Intelligence · Updated daily

Security Intelligence

AI-analysed threats, vulnerabilities and campaigns. Not just what happened — what it means, who's affected, and what to do about it.

RSS feedCVE index632 entries

Vulnerabilities Malware Campaigns Supply Chain Policy Tools

Page 17 of 26

401–425 of 632

highVulnerabilityEmerging

Schneider Electric DCE Hard-Coded Credentials Enable Authenticated RCE in Critical Infrastructure Monitoring

Schneider Electric's EcoStruxure Data Center Expert contains hard-coded credentials that, combined with an optional SOCKS proxy feature, allow authenticated attackers to compromise the monitoring platform. This threatens visibility and control of critical data center infrastructure.

18 March 2026Schneider Electric EcoStruxure IT Data Center Expert ≤9.0, Schneider Electric EcoStruxure IT Data Center Expert 9.1

highVulnerabilityActive

Siemens SICAM SIAPP SDK Misuse Vulnerabilities Enable Data Corruption and DoS in Industrial Control Applications

Siemens SICAM SIAPP SDK versions below 2.1.7 contain multiple vulnerabilities exploitable through improper API usage or missing hardening, risking denial of service, data corruption, and simulation environment compromise in customer-developed SIAPP applications.

18 March 2026Siemens SICAM SIAPP SDK <2.1.7

criticalVulnerabilityActive

Privilege Escalation via Unsafe Default Permission Application in User Signup

Unauthenticated users can register as administrators when self-signup is enabled and default permissions include admin privileges. The signup handler blindly applies all defaults without stripping elevated permissions.

CVE-2026-32760

17 March 2026File-Browser

criticalVulnerabilityActive

SiYuan Authorization Bypass: Unauthenticated SQL Execution via Inconsistent Middleware Chain

The `/api/search/fullTextSearchBlock` endpoint in SiYuan v3.6.0 bypasses role-based access controls present on other SQL endpoints, allowing any authenticated user (including read-only roles) to execute arbitrary SQL. This PoC proves the middleware chain inconsistency is exploitable in production deployments.

CVE-2026-32767

17 March 2026SiYuan/SiYuan (<= 3.6.0)

criticalVulnerabilityActive

Admidio Authorization and CSRF Bypass on Document Deletion

Admidio's documents-files module fails to enforce DELETE authorization and CSRF protection, allowing unauthenticated users to permanently destroy document libraries when public access is enabled, or allowing authenticated read-only users to delete content they cannot modify.

17 March 2026Admidio/admidio

criticalPolicyActive

Microsoft Exchange Online servicewide outage reveals continued reliability concerns in critical communication infrastructure

Microsoft Exchange Online experienced a widespread outage blocking mailbox and calendar access for customers globally. This incident underscores the operational risks of cloud-based email dependencies and the cascading business impact when a single provider experiences infrastructure failures.

17 March 2026Microsoft Exchange Online, Microsoft 365 subscribers

criticalVulnerabilityContained

UK Companies House Registry Breach: 4-Month Data Exposure Through WebFiling Service

Companies House, the UK's official business registry, suffered a security flaw in its WebFiling service that exposed sensitive business information for approximately 4 months (October 2025 - present). The breach affected a government-critical infrastructure system handling registration data for all UK companies.

17 March 2026Companies House WebFiling Service, UK Companies House

criticalVulnerabilityActive

Wing FTP Server Authentication Bypass Enables Active RCE Campaign Against Federal Infrastructure

CISA confirmed that a Wing FTP Server vulnerability is being actively exploited in attacks against U.S. government agencies, with potential for chaining into remote code execution. This represents an immediate threat to federal infrastructure and requires urgent patching.

17 March 2026Wing FTP Server

criticalCampaignContained

Destructive Microsoft Entra-based attack on Stryker demonstrates cloud identity compromise as primary attack vector for device-level destruction

Stryker suffered a destructive cyberattack that remotely wiped tens of thousands of employee devices through compromised Microsoft cloud credentials, requiring no malware payload and leveraging legitimate administrative access to cloud infrastructure.

17 March 2026Stryker Corporation, Microsoft Entra (Azure AD), Intune or similar MDM platforms

mediumVulnerabilityActive

Wing FTP Information Disclosure Added to KEV Catalog - Active Exploitation Ongoing

CISA added CVE-2025-47813, a medium-severity information disclosure flaw in Wing FTP Server, to its Known Exploited Vulnerabilities catalog due to evidence of active exploitation. The vulnerability leaks application installation paths under certain conditions, enabling reconnaissance for follow-on attacks.

CVE-2025-47813

17 March 2026Wing FTP Server

highCampaignActive

Loblaw Customer Data Breach Reveals PII Exposure at Major Canadian Retailer

Hackers accessed personal information including names, email addresses, and phone numbers from Loblaw, one of Canada's largest retailers. This exposure affects a potentially massive customer base and creates significant identity theft and phishing risks.

16 March 2026Loblaw Companies Limited

informationalPolicyEmerging

Android 17 Accessibility API Restrictions: Proactive Defense Against Malware Abuse of System Privileges

Google is implementing API restrictions in Android 17 to prevent non-accessibility apps from abusing the accessibility services API, a common malware technique for achieving privileged operations without proper permissions. This is a preventive security hardening measure rather than a response to active exploitation.

