Daily Digest

Microsoft Scrambles to Patch 'RoguePlanet' Defender Zero-Day as DragonForce Ransomware Abuses Teams for Stealth Attacks

Microsoft Scrambles to Patch 'RoguePlanet' Defender Zero-Day as DragonForce Ransomware Abuses Teams for Stealth Attacks

June 18, 2026
11 articles (8 new, 3 updated)
33 min read

Summary

This week in cybersecurity, Microsoft confirmed a critical zero-day vulnerability in its own Defender antivirus, dubbed 'RoguePlanet,' with a public exploit forcing an urgent patch. Meanwhile, the DragonForce ransomware group demonstrated sophisticated new tactics, hiding its command-and-control traffic within legitimate Microsoft Teams infrastructure to evade detection for months. Other major developments include a massive $4.175 billion investment by Accenture into OT security by acquiring Dragos, runZero, and NetRise; the rapid rise of INC Ransomware into a top-tier threat; and a stark warning from the UK's NCSC that 75% of attacks on critical infrastructure are state-sponsored.

Filter by Category

New Articles (8)

Accenture Bets $4.175B on OT Security, Acquiring Dragos, runZero, and NetRise

INFORMATIONAL

Accenture Announces $4.175B Acquisition of Dragos, runZero, and NetRise to Dominate OT Cybersecurity Market

Accenture is making a monumental $4.175 billion investment to secure a leading position in the operational technology (OT) security market. The consulting giant is acquiring a majority stake in OT threat intelligence leader Dragos, while fully acquiring asset discovery firm runZero and firmware security specialist NetRise. The move aims to create a comprehensive, end-to-end platform to defend critical infrastructure against escalating cyber threats.

June 18, 2026
5 min read
AccentureDragosrunZeroNetRiseOT Security +3 more
Accenture Bets $4.175B on OT Security, Acquiring Dragos, runZero, and NetRise

INC Ransomware Skyrockets to Top-Tier Threat, Claiming Over 830 Victims

HIGH

INC Ransomware Emerges as a Dominant RaaS Threat in 2026, Exploiting Proven TTPs to Compromise 830+ Organizations

The INC ransomware-as-a-service (RaaS) group has rapidly become one of 2026's most prolific threats, claiming over 830 victims since August 2023. Capitalizing on the downfall of rivals like LockBit and BlackCat, INC has scaled its operations by attracting skilled affiliates and focusing on reliable, high-volume attack methods rather than novel exploits. The group's Rust-based encryptor and targeting of sectors like healthcare and manufacturing have cemented its status as a major cybercrime operation.

June 18, 2026
5 min read
INC RansomwareRaaSLockBitBlackCatCybercrime +3 more
INC Ransomware Skyrockets to Top-Tier Threat, Claiming Over 830 Victims

UK NCSC: Hostile States Behind 75% of Attacks on Critical Infrastructure

HIGH

NCSC Chief Warns Hostile States are Behind Three-Quarters of Attacks on UK Critical National Infrastructure

The head of the UK's National Cyber Security Centre (NCSC) has issued a stark warning, revealing that hostile state actors are believed to be responsible for 75% of the 200+ cyber incidents targeting the nation's critical infrastructure in the past year. NCSC CEO Richard Horne urged a fundamental shift in mindset, calling on organizations to treat cybersecurity not as a risk to be managed, but as a continuous 'contest' against capable adversaries like Russia, China, and Iran.

June 18, 2026
5 min read
NCSCUKCritical InfrastructureState-SponsoredAPT +3 more
UK NCSC: Hostile States Behind 75% of Attacks on Critical Infrastructure

Cisco Patches Critical RCE Flaw (CVE-2026-20181) in ISE with 9.1 CVSS Score

CRITICAL

Cisco Patches Critical Remote Command Execution Vulnerability in Identity Services Engine (ISE)

Cisco has released urgent security updates for its Identity Services Engine (ISE) to fix a critical vulnerability, CVE-2026-20181, with a CVSS score of 9.1. The flaw could allow a remote, authenticated administrator to execute arbitrary commands with root privileges on the underlying operating system. A second high-severity information disclosure flaw, CVE-2026-20190, was also addressed. Customers are urged to apply the patches immediately as there are no workarounds.

June 18, 2026
5 min read
CiscoCisco ISECVE-2026-20181CVE-2026-20190RCE +3 more
Cisco Patches Critical RCE Flaw (CVE-2026-20181) in ISE with 9.1 CVSS Score

Attacks on Legacy Systems Hit 77% of UK Utility Companies, Report Finds

HIGH

77% of UK Utilities Suffered Cyber Attacks on Legacy OT Systems in Past Year

A new report from cybersecurity firm Bridewell reveals a troubling trend in the UK's critical infrastructure sector: 77% of utility companies have experienced cyber attacks targeting their legacy equipment and outdated operational technology (OT) in the last 12 months. These incidents are causing significant operational disruption, with nearly half of the affected organizations reporting IT outages, highlighting the urgent need to secure aging industrial control systems.

June 18, 2026
4 min read
UtilitiesUKLegacy SystemsOT SecurityICS +2 more
Attacks on Legacy Systems Hit 77% of UK Utility Companies, Report Finds

Kodak Confirms Data Breach After ShinyHunters Threatens to Leak 2.2M Records

HIGH

Kodak Acknowledges Security Breach as ShinyHunters Extortion Group Claims Theft of 2.2 Million Records

Eastman Kodak Company has confirmed it suffered a data breach after the notorious ShinyHunters extortion group listed the company on its dark web leak site. ShinyHunters claims to have stolen 2.2 million records, including customer PII and internal data, and has threatened to leak the information if its demands are not met. Kodak stated it has contained the incident and is investigating, but has not confirmed the scale of the data theft claimed by the attackers.

