Intelligence · Updated daily
AI-analysed threats, vulnerabilities and campaigns. Not just what happened — what it means, who's affected, and what to do about it.
A logic flaw in Zebra's transaction processing allows remote attackers to crash nodes by sending crafted V5 transactions that pass network deserialization but fail during TxID computation. This PoC demonstrates unauthenticated network-level DoS impact on blockchain infrastructure.
OpenClaw gateway authentication allows paired devices to silently escalate privileges from operator.read to operator.admin during reconnect events without explicit approval, enabling node RCE. This demonstrates an implicit trust model vulnerability in local shared-auth flows.
A threat actor obtained unauthorised access to the European Commission's Amazon Web Services environment, triggering an ongoing investigation. The incident highlights how even well-resourced government bodies remain vulnerable to cloud misconfigurations and identity compromise.
Organisations are acquiring agentic GRC (Governance, Risk, Compliance) tools to automate workflows, but the transition is failing because teams remain operationally focused rather than adopting risk leadership mindsets required for the technology to deliver value.
Attackers are posting fake VS Code security alerts in GitHub project Discussions to trick developers into downloading malware. The campaign exploits trust in legitimate tooling warnings and the open nature of GitHub's collaboration features.
TeamPCP compromised the legitimate Telnyx package on PyPI and uploaded malicious versions that extract credential-stealing malware from embedded WAV files. This represents a direct attack on Python's package supply chain affecting any developer who installed the backdoored version.
CISA has added CVE-2025-53521, a remote code execution vulnerability in F5 BIG-IP, to its Known Exploited Vulnerabilities catalog following evidence of active exploitation. This represents an immediate threat to federal networks and critical infrastructure relying on BIG-IP for load balancing and application delivery.
Google has committed to migrating its infrastructure to post-quantum cryptography by 2029, signalling that the cryptographically-relevant quantum computer threat window is closing faster than many organisations anticipated. This accelerates industry pressure to inventory and remediate legacy systems before quantum capabilities render current encryption obsolete.
A new iOS exploit kit called Coruna reuses and updates kernel exploits originally deployed in Operation Triangulation three years ago, indicating that sophisticated threat actors are recycling proven attack code rather than developing entirely new exploits.
Multiple security vendors announced new products and features at RSAC 2026 (days 3-4), representing typical conference-cycle releases rather than responses to critical threats or novel attack patterns.
Bearlyfy, a pro-Ukrainian cyber group, has conducted 70+ attacks on Russian companies since January 2025 using a custom Windows ransomware called GenieLocker. The campaign targets Russian business infrastructure as part of broader geopolitical conflict.
The Alliance for Creativity and Entertainment shut down AnimePlay, a pirated anime streaming platform with 5 million users, through coordinated enforcement action. This represents continued success in disrupting consumer-facing piracy infrastructure but raises questions about replacement rate and user migration patterns.
Three security flaws in LangChain and LangGraph frameworks allow attackers to read filesystem data, extract environment variables containing secrets, and access conversation histories. These widely-adopted LLM frameworks put thousands of dependent applications at risk.
Dutch National Police experienced a successful phishing attack leading to a security breach with limited scope and no impact on citizen data. The incident highlights the persistence of credential-harvesting campaigns against high-value targets despite security awareness programmes.
Microsoft released KB5079391 with improvements to Smart App Control, a machine learning-based application allowlisting feature in Windows 11. This represents iterative hardening of Windows' application execution controls rather than a critical security fix.
CVE-2026-33863 exposes two prototype pollution paths in node-convict's config loading and schema initialization that allow attackers to pollute Object.prototype through untrusted JSON/schema data, potentially enabling authentication bypass or RCE.
Convict 6.2.4 contains a prototype pollution flaw where attackers can override String.prototype.startsWith to bypass validation checks, enabling Object.prototype contamination. The PoC demonstrates that previous mitigation attempts are insufficient and defenders must implement input validation at multiple layers.
A privilege escalation flaw in OpenClaw's device.pair.approve method allowed operators with pairing-level permissions to approve device requests with elevated operator scopes they don't possess, enabling unauthorized administrative access.
CISA has confirmed active exploitation of CVE-2026-33017 in Langflow, a framework for building AI agent workflows. Attackers are hijacking AI pipelines, likely to poison outputs or exfiltrate training data integrated into these systems.
Attackers exploited unpatched vulnerabilities in Ajax Amsterdam's IT infrastructure to access fan data and enable ticket hijacking. The incident highlights how sporting organisations remain attractive targets for financially motivated threat actors.
A hidden function in WAGO industrial managed switches allows unauthenticated remote attackers to escape the restricted CLI interface and achieve complete device compromise across six hardware models. This represents a critical supply chain risk for industrial control systems.
OpenCode Systems OC Messaging and USSD Gateway versions 6.32.2 contain an insecure direct object reference (IDOR) vulnerability allowing authenticated users to access SMS messages from other tenants by manipulating company or tenant identifiers. This affects multi-tenant deployments handling sensitive communications.
CVE-2026-4681 allows remote code execution in PTC Windchill Product Lifecycle Management across versions 11.0 through 13.1.3.0. This impacts organisations managing product designs and intellectual property across manufacturing, aerospace, and defence sectors.
Dell and HP have announced quantum-resistant security features integrated into their PC and printer products ahead of NIST's finalised post-quantum cryptography standards. This represents early industry adoption to address the theoretical but long-term threat of cryptanalytically relevant quantum computers.
Hambardzum Minasyan, an Armenian national allegedly involved in developing and administering the RedLine infostealer, has been extradited to the United States. This arrest represents a significant enforcement action against a malware-as-a-service operation that has compromised thousands of organisations globally.