Cyber Roundup — Week of June 29

Here are the five main stories you missed last week.

1. Microsoft SharePoint: CVE-2026-45659 added to CISA KEV as Storm-2603 deploys Warlock ransomware

The headline: CISA added CVE-2026-45659 to its Known Exploited Vulnerabilities catalog on July 2 with a federal remediation deadline of July 4, citing active exploitation of the CVSS 8.8 remote code execution flaw in Microsoft SharePoint Server. The vulnerability, which affects SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Server 2016, allows any authenticated attacker with Site Member permissions to execute code remotely through deserialization of untrusted data. Microsoft’s Incident Response team confirmed that Storm-2603, a threat actor deploying Warlock ransomware, was behind active exploitation. Investigators also found a second, completely separate threat actor operating simultaneously inside the same victim network using DLL side-loading and custom backdoors, making attribution harder and incident response significantly more complex. CybelAngel published a full breakdown of CVE-2026-45659 including what organizations need to know and how to prioritize remediation.

What we’re actually watching: Two unrelated attackers in the same network at the same time is not a coincidence. It is what happens when a widely deployed platform gets a public exploit. The first attacker through the door does not change the locks.

Storm-2603 has been exploiting on-premises SharePoint vulnerabilities since mid-2025. The group’s playbook is consistent: exploit a known SharePoint flaw for initial access, escalate privileges by creating new local and domain administrator accounts, use a vulnerable driver to tamper with endpoint security, and then deploy Warlock ransomware. The pattern is documented. Organizations running unpatched on-premises SharePoint have had months to act and many have not.

The second attacker’s simultaneous presence explains why Microsoft’s Incident Response team described the intrusion as creating “overlapping activity streams” that “enabled sustained access while masking the full scope of the intrusion.” When two threat actors share the same compromised environment, defenders face conflicting indicators, contradictory timelines, and evidence that does not cohere into a single attack chain. Standard incident response assumes one attacker. This case required two parallel investigations running simultaneously.

The CISO question: If your organization runs on-premises SharePoint, do you know when it was last patched, whether Site Member or higher permissions are granted to any external or unverified users, and whether your incident response procedures account for simultaneous multi-actor compromise scenarios?

2. Linux: Bad Epoll CVE-2026-46242 gives any unprivileged user root access on desktops, servers, and Android

The headline: Security researcher Jaeyoung Chung disclosed CVE-2026-46242, a use-after-free vulnerability in the Linux kernel’s epoll subsystem, on July 1. Any local unprivileged user can exploit the flaw to gain full root access on affected Linux desktops, servers, and Android devices. A working proof-of-concept was published alongside the disclosure. A patch is available. The bug sits in the same section of kernel code where Anthropic’s Mythos AI model recently identified a separate vulnerability, meaning the same code region has now produced two exploitable flaws within weeks of each other.

What we’re actually watching: A working local privilege escalation exploit for Linux and Android published with a proof-of-concept means the window between disclosure and active exploitation is measured in days, not weeks. Every unpatched Linux server with any form of user access is now a root escalation away from full compromise.

Epoll is a core Linux feature used by virtually every networked application to monitor multiple connections simultaneously. It cannot be disabled without breaking the applications that depend on it. The use-after-free condition occurs when two kernel threads attempt to free the same internal object simultaneously, allowing an attacker to write controlled data into freed memory and redirect execution. The proof-of-concept demonstrates reliable exploitation across multiple kernel versions without requiring elevated starting privileges.

The AI angle is not incidental. Mythos identified a different bug in the same epoll code region, which means automated AI-powered vulnerability research is systematically analyzing specific high-value kernel subsystems rather than scanning broadly. When AI tools identify one bug in a code region, they often surface related bugs nearby. Bad Epoll’s proximity to the Mythos-found flaw suggests the epoll subsystem contains additional undisclosed vulnerabilities that researchers and threat actors are currently analyzing.

The CISO question: For your organization’s Linux server fleet and Android device estate, do you have a patching process that can respond to publicly disclosed kernel vulnerabilities with working proof-of-concept exploits within 48 hours, before automated exploitation tools integrate the new technique?

3. SimpleHelp: CVE-2026-48558 exploited to deploy two previously unseen malware families

The headline: Threat actors exploited CVE-2026-48558, a CVSS 10.0 authentication bypass in SimpleHelp’s OpenID Connect flow, to deploy two previously undocumented malware families: TaskWeaver and Djinn Stealer. The vulnerability allows unauthenticated attackers to bypass authentication entirely by manipulating the OIDC flow. SimpleHelp is a remote support and access platform used by managed service providers and IT teams to remotely manage endpoints. Active exploitation was confirmed on June 30.

What we’re actually watching: Remote support tools have become a primary target for initial access. When attackers compromise the platform IT teams use to manage endpoints, they inherit access to every device those teams can reach.

