Daily Threat Intelligence Brief - July 6, 2026
CISA adds SharePoint RCE CVE-2026-45659 to KEV after active exploitation despite a 'less likely' rating; Cisco Catalyst SD-WAN CVE-2026-20182 (CVSS 10.0) exploited by UAT-8616 to steal admin access; Chrome V8 zero-day CVE-2026-11645 and Linux kernel ptrace flaw CVE-2026-46333 expose credentials; prompt injection holds OWASP LLM01 with 50 to 84 percent success as 83 percent of orgs rush agentic AI and only 29 percent feel ready.
The Operator's Take
The through-line today is not any single CVE, it is credential theft as the terminal objective across every layer of the stack. Cisco's SD-WAN bug hands an attacker the ability to write their own SSH key into a privileged account, the new Linux kernel ptrace flaw lets an unprivileged user read root-owned SSH host keys and the shadow file, and BusySnake Stealer's whole job is harvesting session cookies and OTP codes from power-grid operators. Different entry points, identical prize: durable, trusted access that survives the patch. The second lesson is a governance one. Microsoft rated the SharePoint RCE "exploitation less likely," and CISA just added it to KEV anyway, which is the second time this year a vendor's optimistic exploitability score aged badly within weeks. Stop treating "less likely" as a scheduling permission. This week, do two things you probably deferred: rotate any SSH keys and service credentials that touched an internet-facing appliance since May, and pull your patch prioritization off vendor exploitability labels and onto KEV plus real telemetry. The AI story rhymes with the infrastructure one, prompt injection is now the credential-theft vector for agents, and the same "we will deploy faster than we can secure" pattern that created the SD-WAN exposure is being repeated at machine speed with agentic tool access.
Executive Summary
- CISA added Microsoft SharePoint RCE CVE-2026-45659 (CVSS 8.8) to the KEV catalog after confirming active exploitation, with a federal patch deadline of July 4, 2026, despite Microsoft's earlier "exploitation less likely" assessment. The Hacker News, BleepingComputer
- Cisco Catalyst SD-WAN Controller CVE-2026-20182 (CVSS 10.0) remains under active exploitation by threat cluster UAT-8616, which abuses the flaw to inject SSH keys and escalate toward root on SD-WAN fabric controllers. Cisco Talos, Rapid7
- Chrome V8 zero-day CVE-2026-11645 (CVSS 8.8), the fifth Chrome zero-day of 2026, is exploited in the wild and sits on the KEV catalog; patch to 149.0.7827.102/.103. Help Net Security
- Linux kernel ptrace flaw CVE-2026-46333 lets an unprivileged local user read root-owned SSH private keys and the shadow database via a logic error in
__ptrace_may_access(). CloudLinux - Prompt injection holds the OWASP LLM01 top rank in 2026 with reported attack success rates of 50 to 84 percent, while 83 percent of organizations plan to deploy agentic AI and only 29 percent feel ready to do so securely. Cisco State of AI Security 2026 via Kunal Ganglani
- A new APT is targeting electric power operators in Russia, Kazakhstan, and Brazil with the Python-based BusySnake Stealer, harvesting credentials, OTP codes, and Telegram sessions and opening reverse SSH tunnels. TechTimes
- Ford Motor Company was listed by the Krybit ransomware group and Calgary manufacturer Chemco was hit by Qilin, amid a July breach wave that also named INC_RANSOM, ANUBIS, and Bashe victims. TechCrunch, SharkStriker
- Adversary breakout time now averages 72 minutes, a fourfold reduction from prior-year figures, and CrowdStrike documented an 89 percent increase in AI-enabled attacks. The Security Bench
Critical Vulnerabilities
CVE-2026-45659: Microsoft SharePoint Server Deserialization RCE
A remote code execution flaw (CVSS 8.8) arising from deserialization of untrusted data in SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016. Microsoft patched it in May 2026, but any authenticated user with a minimum of Site Member permissions can trigger it, no admin rights required, and attack complexity is low. CISA added it to the KEV catalog on evidence of active exploitation and set a July 4, 2026 remediation deadline for federal agencies. Notably, Microsoft had originally tagged the bug "exploitation less likely." The Hacker News, The Register, SecurityWeek
Action: Patch all SharePoint on-prem instances immediately. Audit for anomalous authenticated activity from low-privilege accounts and review server-side logs for deserialization payloads.
