TL;DR
Microsoft released a record 200 security patches including critical flaws; Veeam issued fixes for a critical RCE (CVE-2026-44963, CVSS 9.4); GitHub repositories remain offline as Microsoft investigates the Miasma supply-chain worm affecting 73 projects. Prioritize Microsoft and Veeam patching immediately.
Executive Summary
- Microsoft released nearly 200 security updates for Windows and supported software, with approximately three dozen rated critical.
- Veeam Backup & Replication users face a critical remote code execution vulnerability (CVE-2026-44963, CVSS 9.4) that security patches now address.
- Microsoft has partially restored GitHub repositories after a supply-chain attack compromised 73 open-source projects to inject information stealers, with investigation ongoing.
- Russia-aligned groups are actively exploiting a patched WinRAR vulnerability (CVE-2025-8088) against Ukrainian military and government targets.
- ServiceNow disclosed a security incident in which attackers exploited an unauthenticated API endpoint flaw to access customer data.
Top Threats Today
1. Microsoft Patch Tuesday Record – 200 Vulnerabilities
Severity: HIGH Affected: Technology
Microsoft released software updates addressing nearly 200 security holes across Windows operating systems and supported software, a record number for the company's monthly Patch Tuesday cycle [1][2]. Approximately three dozen of those bugs earned Microsoft's most critical rating [1]. SecurityWeek reported that three of the vulnerabilities fixed were publicly disclosed before Microsoft addressed them [3].
Sources:[1] Krebs on Security[2] Dark Reading[3] SecurityWeek
Recommended Action
- Immediately inventory all Microsoft Windows and supported software deployments in your environment.
- Prioritize testing and deployment of patches for any publicly disclosed vulnerabilities.
- Enable Windows Update automation where feasible to accelerate patching timelines.
- Monitor endpoint detection and response (EDR) systems for exploitation attempts during the patching window.
2. Veeam Backup & Replication Critical RCE
Severity: CRITICAL Affected: Technology
Veeam has released security patches to address a critical remote code execution flaw in its Backup & Replication software tracked as CVE-2026-44963, with a CVSS score of 9.4 [1]. Domain users can trigger this vulnerability to execute remote code ⚠[1].
Sources:[1] The Hacker News
Recommended Action
- Obtain and test Veeam's security patch for Backup & Replication immediately in a non-production environment.
- Verify the patch version and apply to all Backup & Replication installations across your infrastructure.
- Review logs for any domain user activity that may indicate exploitation attempts prior to patching.
- Restrict network access to Veeam Backup & Replication infrastructure where possible.
3. Microsoft GitHub Repository Compromise – Miasma Supply-Chain Attack
Severity: HIGH Affected: Technology
Microsoft confirmed that it temporarily removed some GitHub repositories in response to a security incident in which 73 of its open-source projects were compromised to inject an information stealer into the code [1][2]. The attacks stemmed from a GitHub account that was also compromised in a previous Miasma attack on Microsoft last month [2]. Microsoft has restored some repositories while keeping others offline as the investigation continues [1].
Sources:[1] The Hacker News[2] Dark Reading
Recommended Action
- Review any Microsoft open-source dependencies integrated into your projects, particularly those from GitHub.
- Check your software supply-chain security tooling logs for downloads or ingestion of Microsoft repositories during the compromise window.
- Monitor Microsoft's GitHub repository status updates for restoration confirmations and security advisories.
- Redeploy any affected dependencies only after Microsoft confirms integrity and security.
4. Russia-Aligned Groups Weaponize Patched WinRAR Against Ukraine
Severity: HIGH Affected: Government, Defense
Two Russia-aligned cyber attack campaigns have continued to exploit a security flaw in WinRAR to target Ukrainian organizations, almost a year after patches were released [1]. The activity has been attributed by Trend Micro to Earth Dahu (also known as Gamaredon) and SHADOW-EARTH-066 [1]. The vulnerability tracked as CVE-2025-8088 is being weaponized to conduct data theft and cyberespionage against military and government targets in Ukraine ⚠[2].
Sources:[1] The Hacker News[2] Dark Reading
Recommended Action
- Verify that all WinRAR installations across your organization have the security patch applied.
- For organizations in government or defense sectors, prioritize WinRAR patching as part of routine vulnerability management.
- Monitor for suspicious WinRAR processes or compressed archive handling that may indicate exploitation.
- Review access logs to compressed file sources and suspicious extraction activity.
5. ServiceNow Security Incident – Unauthenticated API Exploitation
Severity: HIGH Affected: Technology
ServiceNow disclosed a security incident after attackers exploited an unauthenticated access flaw through a vulnerable API endpoint, allowing them to query data from customer instances [1].
Sources:[1] BleepingComputer
Recommended Action
- Contact ServiceNow support to confirm whether your instances were affected and obtain detailed incident scope.
- Review ServiceNow API access logs for unusual or unauthorized queries during the incident window.
- Apply any security patches or configuration changes ServiceNow recommends to remediate the unauthenticated API access.
- Reset credentials for any ServiceNow administrative accounts and enforce multi-factor authentication.
Today’s Action Checklist
- ☐ URGENT: Obtain Veeam Backup & Replication security patch (CVE-2026-44963) and schedule emergency deployment.
- ☐ HIGH: Assess your environment for Microsoft Windows and supported software requiring Patch Tuesday updates; prioritize publicly disclosed flaws.
- ☐ HIGH: Inventory any Microsoft open-source dependencies ingested from GitHub; verify integrity after Miasma incident confirmation.
- ☐ HIGH: Confirm WinRAR patches are applied across all endpoints and systems.
- ☐ MEDIUM: Contact ServiceNow support to confirm incident scope and obtain remediation guidance for your instances.