TaskWeaver and Djinn Stealer being previously undocumented means they were developed specifically for this campaign and have no existing detection signatures. Security tools cannot detect malware they have never encountered. The use of custom, purpose-built malware against a newly disclosed CVSS 10.0 vulnerability indicates a threat actor that had prior knowledge of the vulnerability or developed the tools in anticipation of the disclosure, rather than a criminal group opportunistically adapting existing tools after the CVE was published.

SimpleHelp’s deployment model amplifies the blast radius. MSPs and IT teams use SimpleHelp to access endpoints across dozens or hundreds of organizations from a single platform. An attacker who compromises a SimpleHelp instance inherits the platform’s access to every managed endpoint. This is not a single-organization breach. It is a potential multi-tenant compromise of every organization whose endpoints are managed through the affected SimpleHelp installation.

The CISO question: If your organization uses remote support or endpoint management tools like SimpleHelp, do you know which external parties have access to those tools, what endpoints they can reach, and whether those platforms are patched against authentication bypass vulnerabilities that could give attackers the same access as your IT team?

4. Oracle: E-Business Suite CVE-2026-46817 actively exploited with CVSS 9.8 payment module takeover

The headline: CVE-2026-46817, a CVSS 9.8 improper privilege management and authentication flaw in Oracle E-Business Suite’s Payments module, came under active exploitation in the wild on June 30. The vulnerability allows unauthenticated attackers to take over susceptible Oracle Payments instances. Oracle E-Business Suite is widely deployed across enterprise finance, procurement, and supply chain operations. The vulnerability was disclosed by Defused Cyber, which confirmed active exploitation in the wild.

What we’re actually watching: Oracle Payments handles financial transactions, vendor disbursements, and payment processing for enterprise organizations. Unauthenticated takeover of a payment module is not a data exposure. It is direct financial system access.

Oracle E-Business Suite environments are often not subject to the same rapid patching cycles as internet-facing web applications because organizations treat them as internal systems with limited external exposure. This assumption is incorrect. Oracle EBS instances are frequently accessible from internal networks by a large number of users, and in many environments, they are reachable via VPN or direct internet exposure for remote finance teams. The authentication flaw does not require any user interaction or prior access, making it exploitable by any attacker who can reach the application.

The Payments module specifically processes outbound financial transactions. An attacker with control of this module can redirect payments, create fraudulent disbursements, modify vendor banking details, or extract transaction data that maps an organization’s financial relationships and payment patterns. This is the combination of access and impact that makes CVE-2026-46817 a priority for any organization running Oracle EBS regardless of their standard patch timeline.

The CISO question: Does your organization treat Oracle E-Business Suite as an internal system with a standard patch cycle, or do you apply emergency patching timelines to EBS vulnerabilities that allow unauthenticated access to payment processing modules?

5. Microsoft: Poisoned MCP tool descriptions turn AI agents into silent data exfiltration tools

The headline: Microsoft published research on June 30 showing that attackers can hijack AI agents by poisoning the tool descriptions those agents read to understand what actions to take. A malicious tool description can instruct an AI agent to quietly hand over company data to an external destination without the agent breaking any rules or triggering any standard security alert. Every step the agent takes looks routine because the agent is following instructions written in a format it trusts completely.

What we’re actually watching: AI agents do not evaluate the intent of instructions. They evaluate whether instructions are syntactically valid and within their permission scope. A poisoned tool description that stays within permission scope will execute without question. The agent never knows it is doing something wrong because it is not doing anything outside its defined boundaries.

The attack requires no code injection, no vulnerability exploitation, and no elevated permissions. An attacker who can influence a tool description that an AI agent reads has full control over that agent’s actions within its permission scope. For agents connected to email, file systems, code repositories, or communication platforms, that permission scope includes data that organizations assume is protected by standard access controls.

This pattern connects directly to the broader MCP ecosystem risk. As more enterprise tools publish MCP integrations and AI agents gain access to organizational systems, the tool description attack surface grows. CybelAngel’s Google Dorks for OSINT guide covers how security teams can use search operators to map their own external exposure, including discovering which organizational assets and integrations are visible to external actors before attackers find them first.

The CISO question: For every AI agent deployed in your organization, do you have a process for auditing the tool descriptions those agents consume, verifying that MCP integrations do not expose tool description endpoints to unauthorized modification, and detecting when agents take unexpected data access actions that fall within their permission scope but outside normal operational patterns?

The pattern across all five stories

Every system that got hit this week was working exactly as designed. Attackers just understood it better than the defenders did.

SharePoint executed code from a Site Member. A Linux kernel use-after-free handed root to any unprivileged user. SimpleHelp’s OIDC flow granted access to anyone who knew how to ask. Oracle processed unauthenticated payment requests. An AI agent followed instructions without questioning who wrote them.

No zero-days. No exotic techniques. Five critical flaws, all patched, all exploited before most teams had finished reading the advisory.

CybelAngel scans your external attack surface the way attackers do. We find what is exposed before they do.

Sobre el autor