox.

Signing up to the newsletter makes you the first to know about:

• Comprehensive threat intelligence: Updates on the latest threat actors, vulnerabilities, and campaigns, including observed tactics, techniques, and procedures (TTPs).
• Expert analysis and context: Field Effect’s analysts break down the impact of critical flaws and emerging campaigns, helping you understand evolving threat behaviors.
• Actionable defense guidance: Receive practical security steps, patching tips, and indicators of compromise (IOCs) to strengthen your defenses and stay one step ahead.
• Exclusive research: Explore in-depth investigations from Field Effect's analysts, uncovering new threat campaigns, indicators of compromise, and attacker behaviors as they emerge.

Sign up today and stay one step ahead: