Intelligence · Updated daily
AI-analysed threats, vulnerabilities and campaigns. Not just what happened — what it means, who's affected, and what to do about it.
Labkotec LID-3300IP devices are vulnerable to unauthenticated access, allowing attackers to take control of critical system operations, posing significant risks to industrial safety.
Hitachi Energy's RTU500 product has critical vulnerabilities that could lead to device outages and exposure of user management information, posing significant risks to industrial control systems.
Mobiliti e-mobi.hu charging stations are vulnerable to critical flaws allowing unauthorized administrative control and denial-of-service attacks, affecting all versions of the product.
A critical vulnerability in Windows ACPX path handling allows cwd injection via .cmd/.bat wrapper fallback, risking command execution. Immediate patching is advised.
The OpenClaw gateway agents.files.get and agents.files.set methods allowed symlink traversal, enabling arbitrary file read/write outside the workspace. This PoC highlights critical risks for defenders.
An RCE vulnerability in OpenClaw's gateway allows authenticated clients to bypass node execution approvals by manipulating parameters, posing a significant risk to connected systems.
UK authorities warn of increased Iranian cyberattack risks targeting British organizations due to Middle East tensions.
A Florida woman was sentenced to 22 months in prison for trafficking thousands of stolen Microsoft Certificate of Authenticity (COA) labels, highlighting vulnerabilities in software supply chain integrity.
A 22-year-old Alabama man has pleaded guilty to hacking, cyberstalking, and extorting hundreds of women by hijacking their social media accounts.
Attackers are using a fake Google Account security page to deliver a Progressive Web App (PWA) that steals credentials, MFA codes, and proxies traffic through victims' browsers. This campaign poses a significant risk due to its ability to bypass multi-factor authentication.
Hackers have adopted CyberStrikeAI, an open-source AI security testing platform, to breach Fortinet FortiGate firewalls, demonstrating a significant shift in attack methodologies leveraging advanced AI tools.
A critical SQL injection vulnerability exists in itsourcecode School Management System 1.0, allowing remote attackers to manipulate database queries. The PoC highlights the need for immediate defensive measures to prevent data exposure and system compromise.
A high-severity vulnerability in OpenClaw's core gateway allowed malicious websites to hijack locally running AI agents via WebSocket connections. The issue has been fixed, but highlights risks of unsecured AI systems.
South Korea's National Tax Service exposed a cryptocurrency wallet seed in a press release, enabling hackers to steal $4.8 million worth of crypto.
The QuickLens Chrome extension was removed after being compromised to push malware aimed at stealing cryptocurrency from users. The attack highlights vulnerabilities in third-party browser extensions and the risks of crypto-related phishing.
The Langflow CSV Agent hardcodes a flag that enables arbitrary code execution, posing a severe security risk.
Vitess backup restoration process allows attackers with backup storage access to write files to arbitrary paths, enabling unauthorized access and potential system compromise.
Vikunja's password reset mechanism allows token reuse due to improper token invalidation and cleanup, enabling persistent account takeovers.
Third-party software like PDF readers and email clients pose significant risks to organizations' security, with consistent patching being crucial to mitigate exploit exposure.
Europol's Project Compass operation has led to the arrest of 30 individuals linked to The Com, a cybercrime group targeting children and teenagers. This coordinated international effort highlights the growing threat of child-targeted online exploitation.
North Korean hackers, APT37, are using newly discovered malware to breach air-gapped networks by leveraging removable drives and conducting covert surveillance.
Microsoft is improving the security of batch file and CMD script execution in Windows 11 Insider Preview builds, addressing a common attack vector for malicious scripts.
The News Portal Project 1.0 has an SQL injection vulnerability in /admin/add-category.php due to improper handling of the Category parameter, allowing remote attackers to execute arbitrary SQL commands.
The itsourcecode News Portal Project 1.0 contains a critical SQL injection vulnerability in /newsportal/admin/edit-category.php, allowing remote attackers to manipulate the Category argument for malicious database queries.
A SQL injection vulnerability exists in the Username parameter of /loging.php, allowing remote exploitation. This PoC highlights the need for immediate defensive measures to prevent potential data breaches.