CVE-2026-20182: Cisco Catalyst SD-WAN Controller Authentication Bypass
A maximum-severity authentication bypass (CVSS 10.0) affecting the Cisco Catalyst SD-WAN Controller (formerly vSmart), Manager, and Validator. The flaw lives in the vdaemon service over DTLS (UDP port 12346), the same service previously hit by CVE-2026-20127. A remote, unauthenticated attacker can become an authenticated peer and perform privileged operations, including injecting an attacker-controlled public key into the vmanage-admin user's authorized SSH keys. Cisco Talos tracks active exploitation with high confidence under cluster UAT-8616, which attempted to add SSH keys, modify NETCONF configurations, and escalate to root. There are no workarounds. Cisco Talos, Rapid7, Help Net Security
Action: Apply Cisco's fixed releases now. Restrict DTLS/UDP 12346 exposure, audit authorized_keys on all SD-WAN appliances, and review NETCONF change history for unauthorized configuration edits.
CVE-2026-11645: Google Chrome V8 Out-of-Bounds Memory Access
A high-severity out-of-bounds read and write in V8 (CVSS 8.8), Chrome's JavaScript and WebAssembly engine, allowing a remote attacker to execute arbitrary code inside the sandbox via a crafted HTML page. Google confirmed an exploit exists in the wild, and CISA added it to KEV on June 9, 2026. This is the fifth Chrome zero-day exploited in 2026, following CVE-2026-2441, CVE-2026-3909, CVE-2026-3910, and CVE-2026-5281. Fixed in Stable builds 149.0.7827.102/.103 for Windows and Mac and 149.0.7827.102 for Linux. Help Net Security, The Hacker News
Action: Force browser updates fleet-wide. Chrome zero-days are a favored initial-access vector, so treat browser patch latency as a critical-path metric, not a background task.
CVE-2026-46333: Linux Kernel ptrace Access-Check Flaw
A critical Linux kernel vulnerability in the ptrace access-check path stemming from a logic error in __ptrace_may_access(). An unprivileged local user can read root-owned secrets, including SSH host private keys and the shadow password database, without directly obtaining root. Researchers demonstrated exploitation against privileged processes such as ssh-keysign, pkexec, and accounts-daemon, enabling full system compromise. It affects Debian, Ubuntu, and Fedora among others. CloudLinux, NPAV, Red Hat
Action: Apply the kernel patch (upstream commit 31e62c2ebbfd) or a livepatch. Interim mitigation: remove the SUID bit from /usr/libexec/openssh/ssh-keysign and /usr/bin/chage. Rotate SSH host keys on any host where local access is shared.
CVE-2026-55654: OpenSSH GSSAPI Denial of Service
A denial-of-service flaw in the OpenSSH GSSAPI authentication module that can crash the SSH authentication process. Lower urgency than the RCE and credential-theft bugs above, but worth folding into the same patch cycle for internet-facing bastions. Update OpenSSH to version 10.3 or later. OnLive Server
Action: Include in your next maintenance window for exposed SSH endpoints; not a fire drill, but do not let it linger.
