This Week in Blue Team
The first week of 2026 brought a cluster of high-severity disclosures across network appliances and a notable shift in ransomware operator TTPs. Below is the signal worth tracking.
Notable CVEs & Vulnerabilities
CVE-2026-XXXX — Network Appliance RCE
Pre-auth remote code execution affecting a widely deployed edge appliance. Patch available; prioritize internet-facing assets.
Threat Actor Activity
A financially motivated actor has added living-off-the-land techniques to their initial access playbook, reducing reliance on commodity malware in favor of native OS tooling. Detection coverage in standard EDR rules may be thinner here.
Tooling & Detection Engineering
Sigma rule updates for the above CVEs are available in the official repository. Elastic’s detection rules repo shipped new rules targeting command-and-control patterns over DNS.