June 18, 2026
4 min read
KodakShinyHuntersData BreachExtortionPII +1 more
Kodak Confirms Data Breach After ShinyHunters Threatens to Leak 2.2M Records

Atlassian and Splunk Push Critical Patches for RCE and Dependency Flaws

CRITICAL

Atlassian and Splunk Release Patches for Critical Vulnerabilities, Including Command Injection in Splunk AI Toolkit

Splunk and Atlassian have issued a series of security updates to address multiple vulnerabilities, some critical. Splunk patched a 9.1 CVSS command injection flaw (CVE-2026-20266) in its AI Toolkit that could lead to remote code execution. Simultaneously, Atlassian released nearly 100 bulletins to fix security defects in third-party dependencies across its product suite, including Jira, Confluence, and Bitbucket. Customers are urged to update immediately.

June 18, 2026
5 min read
SplunkAtlassianPatch ManagementVulnerabilityRCE +2 more
Atlassian and Splunk Push Critical Patches for RCE and Dependency Flaws

WALLIX and Inria Partner to Develop Sovereign AI for Cybersecurity in France

INFORMATIONAL

WALLIX and Inria Announce Strategic Partnership to Develop Trusted, Sovereign AI for Identity and Access Management

French cybersecurity firm WALLIX and Inria, France's national research institute for digital science, have formed a strategic partnership to accelerate the development of trusted, sovereign artificial intelligence for cybersecurity. Announced at VivaTech 2026, the collaboration will focus on applying AI to identity and access management, including behavioral analytics and securing non-human identities, to bolster French and European digital autonomy.

June 18, 2026
4 min read
AIArtificial IntelligenceCybersecurityWALLIXInria +3 more
WALLIX and Inria Partner to Develop Sovereign AI for Cybersecurity in France

Updated Articles (3)

Iranian APT 'Screening Serpens' Unleashes New RATs in Espionage Attacks on US, Israel, and UAE

HIGH

Iranian APT 'Screening Serpens' Deploys New RATs 'MiniUpdate' and 'MiniJunk V2' in Espionage Campaigns

Update:

The Iran-linked APT group UNC1549 has expanded its cyber-espionage campaign from regional to global targeting, focusing on the aerospace, aviation, and defense industries. The group now leverages spear-phishing links to fake career portals to deliver custom malware, including new implants like SIGHTGRAB, TRUSTRAP, and MiniBrowse. New evasion techniques observed include binary padding and DLL Search Order Hijacking, indicating increased sophistication and a broader threat landscape. (Source: SOC Prime)

May 30, 2026
Updated: June 18, 2026
5 min read
APTScreening SerpensIrancyber espionageRAT +2 more
Iranian APT 'Screening Serpens' Unleashes New RATs in Espionage Attacks on US, Israel, and UAE

DragonForce Ransomware Abuses Microsoft Teams Servers for C&C in Novel Attack

HIGH

DragonForce Ransomware Deploys 'Backdoor.Turn', a Go-Based Backdoor that Hides C&C Traffic Using Microsoft Teams TURN Relay Servers

Update:

Further analysis of the DragonForce ransomware campaign reveals that the 'Backdoor.Turn' malware leveraged a previously undisclosed Huawei driver vulnerability for privilege escalation, allowing the threat actors to achieve SYSTEM-level access. Crucially, the sophisticated C2 evasion technique using Microsoft Teams' TURN servers enabled the attackers to remain undetected on the victim's network for an extended period of one to two months, significantly increasing the potential for data exfiltration and comprehensive compromise before the final ransomware deployment. This extended dwell time underscores the advanced stealth capabilities of the group.

June 17, 2026
Updated: June 18, 2026
5 min read
C2Defense EvasionLiving off the LandGoQUIC
DragonForce Ransomware Abuses Microsoft Teams Servers for C&C in Novel Attack

Microsoft Confirms 'RoguePlanet' Zero-Day in Defender, Patch in Development

HIGH

Microsoft Acknowledges CVE-2026-50656, a Local Privilege Escalation Zero-Day in Microsoft Defender, After Researcher Drops Public Exploit

Update:

The 'RoguePlanet' zero-day (CVE-2026-50656) in Microsoft Defender is now confirmed to affect Windows Server 2019 and 2022, expanding its potential impact. The vulnerability has been assigned a CVSS score of 7.8. While Microsoft has not observed active exploitation in the wild, they have rated it as 'Exploitation More Likely', indicating a high probability of future attacks. New technical details clarify the race condition mechanism involving symbolic links in `mpengine.dll`. Additional hunting hints and detection methods, including Sysmon and file system auditing, have been provided to help organizations identify and mitigate potential exploitation attempts.

June 17, 2026
Updated: June 18, 2026
4 min read
Zero-DayPrivilege EscalationWindows DefenderExploitRace Condition
Microsoft Confirms 'RoguePlanet' Zero-Day in Defender, Patch in Development

📢 Share This Publication

Help others stay informed about cybersecurity threats

📅 Daily Edition

Curated and deduplicated every day from dozens of trusted sources — giving you one clean, consolidated view of what matters in cybersecurity.

🔢 Deduplication Applied

Related stories are merged into a single evolving article rather than repeated as separate entries — cutting through noise so you only read what's new.

🔗 Full Articles Linked

Every entry links to its full enriched article — complete with MITRE ATT&CK mappings, extracted IOCs, and actionable detection and mitigation guidance.