Andrew Davies
Back to sources
email newsletterJuly 3, 2026

SharePoint RCE Active Exploitation πŸ› οΈ, Cursor Zero-Click RCE πŸ’₯, NetNut Proxy Disrupted 🌐

TLDR InfoSec

Retained excerpt

CISA added CVE-2026-45659 (CVSS 8.8), a RCE in SharePoint Server Subscription Edition πŸ”“ ATTACKS & VULNERABILITIES SHAREPOINT RCE CVE-2026-45659 ADDED TO CISA KEV AFTER ACTIVE EXPLOITATION (3 MINUTE READ) CISA added CVE-2026-45659 (CVSS 8.8), a RCE in SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016, to its KEV catalog after confirming active exploitation, though Microsoft rates exploitation as "less likely" and the threat actor remains unidentified. Any authenticated attacker with only Site Member permissions could trigger the flaw for remote code execution, no elevated privileges required. Microsoft patched the issue in May. FCEB agencies were ordered to remediate by July 4. Defenders elsewhere should prioritize patching and audit for anomalous authenticated activity on internet-facing SharePoint servers. PACEMAKER MANUFACTURER MEDTRONIC WARNS PATIENTS CYBERCROOKS MAY HAVE SWIPED HEALTH DATA (3 MINUTE READ) Medtronic found…

This limited excerpt is retained to explain the source trail. Rights remain with the original publisher.

SharePoint RCE Active Exploitation πŸ› οΈ, Cursor Zero-Click RCE πŸ’₯, NetNut Proxy Disrupted 🌐 | Crashboard