The Threat CodexFeb 12
Storm-2603 Exploits CVE-2026-23760 to Stage Warlock Ransomware
#Storm_2603 #CVE_2026_23760 #WarlockRansomware
https://reliaquest.com/blog/threat-spotlight-storm-2603-exploits-CVE-2026-23760-to-stage-warlock-ransomware
Storm-2603 Exploits CVE-2026-23760 to Stage Warlock Ransomware

ReliaQuest has identified active exploitation of CVE-2026-23760 in SmarterTools SmarterMail email server software, likely by Storm-2603.

ReliaQuest
The Threat CodexJul 22, 2025
Disrupting active exploitation of on-premises SharePoint vulnerabilities
#LinenTyphoon #VioletTyphoon #Storm_2603 #CVE_2025_53770 #CVE_2025_49704 #CVE_2025_53771 #CVE_2025_49706
https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/
Disrupting active exploitation of on-premises SharePoint vulnerabilities | Microsoft Security Blog

Microsoft has observed two named Chinese nation-state actors, Linen Typhoon and Violet Typhoon, exploiting vulnerabilities targeting internet-facing SharePoint servers. In addition, we have observed another China-based threat actor, tracked as Storm-2603, exploiting these vulnerabilities. Microsoft has released new comprehensive security updates for all supported versions of SharePoint Server (Subscription Edition, 2019, and 2016) that protect customers against these new vulnerabilities. Customers should apply these updates immediately to ensure they are protected.

Microsoft Security Blog