16 March 2026Android 17, Android Advanced Protection Mode (AAPM)

informationalToolEmerging

Betterleaks emerges as community-driven alternative to Gitleaks for secrets detection

Betterleaks, a new open-source secrets scanner, offers an alternative to Gitleaks for identifying hardcoded credentials in code repositories and files. This reflects ongoing community demand for robust secret detection tooling in DevSecOps pipelines.

16 March 2026Development teams using git repositories, Organizations relying on secrets scanning, DevSecOps practitioners

mediumPolicyActive

ChatGPT Ad Rollout Geofenced to US - Potential Monetization Security and Privacy Implications

OpenAI is rolling out advertisements on ChatGPT's free and Plus tiers, initially limited to US users, with privacy policy updates creating confusion about global deployment timelines. This monetization shift introduces new attack surface for ad injection and data harvesting concerns.

16 March 2026OpenAI ChatGPT (Free tier), OpenAI ChatGPT (Plus tier)

criticalVulnerabilityEmerging

HPE AOS-CX Unauthenticated Admin Password Reset Vulnerability Exposes Network Infrastructure

A critical unauthenticated vulnerability in HPE AOS-CX switches allows remote attackers to reset admin credentials without any authentication, providing immediate device takeover capability. This impacts network infrastructure security across enterprise environments.

15 March 2026HPE AOS-CX (networking switches)

criticalSupply ChainActive

GlassWorm Supply-Chain Escalation: Transitive Dependency Injection via Open VSX Registry

GlassWorm threat actors are exploiting extensionPack and extensionDependencies features in Open VSX to achieve transitive malware propagation across 72+ extensions, significantly improving attack efficiency and evading detection. This represents a watershed moment in IDE-based supply-chain attacks targeting developer environments.

15 March 2026Open VSX Registry, Visual Studio Code Community, Open VSX Extension Developers +1

highVulnerabilityEmerging

OpenClaw AI Agent Default Configuration Weaknesses Create Systemic Prompt Injection and Data Exfiltration Risk

China's CNCERT warned that OpenClaw's weak default security configurations enable prompt injection attacks and potential data exfiltration. This affects organizations deploying the self-hosted AI agent without hardening baseline security controls.

15 March 2026OpenClaw (formerly Clawdbot, Moltbot)

criticalSupply ChainContained

AppsFlyer SDK Supply-Chain Compromise: Malicious JavaScript Injected at Distribution Point

AppsFlyer's Web SDK was compromised and served malicious JavaScript designed to steal cryptocurrency from end-users. This supply-chain attack affected all downstream applications integrating the SDK until remediation.

15 March 2026AppsFlyer Web SDK, Applications using AppsFlyer Web SDK

criticalVulnerabilityActive

Microsoft patches critical RRAS RCE in Windows 11 Enterprise via emergency hotpatch mechanism

Microsoft released an out-of-band hotpatch to remediate a remote code execution vulnerability in Routing and Remote Access Service (RRAS) affecting Windows 11 Enterprise devices. This emergency deployment indicates active exploitation risk and bypasses the standard monthly patch cycle.

15 March 2026Windows 11 Enterprise

criticalVulnerabilityActive

JWT Signature Verification Order-of-Operations Flaw Enables Unauthenticated SSRF in Centrifugo

Centrifugo performs JWT claim extraction and dynamic URL interpolation before cryptographic signature verification, allowing unauthenticated attackers to trigger SSRF requests to arbitrary destinations via crafted JWT claims.

CVE-2026-32301

14 March 2026Centrifugo

criticalVulnerabilityActive

Apollo Federation Prototype Pollution via Incomplete Key Sanitization

Apollo Federation gateway fails to properly sanitize field aliases and variable names, allowing prototype pollution of Object.prototype. Successful exploitation persists across subsequent requests, potentially enabling privilege escalation and data integrity violations.

CVE-2026-32621

14 March 2026apollo/federation-internals, apollo/gateway, apollo/query-planner

highVulnerabilityActive

OpenClaw WebSocket Scope Elevation: Shared-Auth Authorization Bypass

A logic flaw in OpenClaw's WebSocket authentication path allows shared-secret clients to self-declare elevated scopes (e.g., operator.admin) without server-side validation, enabling unauthorized admin operations. Defenders must patch immediately and audit existing shared-auth connections.

GHSA-rqpp-rjj8-7wv8

14 March 2026openclaw <= 2026.3.11

highPolicyActive

Hypervisor Migration Security Risks: Data Protection Gap During VMware Transitions

Organizations migrating from VMware to alternative hypervisors face elevated data security and recovery risks during transition periods. Verified backups and cross-platform recovery capabilities are critical to prevent data loss and maintain business continuity.

14 March 2026VMware, Virtual Infrastructure, Enterprise Data Centers

highToolActive

Classic Outlook Sync Failures Signal Broader Email Infrastructure Instability

Microsoft is investigating widespread synchronization and connection failures in classic Outlook desktop client, affecting email delivery and user productivity across enterprise deployments.

14 March 2026Microsoft Outlook (Classic Desktop Client)

highCampaignContained

Opportunistic Probing of Critical Infrastructure: Poland's Nuclear Research Centre Targeted in Broader Campaign

Poland's National Centre for Nuclear Research (NCBJ) was targeted by cyberattackers who attempted to compromise its IT infrastructure, but intrusion detection systems successfully identified and blocked the attack before any material impact occurred. This incident underscores persistent adversarial interest in critical infrastructure sectors, particularly those with strategic national importance.

14 March 2026National Centre for Nuclear Research (NCBJ), Polish Critical Infrastructure