Weekly Threat Roundup: Orkes Conductor RCE (June 29–July 5)
Cybersecurity roundup for 2026-06-29 to 2026-07-05. 1 CVE advisories, 1 breach reports, 3 threat news stories.
This Week at a Glance
A critical unauthenticated RCE in Orkes Conductor tops this week’s vulnerabilities, while a 2.3M-record breach at Moody Bible Institute underscores persistent data exposure risks. Threat actors are actively exploiting CISA-listed vulnerabilities and evolving ransomware tactics with BYOVD and supply chain attacks.
Top Vulnerabilities
- CVE-2026-58138 (CVSS 9.8, Critical): Orkes Conductor versions 3.21.21 through 3.30.2 are vulnerable to unauthenticated remote code execution. Patch immediately to 3.30.2+. Full advisory
Data Breaches
- Moody Bible Institute: 2.3 million user accounts were exposed in a breach. Compromised data includes personally identifiable information. Full report
Threat Intelligence
- Attackers are actively exploiting CVE-2026-48558 in SimpleHelp to deploy TaskWeaver and Djinn Steal malware. Full analysis
- CVE-2026-45659, a SharePoint RCE, has been added to CISA’s Known Exploited Vulnerabilities catalog following active exploitation. Read more
- Ransomware groups are adopting Citrix Bleed 2, bring-your-own-vulnerable-driver (BYOVD) techniques, and compromised supply chain credentials for initial access. Full intelligence report
Key Takeaway
The convergence of critical CVEs with active exploitation (Orkes Conductor, SharePoint RCE) and ransomware groups pivoting to supply chain credentials signals a shift: attackers are prioritizing edge infrastructure and third-party trust chains over traditional phishing. Security teams should audit external-facing services for unpatched CVEs and review vendor access controls.
Never miss a security update
Get real-time security alerts delivered to your preferred platform.
Related News
CISA warned on Wednesday that attackers have begun exploiting a high-severity Microsoft SharePoint remote code execution vulnerability patched in May. [...]
A critical Microsoft SharePoint vulnerability patched in January is now being exploited in attacks, the Cybersecurity and Infrastructure Security Agency (CISA) warned. [...]
Cybersecurity roundup for 2026-04-06 to 2026-04-12. 10 CVE advisories, 2 breach reports, 4 threat news stories.
Threat actors associated with the Anubis ransomware operation have been observed exploiting the Citrix Bleed 2 (CVE-2025-5777) vulnerability to obtain initial access. 'Although tactics differ between