Stay ahead of emerging cyber threats with expert insights from Field Effect’s cybersecurity analysts.
The Threat Round-up is a weekly intelligence report that summarizes the most important threats, vulnerabilities, and active attack campaigns observed over the past seven days.
Each brief links to a detailed analysis, offering actionable guidance to help security teams mitigate risk, detect malicious activity, and strengthen defenses.
This week’s curated collection shines a spotlight on the BRICKSTORM campaign, the latest on the React Server Components RCE vulnerability, and more.
Apple patched a critical flaw, CVE‑2026‑20700, which had been used in targeted attacks against outdated OS versions and allowed attackers to escalate an existing foothold to system‑level code execution. Timely updates are essential, especially since several legacy OS branches still lack backported fixes.
Fortinet disclosed a critical vulnerability (CVE-2026-21643) in FortiClientEMS 7.4.4 that allows unauthenticated remote code execution via the web interface. With a CVSS score of 9.1, exposed management servers should be upgraded to 7.4.5 or later immediately.
Microsoft’s February 2026 Patch Tuesday addresses 59 vulnerabilities, including six confirmed exploited in the wild. The flaws enable SmartScreen bypass, legacy MSHTML abuse, privilege escalation to SYSTEM, and local denial of service, often requiring user interaction or existing access. Active exploitation and elevation-of-privilege risk make rapid patching across Windows and Office environments a priority.
BeyondTrust disclosed a critical pre-auth RCE vulnerability (CVE-2026-1731) affecting Remote Support and Privileged Remote Access. The command injection flaw allows unauthenticated attackers to execute OS-level commands with elevated privileges. While no active exploitation is confirmed, the CVSS 9.9 rating makes exposed systems a high-risk target requiring immediate patching.
A global espionage campaign tracked as TGR-STA-1030 is targeting government and critical infrastructure across 37 countries. The group gains access via phishing and vulnerable internet-facing systems, then deploys obfuscated web shells and a custom eBPF rootkit on Linux to maintain stealthy, kernel-level persistence. The group's use of Go-based C2 frameworks and leased VPS infrastructure enables long-term access while evading traditional detection.
Join thousands of cybersecurity professionals and MSPs who trust Field Effect’s Threat Round-up Newsletter for the latest cyber threat intelligence. Delivered every Monday morning, it brings you the week’s most important new flaws, patches, and security news right to your inbox.
Signing up to the newsletter makes you the first to know about: