Field notes from the edge.
What our engineers learned this week. Hands-on technical deep-dives, postmortems, and strategy frameworks.
AIIvanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access
Ivanti has issued a warning about CVE-2026-6973, a high-severity remote code execution vulnerability in Endpoint Manager Mobile (EPMM) that is being actively exploited in limited attacks. The flaw, caused by improper input validation, allows authenticated users with administrative access to execute remote code on affected systems running EPMM versions prior to 12.6.1.1, 12.7.0.1, and 12.8.0.1.
AIAttacks Abuse Windows Phone Link to Steal Texts & Bypass 2FA
Cybercriminals are exploiting Windows Phone Link functionality to intercept SMS messages and bypass two-factor authentication through a new attack campaign. The attacks deploy CloudZ RAT malware alongside a novel plugin called Pheno to compromise the connection between Windows PCs and smartphones, enabling unauthorized access to text messages and authentication codes.
AIThe Hacker News Launches 'Cybersecurity Stars Awards 2026' — Submissions Now Open
The Hacker News, a cybersecurity news publication with nearly 20 years of experience, has announced the launch of its 'Cybersecurity Stars Awards 2026' with submissions now open. The awards aim to recognize and celebrate the often-overlooked achievements of cybersecurity leaders, teams, and security products that work continuously to defend against threats.
AIMuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware Attack
Iranian state-sponsored threat actor MuddyWater conducted a false flag ransomware attack in early 2026, using Microsoft Teams as an initial attack vector through social engineering techniques. Rapid7 identified this operation, which represents a concerning evolution in nation-state tactics that disguise espionage activities as financially-motivated cybercrime.