Top stories.
- The Pentagon suspends CMMC Phase II requirements.
- Patch Tuesday notes: Microsoft fixes a record 570 flaws.
- Nightmare Eclipse drops another Windows zero-day.
- CISA warns of actively exploited SharePoint flaws.
- Western intelligence agencies warn of Russian hackers targeting critical infrastructure.
The Pentagon suspends CMMC Phase II requirements.
The Pentagon has suspended the Cybersecurity Maturity Model Certification (CMMC) Phase II requirements that were slated to go into effect this November, stating in a memo that the current version of the program imposes "significant and often prohibitive burdens on the Defense Industrial Base (DIB), particularly the small and non-traditional businesses that are the engine of American innovation."
The Pentagon's CIO, Kirsten Davies, told reporters, "I want to be clear across the Department of War and our defense industrial base: investing in and dynamically maintaining robust cybersecurity remains a critical non-negotiable priority. This action does not eliminate the legal requirement for our industry partners to protect federal data." Davies added, "We are not reducing cybersecurity through this measure. We are reducing the red tape."
Michael Duffey, Undersecretary of Defense for Acquisition and Sustainment, stated, "We are halting complex audits. We are stopping the requirement for third-party assessors and audits. We are cleaning up active solicitations immediately. If a current defense solicitation or contract contains those suspended phase two requirements, I have directed our program managers and contracting officers to amend or modify them as soon as possible."
Patch Tuesday notes: Microsoft fixes a record 570 flaws.
Microsoft on Tuesday issued patches for 570 Windows vulnerabilities, nearly tripling the record set by last month's Patch Tuesday, KrebsOnSecurity reports. Nearly sixty of the flaws are rated as "Critical," while two are actively exploited zero-days. The company attributes the record numbers to AI-assisted vulnerability discovery. Microsoft Executive Vice President Pavan Davuluri said in a blog post last week, "The pace of vulnerability discovery is changing with advances in AI making it possible to find more issues, faster, across more code, with new mechanisms that can accelerate both discovery and analysis."
Nightmare Eclipse drops another Windows zero-day.
Just after Microsoft issued its Patch Tuesday updates, disgruntled researcher Nightmare Eclipse released a proof-of-concept exploit dubbed "LegacyHive" that can lead to privilege escalation on Windows systems, SecurityWeek reports. Unlike previous Nightmare Eclipse releases, however, LegacyHive was stripped of code that would enable immediate exploitation.
Nightmare Eclipse stated, "The PoC requires another standard user credentials and a third username (which can be an administrator account), if the PoC is successful, it will end up mounting the target user hive in current user classes root. The PoC was stripped down as an attempt to prevent public exploitation, the original PoC did not require additional user credential and was not limited to usrclass.dat hive, any hive could be loaded using this vulnerability but you would need some brain cells to make the PoC do it."
Microsoft said in a statement that the company is investigating the issue, adding, "[W]e support coordinated vulnerability disclosure, an industry standard that protects customers and supports the research community by ensuring their findings are thoroughly investigated and addressed before being made public."
CISA warns of actively exploited SharePoint flaws.
The US Cybersecurity and Infrastructure Security Agency (CISA) is urging organizations to immediately address three actively exploited SharePoint vulnerabilities, CSO reports. The flaws (CVE-2026-32201, CVE-2026-45659, and CVE-2026-56164) affect all supported on-premises SharePoint Server versions (Subscription Edition, 2019, and 2016) and can lead to "remote code execution and post-exploitation activities, such as stealing Internet Information Services (IIS) machine keys and performing deserialization techniques."
CISA also advises users to patch CVE-2026-55040 and CVE-2026-58644, two SharePoint flaws that have not yet been observed being exploited but pose serious risks.
Western intelligence agencies warn of Russian hackers targeting critical infrastructure.
Intelligence agencies from the Five Eyes nations and eight European allies issued a joint advisory warning that hackers from Russia's Federal Security Service (FSB) are targeting poorly configured and vulnerable routers across critical infrastructure sectors. The threat actors are scanning "Internet IP ranges with active Simple Network Management Protocol (SNMP) agents that accept common or default community strings for authentication." The scans send SNMP Set-Requests that copy the device's configuration and transfer it to "an actor-controlled leased virtual private server (VPS) or compromised FTP server."
The advisory recommends that administrators disable Cisco Smart Install on all devices, use SNMPv3 with "authPriv" configured to the highest encryption standard available, use strong, unique passwords for local accounts, and monitor for unusual credentials and logins to local accounts.
The agencies attribute the activity to the FSB's Center 16, tracked in the industry as "Berserk Bear," "Energetic Bear," "Crouching Yeti," "Dragonfly," "Ghost Blizzard," and "Static Tundra."