AI Security Threats
AI and agentic security is no longer a forward-looking category, it is a live exploitation surface. Prompt injection holds the number one rank in the OWASP Top 10 for LLM Applications in 2026 (LLM01), with reported attack success rates between 50 and 84 percent in red team exercises against production deployments, and a documented 340 percent year-over-year rise in attacks. Vectra AI, Kunal Ganglani
The agentic angle is where risk compounds. Per the Cisco State of AI Security 2026 report, 83 percent of organizations plan to deploy agentic AI, but only 29 percent feel ready to do so securely. Agent tool-input injection remains the highest-impact unsolved category, succeeding 84 percent of the time in lab tests. Under the OWASP Top 10 for Agentic Applications 2026, what was once a single manipulated output can now hijack an agent's planning loop, execute privileged tool calls, persist malicious instructions in memory, and propagate across connected systems. This is why MCP security and agentic red teaming belong in every AI deployment review, not just the model layer. Kunal Ganglani, OWASP via Christian Schneider
Real-world exploits are catching up to the theory. Critical CVEs in Microsoft Copilot (CVSS 9.3), GitHub Copilot (CVSS 9.6), and Cursor IDE (CVSS 9.8) demonstrate active production exploitation across 2025 and 2026, and Axis Intelligence reproduced 47 confirmed attack vectors across six production-deployed LLMs between January and July 2026. No complete fix exists: even frontier models from Anthropic, OpenAI, and Google remain vulnerable after their best defenses are applied, which makes defense in depth the only viable strategy. OpenAI's own February 2026 "Lockdown Mode" launch conceded that prompt injection in AI browsers "may never be fully patched." Axis Intelligence, AI Magicx
On the offensive side, adversaries are operationalizing AI in malware development. Check Point documented the KONNI group adopting AI to generate PowerShell backdoors, and CrowdStrike's Global Threat Report 2026 recorded an 89 percent increase in AI-enabled attacks. The takeaway for defenders: the same tooling accelerating your builds is accelerating your adversary's, and the gap between "we can deploy an agent" and "we can secure an agent" is exactly where 2026's breaches will cluster. Check Point Research
| AI security metric | Value | Source |
|---|---|---|
| Prompt injection OWASP rank | LLM01 (number one) | Kunal Ganglani |
| Prompt injection success rate | 50 to 84 percent | Vectra AI |
| Prompt injection YoY increase | 340 percent | AI Magicx |
| Orgs planning agentic AI | 83 percent | Cisco State of AI Security 2026 |
| Orgs ready to secure it | 29 percent | Cisco State of AI Security 2026 |
| Agent tool-input injection success | 84 percent | Kunal Ganglani |
| AI-enabled attack increase (CrowdStrike) | 89 percent | The Security Bench |
Threat Actor Activity
Nation-state and organized espionage activity intensified through late June and into July, per Intel 471's July intelligence update, with a common focus on government agencies and critical infrastructure. Industrial Cyber
| Threat actor | Target | Tooling / TTP | Source |
|---|---|---|---|
| UAT-8616 | Cisco SD-WAN fabric operators | CVE-2026-20182 exploitation, SSH key injection, NETCONF tampering | Cisco Talos |
| Silver Fox APT | Taiwan government and tech | Spear-phishing, Gh0stCringe and HoldingHands RATs, IP theft | Industrial Cyber |
| Armored Likho | Gov and power operators in Russia, Kazakhstan, Brazil | Cyber-espionage, BusySnake Stealer | Industrial Cyber |
| KONNI | Software developers | AI-generated PowerShell backdoors | Check Point Research |
BusySnake Stealer, first documented by Kaspersky in July 2026, is a Python-based infostealer delivered via spear-phishing with NSIS droppers or malicious LNK shortcuts abusing the patched Windows flaw CVE-2025-9491. It steals Chromium and Firefox passwords, session cookies and OTP codes, Telegram session data, and scans for cryptocurrency wallets, then opens reverse SSH tunnels for remote access. It is obfuscated with PyArmor Pro 9.2.0 to frustrate dynamic analysis. The 2026 benchmark for adversary breakout time is now 72 minutes from foothold to exfiltration, a fourfold reduction from prior-year averages, which collapses the window defenders have to detect and contain. TechTimes, The Security Bench
Ransomware & Data Breaches
The July breach cadence continued the year's upward trend, with multiple victims disclosed or listed on leak sites in the first week. 2026 has already surpassed 2025 in breach volume. TechCrunch, SharkStriker
| Victim | Sector | Threat group | Status | Source |
|---|---|---|---|---|
| Ford Motor Company | Automotive | Krybit | Listed on leak forum, scope under investigation | SharkStriker |
