Published Tuesday, July 14, 2026 at 09:00 AM PT

14 JUL 2026
BLUF: Active exploitation of Microsoft 365 and SAP infrastructure ongoing; OAuth spoofing campaign targeting Entra ID at scale; supply chain compromise in JavaScript ecosystem; Iran conflict escalation with first armed surface drone combat employment.
CYBER
• Microsoft 365 Account Takeover Campaign (Forg365 PaaS): Phishing-as-a-service platform distributed via Telegram lowering technical barrier to M365 account compromise; new kits evade MFA via OAuth client ID spoofing. [BleepingComputer, Help Net Security] [HIGH CONFIDENCE]. Affects millions of Entra ID accounts; credential validation now possible without user interaction.
• OAuth Client ID Spoofing — Entra ID Compromise at Scale: Widespread threat exploiting OAuth client ID spoofing to validate stolen Microsoft Entra credentials without triggering detection. [The Hacker News, news4hackers] [HIGH CONFIDENCE]. Attackers can now confirm credential validity before lateral movement; reduces reconnaissance time significantly.
• SAP NetWeaver & Commerce Cloud Critical Flaws: 16 vulnerabilities patched in July 2026 cycle; three critical in NetWeaver. [BleepingComputer] [HIGH CONFIDENCE]. Exploitation timeline unknown; prioritize patching in production environments.
• Jscrambler NPM Supply Chain Compromise: Multiple malicious iterations of Jscrambler packages released over weekend; entire repository potentially compromised. [news4hackers] [HIGH CONFIDENCE]. Affects JavaScript build pipelines; audit dependency trees for affected versions immediately.
• Microsoft SharePoint Unauthenticated RCE (Rapid7 Zero-Day): Two chained vulnerabilities enable unauthenticated remote code execution on vulnerable SharePoint servers. [Rapid7] [HIGH CONFIDENCE]. Public disclosure imminent; patch availability status unclear as of 14 JUL 0600Z.
• UEFI Secure Boot Bypass via Legacy Microsoft-Signed Shims: 11 old Microsoft-signed Linux UEFI shims identified as capable of bypassing Secure Boot; scope of affected systems unknown. [Help Net Security] [MODERATE CONFIDENCE]. Affects firmware-level trust chain; remediation requires BIOS updates and inventory of deployed shims.
• AI-Driven Cyberattacks Now Autonomous Across Full Kill Chain: Check Point threat intelligence confirms AI now powers identification of security flaws, command generation, and execution with minimal human input. [Straits Times] [HIGH CONFIDENCE]. Represents qualitative shift in attack velocity and scale; traditional detection signatures insufficient.
MILITARY/GEOPOLITICAL
• First Armed Surface Drone Combat Employment: U.S. conducted strikes on Iranian naval base at Bandar Abbas using armed unmanned surface vehicles; first confirmed combat use of this platform class. [The Aviationist] [HIGH CONFIDENCE]. Indicates operational maturity of autonomous naval strike capability; escalation marker in Iran conflict.
• Iran Blocks Strait of Hormuz: Following 28 FEB 2026 onset of U.S.-Israel conflict with Iran, strait now under Iranian interdiction. [Live news search] [HIGH CONFIDENCE]. Global energy markets and shipping lanes affected; supply chain implications for critical infrastructure dependent on Gulf energy flows.
• NATO Task Force X Multi-Domain Integration: Italy leading NATO’s first fully multi-domain task force testing integration of autonomous systems across air, surface, subsurface domains. [Live news search] [HIGH CONFIDENCE]. Operational capability demonstration; indicates NATO standardization of autonomous warfare doctrine.
• France Commits 16 Rafale Jets + Missile Production License to Ukraine: France authorizing Ukrainian domestic production of French-designed cruise missiles, guided bombs, air defense interceptors. [Defence Blog] [HIGH CONFIDENCE]. Represents shift from aid to co-production; extends Ukrainian strike capability and reduces logistics dependency.
• $87.6B Iran War Supplemental Appropriation (FY2026): Trump administration supplemental funding for Operation Epic Fury (Iran War); includes tax provisions to offset costs. [The Cipher Brief] [HIGH CONFIDENCE]. Indicates sustained commitment to conflict; budget implications for other defense priorities.
• Russian Hackers Targeting Critical Infrastructure via Router Exploitation: UK and EU attribute attempted attack on Poland power grid to Russian intelligence unit; weak router security exploited as entry vector. [Live news search] [HIGH CONFIDENCE]. Indicates shift to infrastructure targeting; Poland grid remains under active threat.
PHYSICAL/LOCAL
• Los Angeles Police Department Ends Flock Camera Contract: LAPD terminated three-year agreement with Flock Safety (138 automated license plate readers) effective 11 JUL 2026 due to data privacy concerns. [Live news search] [HIGH CONFIDENCE]. Reduces surveillance infrastructure in LA metro; potential operational gap in license plate intelligence collection.
• Sheriff’s Oversight Commission Litigation: LA County Sheriff’s watchdog group fighting county attorneys over obstruction of oversight; requires new legal representation. [Live news search] [MODERATE CONFIDENCE]. Indicates institutional friction in law enforcement accountability structures; no immediate security impact.
• ICE Shooting Incident — Non-Warrant Target: Fatal shooting by ICE in Maine; victim was not warrant target. Second ICE-involved death in one week (Houston incident 07 JUL). [Live news search] [HIGH CONFIDENCE]. Escalating pattern of ICE enforcement incidents; potential for civil unrest in affected communities.
NUCLEAR/WMD
• South Korea-U.S.-Japan Small Modular Reactor Alliance: Three nations discussing joint SMR export projects for Indo-Pacific energy security. [Live news search] [HIGH CONFIDENCE]. Non-proliferation implications; civilian nuclear fuel cycle expansion in region.
ASSESSMENT
Active Exploitation Environment: Microsoft 365 and SAP infrastructure under active, scalable attack via OAuth spoofing and phishing-as-a-service platforms. Supply chain compromise in JavaScript ecosystem requires immediate dependency audit. SharePoint RCE disclosure imminent; patch urgency critical.
AI Escalation: Autonomous AI-driven cyberattacks now executing full kill chains with minimal human direction. Detection and response playbooks designed for human-paced operations insufficient; requires behavioral anomaly detection and automated response acceleration.
Iran Conflict Kinetic Escalation: First armed surface drone employment in combat signals operational maturity of autonomous naval strike. Strait of Hormuz blockade creates global supply chain vulnerability; energy-dependent critical infrastructure at elevated risk.
Infrastructure Posture: Routine elevated alerts across on-box monitoring; no immediate threats identified in perimeter activity. LAPD Flock camera termination reduces LA metro surveillance capability but does not affect critical infrastructure security posture.
KEY JUDGMENTS
Active exploitation of Microsoft 365 OAuth mechanisms and SAP infrastructure is ongoing at scale with minimal technical barriers to entry; immediate patching and credential rotation required across enterprise environments. AI-driven cyberattacks have achieved autonomous execution across full kill chains, representing qualitative shift in threat velocity requiring detection model overhaul. Iran conflict escalation via armed surface drones and Strait of Hormuz blockade creates sustained global supply chain and energy market disruption affecting critical infrastructure dependent on Gulf energy flows.
