Intelligence · Updated daily
AI-analysed threats, vulnerabilities and campaigns. Not just what happened — what it means, who's affected, and what to do about it.
Cryptocurrency exchange Bybit lost approximately $1.5 billion in Ethereum from a cold wallet, in what is believed to be the largest cryptocurrency theft in history, attributed to North Korean state-sponsored hackers.
A joint advisory warns that the Ghost (Cring) ransomware group, operating from China, has compromised organizations across 70 countries by exploiting known vulnerabilities in internet-facing services.
A SQL injection zero-day in PostgreSQL's interactive tool was exploited alongside the BeyondTrust Remote Support zero-day to compromise US Treasury Department systems.
A critical authentication bypass in Palo Alto Networks PAN-OS management interface is being chained with other vulnerabilities to achieve remote code execution on firewalls.
Microsoft's February 2025 Patch Tuesday addresses over 55 vulnerabilities including multiple zero-days under active exploitation in Windows, with critical flaws in NTLMv2 and LDAP.
Google's February Android security update patches an actively exploited Linux kernel USB-video class vulnerability that enabled privilege escalation on Android devices.
Cisco has released patches for multiple critical vulnerabilities in Identity Services Engine that could allow authenticated attackers to execute arbitrary commands as root.
Threat actors are actively exploiting command injection vulnerabilities in Zyxel CPE series devices, with no patches available from the vendor for affected end-of-life products.
Critical vulnerabilities in SimpleHelp remote monitoring and management software are being exploited by threat actors to gain unauthorized access to managed client networks.
The rapid rise of Chinese AI lab DeepSeek's open-source models has sparked significant security and data privacy concerns, with researchers identifying exposed databases and questionable data handling practices.
Apple released emergency security updates to fix a zero-day vulnerability in the CoreMedia framework that was being actively exploited against devices running older iOS versions.
CISA and FBI publish joint guidance urging software manufacturers to adopt memory-safe programming languages and practices to eliminate buffer overflow vulnerabilities at their source.
A Mirai botnet variant is actively scanning for and compromising Juniper SSR routers that still use factory-default credentials, incorporating them into DDoS infrastructure.
CISA has issued an emergency directive ordering federal agencies to mitigate Ivanti Connect Secure vulnerabilities amid widespread exploitation by nation-state actors.
Education technology giant PowerSchool suffered a major data breach exposing personal information of students and staff across numerous K-12 school districts in North America.
Microsoft's January 2025 Patch Tuesday addresses 159 vulnerabilities including eight zero-days, three of which are under active exploitation in Windows Hyper-V and Windows components.
A critical authentication bypass in FortiOS and FortiProxy is being actively exploited, allowing remote attackers to gain super-admin privileges on affected firewalls.
Multiple critical vulnerabilities in Moxa industrial networking devices could allow attackers to gain root access to OT and ICS infrastructure.
A critical zero-day vulnerability in Ivanti Connect Secure VPN appliances is being actively exploited by threat actors to gain unauthenticated remote code execution.
Google is introducing the Text Fragment feature in Chrome's PDF reader, allowing users to share specific parts of long PDFs more easily. This could potentially lead to improved collaboration but may also introduce new attack vectors if not properly secured.
A vulnerability in Nuclei, an open-source vulnerability scanner, allowed attackers to bypass signature verification and execute malicious code via templates on local systems.
Tenable's buggy differential plugin updates caused global outages of Nessus vulnerability scanner agents, requiring manual upgrades for revival.
Chinese state-backed hackers breached the Office of Foreign Assets Control (OFAC), potentially gaining access to sensitive sanctions-related data.
The Brain Cipher ransomware gang has begun leaking data stolen from Rhode Island's RIBridges social services platform, highlighting the risks of unpatched vulnerabilities and inadequate security measures.
A new attack technique, DoubleClickjacking, exploits double-clicks to bypass existing clickjacking protections and hijack user accounts. This poses a significant risk as it can be used to authorize sensitive actions without users' knowledge.