The input describes a collection of cybersecurity news items, focusing notably on a critical vulnerability in the NSA's GRASSMARLIN open source ICS network mapping tool. This flaw enables attackers to exfiltrate sensitive files out-of-band, facilitating lateral movement within industrial control system networks. Since GRASSMARLIN reached end-of-life in 2017, no official patches will be issued. Additional issues include a significant data breach at ADT exposing millions of customer records, and other vulnerabilities in Cursor IDE and Qinglong task scheduler allowing remote code execution. The report also covers law enforcement actions against a Scattered Spider hacker and various policy and security guidance updates.

The GRASSMARLIN vulnerability poses a risk to industrial networks by enabling attackers to steal sensitive files and move laterally, potentially compromising critical infrastructure environments. The lack of official patches increases exposure for users still relying on this tool. The ADT data leak exposed millions of customer records, including personal information and partial social security numbers, raising privacy and identity theft concerns. Other vulnerabilities in development tools and task schedulers allow remote code execution, which can lead to unauthorized system control and resource abuse such as cryptomining. The arrest of a key Scattered Spider hacker disrupts a known threat actor group but does not eliminate the broader threat landscape.

For the GRASSMARLIN vulnerability, no official patches are available due to end-of-life status; organizations should discontinue use of this tool and seek alternative, supported solutions for ICS network mapping. For the ADT data leak, affected customers should follow guidance from ADT and monitor for identity theft; organizations should review cloud security configurations and access controls. Users of Cursor IDE and Qinglong task scheduler should apply any available vendor patches or updates addressing CVE-2026-26268, CVE-2026-3965, and CVE-2026-4047. Microsoft Exchange Online users must transition to TLS 1.2 or later by July 2026 to maintain secure email communications. Follow official advisories and vendor guidance for each specific vulnerability or incident.