Threat Hunter
1 week, 5 days ago
SharePoint Is on Fire Again: What CISA\'s CVE-2026-45659 Warning Means, and How to Hunt It
On July 2, 2026, CISA added CVE-2026-45659, a SharePoint Server RCE, to its Known Exploited Vulnerabilities catalog with a two-day patch deadline. Storm-2603 is using it to stage Warlock ransomware, living off the land the whole way. Here is why it matters, plus a free 12-rule Sigma pack to hunt it.