Intelligence · Updated daily
AI-analysed threats, vulnerabilities and campaigns. Not just what happened — what it means, who's affected, and what to do about it.
A ransomware attack forced one of the largest US school districts to cancel classes and revert to offline operations, exposing student and staff personal data and highlighting the continued targeting of education.
The first Patch Tuesday of 2026 addresses a record eight actively exploited zero-day vulnerabilities spanning Hyper-V, Office, Windows kernel, and the Microsoft Access database engine.
A critical improper authentication vulnerability in SonicWall SonicOS SSLVPN allows unauthenticated attackers to hijack active VPN sessions, with exploitation observed against government and enterprise targets.
A new critical authentication bypass in Fortinet FortiOS allows unauthenticated attackers to gain super-admin privileges on FortiGate firewalls, with mass exploitation already underway targeting internet-exposed management interfaces.
A critical vulnerability in Apache Commons Text string interpolation is being mass-exploited at year's end, with attackers deploying cryptominers and ransomware through the widely-embedded Java library.
NIST released final guidelines for organizations to transition from classical to post-quantum cryptographic algorithms, establishing timelines and priorities for migration across different use cases.
A misconfigured identity management update at a major cloud provider caused a cascading multi-region outage lasting over 12 hours, affecting thousands of businesses and highlighting cloud concentration risk.
The final Patch Tuesday of 2025 addresses over 70 vulnerabilities including a critical Windows LDAP remote code execution flaw and an actively exploited Windows kernel zero-day.
Another critical zero-day in Ivanti Connect Secure VPN appliances is being mass-exploited to deploy custom malware, with CISA issuing an emergency directive requiring federal agencies to disconnect affected devices.
Google open-sourced an AI-powered fuzzing platform that has already discovered over 300 vulnerabilities in critical open-source software, offering automated vulnerability discovery capabilities to the broader security community.
A critical OGNL injection vulnerability in Apache Struts allows unauthenticated remote code execution, with exploitation observed within days of the advisory publication.
US intelligence agencies revealed that the Chinese state-sponsored Salt Typhoon campaign has expanded beyond the initially reported telecom carriers, with evidence of persistent access in additional US and allied nation telecommunications networks.
Microsoft's November Patch Tuesday addresses a critical Exchange Server vulnerability being exploited by a nation-state group to access email communications, along with three other actively exploited flaws.
A critical zero-day vulnerability in Citrix NetScaler ADC and Gateway allows unauthenticated remote code execution, with threat actors injecting credential-harvesting JavaScript into login pages.
The EU Cyber Resilience Act's vulnerability reporting obligations take effect, requiring manufacturers of products with digital elements to report actively exploited vulnerabilities within 24 hours.
A critical vulnerability in Kubernetes kubelet allows attackers to escape container boundaries through crafted volume mount operations, potentially compromising the underlying node and all co-located containers.
Microsoft's October Patch Tuesday addresses a critical Remote Desktop Protocol vulnerability being exploited to gain initial access to enterprise networks without valid credentials.
An expanded international law enforcement operation seized remaining LockBit ransomware infrastructure, arrested additional administrators, and released decryption keys benefiting thousands of victims.
Multiple critical vulnerabilities in Palo Alto Networks Expedition migration tool allow unauthenticated attackers to access firewall configuration files, credentials, and API keys stored in the tool's database.
A critical deserialization vulnerability in Veeam Backup & Replication allows unauthenticated attackers to gain remote code execution, with ransomware groups actively targeting backup infrastructure.
A ransomware attack forced a major US hospital network to divert ambulances and revert to paper records across multiple facilities, the largest healthcare disruption since the Change Healthcare incident.
Cisco disclosed a critical authentication bypass in IOS XE Web UI affecting thousands of enterprise network devices, with mass exploitation and web shell deployment observed within 48 hours of disclosure.
Microsoft's September Patch Tuesday patches a wormable remote code execution vulnerability in the Windows TCP/IP stack along with two actively exploited privilege escalation zero-days.
PyPI now requires all newly published packages to include build provenance attestations using Sigstore, marking a major milestone in supply chain security for the Python ecosystem.
A critical vulnerability in GitLab CE/EE allows attackers to hijack any account by manipulating the password reset flow, with exploitation already observed targeting internet-facing instances.