| Chemco (Calgary) | Manufacturing | Qilin | Confirmed ransomware attack | SharkStriker |
| Carvalima Transportes | Logistics | INC_RANSOM | Disclosed July 3, 2026 | Breachsense |
| City of Acworth, GA | Government | ANUBIS | Disclosed July 3, 2026 | Breachsense |
| Estrutural Zortéa | Construction | Bashe | Disclosed July 3, 2026 | Breachsense |
| Ferrum Group | Industrial | INC_RANSOM | Disclosed July 3, 2026 | Breachsense |
The pattern to watch is the convergence of credential-theft malware (BusySnake), auth-bypass appliance bugs (Cisco SD-WAN), and low-privilege RCE (SharePoint) feeding the same ransomware operations. Attackers are increasingly using AI-enabled tooling and advanced social engineering that evade sophisticated defenses, per breach analysts tracking the July wave. SharkStriker, BlackFog
Recommended Actions
Immediate (0 to 72 hours)
- Patch CVE-2026-45659 (SharePoint) and CVE-2026-20182 (Cisco SD-WAN) now. Both are actively exploited and both were on the July 4 federal deadline. Audit
authorized_keysand NETCONF change logs on SD-WAN appliances for unauthorized entries. Cisco Talos - Force Chrome updates to 149.0.7827.102/.103 to close the in-the-wild V8 zero-day CVE-2026-11645. Help Net Security
- Rotate SSH keys and service credentials on any internet-facing appliance or shared Linux host touched since May, given the credential-theft focus of CVE-2026-20182 and CVE-2026-46333. CloudLinux
Short-Term (1 to 4 weeks)
- Deploy the Linux kernel patch for CVE-2026-46333 across Debian, Ubuntu, and Fedora fleets, or apply the SUID mitigation on
ssh-keysignandchagein the interim. Red Hat - Re-baseline patch prioritization on CISA KEV plus telemetry, not vendor exploitability ratings. The SharePoint "less likely" miss is a reminder that vendor scores are inputs, not verdicts. The Register
- Hunt for infostealer indicators consistent with BusySnake: unexpected reverse SSH tunnels, Telegram session access, and Chromium/Firefox credential store reads, especially in energy and government environments. TechTimes
- Fold OpenSSH CVE-2026-55654 (GSSAPI DoS) into the next maintenance window by updating to 10.3 or later. OnLive Server
Strategic (1 quarter and beyond)
- Treat agentic AI deployments as a first-class attack surface. Require agentic red teaming and tool-input injection testing before any agent gets privileged tool access, and assume no complete fix for prompt injection exists. See krypteiasec.com/glossary for prompt injection, MCP security, and agentic red teaming references. Christian Schneider
- Close the deploy-versus-secure gap on AI. With 83 percent of orgs deploying agentic AI and only 29 percent ready to secure it, make security readiness a gating criterion for agent rollout, not a follow-on. Kunal Ganglani
- Compress detection-to-containment against a 72-minute breakout benchmark. Invest in identity-centric detection (anomalous SSH key additions, OTP replay, session-cookie reuse) since credential theft is the common terminal objective across today's infrastructure and AI threats. The Security Bench
Sources
- CISA: Microsoft SharePoint RCE flaw now actively exploited (BleepingComputer)
- SharePoint RCE CVE-2026-45659 Added to CISA KEV (The Hacker News)
- Microsoft said exploitation was 'less likely' but CISA added SharePoint RCE to KEV (The Register)
- CISA Warns of Actively Exploited SharePoint Vulnerability (SecurityWeek)
- Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities (Cisco Talos)
- CVE-2026-20182 Critical Auth Bypass (Rapid7)
- Cisco patches actively exploited SD-WAN zero-day (Help Net Security)
- Google patches Chrome zero-day CVE-2026-11645 (Help Net Security)
- Chrome V8 Zero-Day CVE-2026-11645 (The Hacker News)
- Linux kernel ptrace CVE-2026-46333 mitigation (CloudLinux)
- CVE-2026-46333 (Red Hat)
- Critical Linux Kernel Vulnerability CVE-2026-46333 (NPAV)
- CVE-2026-55654 OpenSSH DoS (OnLive Server)
- Prompt Injection in 2026: Still OWASP's Number One (Kunal Ganglani)
- Prompt injection types and enterprise defenses (Vectra AI)
- AI Model Vulnerability Tracker 2026 (Axis Intelligence)
- From LLM to agentic AI: prompt injection got worse (Christian Schneider)
- Prompt Injection Attacks AI Agent Security Guide 2026 (AI Magicx)
- KONNI Adopts AI to Generate PowerShell Backdoors (Check Point Research)
- Global cyber threat campaigns escalate, Intel 471 (Industrial Cyber)
- New APT Group Hits Power Grids with AI-Crafted Malware (TechTimes)
- APTs in 2026: Nation-State Tactics (The Security Bench)
- July 2026 Data Breaches (SharkStriker)
- Recent Data Breaches (Breachsense)
- The worst hacks and breaches of 2026 so far (TechCrunch)
- The State of Ransomware 2026 (BlackFog)
- Known Exploited Vulnerabilities Catalog (CISA)