Intelligence · Updated daily
AI-analysed threats, vulnerabilities and campaigns. Not just what happened — what it means, who's affected, and what to do about it.
US intelligence agencies revealed that the Chinese state-sponsored Salt Typhoon campaign has expanded beyond the initially reported telecom carriers, with evidence of persistent access in additional US and allied nation telecommunications networks.
Microsoft's November Patch Tuesday addresses a critical Exchange Server vulnerability being exploited by a nation-state group to access email communications, along with three other actively exploited flaws.
A critical zero-day vulnerability in Citrix NetScaler ADC and Gateway allows unauthenticated remote code execution, with threat actors injecting credential-harvesting JavaScript into login pages.
The EU Cyber Resilience Act's vulnerability reporting obligations take effect, requiring manufacturers of products with digital elements to report actively exploited vulnerabilities within 24 hours.
A critical vulnerability in Kubernetes kubelet allows attackers to escape container boundaries through crafted volume mount operations, potentially compromising the underlying node and all co-located containers.
Microsoft's October Patch Tuesday addresses a critical Remote Desktop Protocol vulnerability being exploited to gain initial access to enterprise networks without valid credentials.
An expanded international law enforcement operation seized remaining LockBit ransomware infrastructure, arrested additional administrators, and released decryption keys benefiting thousands of victims.
Multiple critical vulnerabilities in Palo Alto Networks Expedition migration tool allow unauthenticated attackers to access firewall configuration files, credentials, and API keys stored in the tool's database.
A critical deserialization vulnerability in Veeam Backup & Replication allows unauthenticated attackers to gain remote code execution, with ransomware groups actively targeting backup infrastructure.
A ransomware attack forced a major US hospital network to divert ambulances and revert to paper records across multiple facilities, the largest healthcare disruption since the Change Healthcare incident.
Cisco disclosed a critical authentication bypass in IOS XE Web UI affecting thousands of enterprise network devices, with mass exploitation and web shell deployment observed within 48 hours of disclosure.
Microsoft's September Patch Tuesday patches a wormable remote code execution vulnerability in the Windows TCP/IP stack along with two actively exploited privilege escalation zero-days.
PyPI now requires all newly published packages to include build provenance attestations using Sigstore, marking a major milestone in supply chain security for the Python ecosystem.
A critical vulnerability in GitLab CE/EE allows attackers to hijack any account by manipulating the password reset flow, with exploitation already observed targeting internet-facing instances.
US intelligence agencies released a joint advisory warning that Chinese state-sponsored group Volt Typhoon has expanded pre-positioning operations to water treatment facilities, maintaining persistent access for potential disruptive attacks.
A supply chain attack targeting a widely-used npm package injected cryptocurrency-stealing malware, affecting over 12 million weekly downloads before detection.
Microsoft's August Patch Tuesday addresses over 80 vulnerabilities with six confirmed actively exploited zero-days spanning Windows kernel, Office, and the SmartScreen security feature.
A critical stack-based buffer overflow in SonicWall SMA 100 series appliances allows unauthenticated remote code execution, with multiple ransomware affiliates exploiting it as an initial access vector.
Google Cloud began enforcing mandatory multi-factor authentication for all user accounts, completing a phased rollout that started in late 2024 and affecting millions of cloud platform users worldwide.
Apple released emergency security updates across iOS, iPadOS, and macOS to fix two WebKit zero-day vulnerabilities actively exploited in sophisticated spyware attacks targeting journalists and activists.
A major US health insurance provider confirmed a data breach affecting approximately 15 million current and former members, with stolen data including Social Security numbers, medical records, and financial information.
A critical unauthenticated RCE vulnerability in FortiManager is being exploited by a Chinese-nexus threat actor to compromise managed Fortinet devices across government and defense networks.
Microsoft's July Patch Tuesday fixes over 60 vulnerabilities including a critical Hyper-V guest-to-host escape being exploited by nation-state actors for cloud infrastructure attacks.
A critical signal handler race condition in OpenSSH server allows unauthenticated remote code execution on affected Linux systems, dubbed 'regreSSHion 2' as a follow-up to last year's CVE-2024-6387.
A critical authentication bypass in ASUS router firmware allows unauthenticated attackers to remotely take over affected routers, with botnets already scanning for and exploiting vulnerable devices.