Intelligence · Updated daily
AI-analysed threats, vulnerabilities and campaigns. Not just what happened — what it means, who's affected, and what to do about it.
Cisco disclosed a critical authentication bypass in IOS XE Web UI affecting thousands of enterprise network devices, with mass exploitation and web shell deployment observed within 48 hours of disclosure.
Microsoft's September Patch Tuesday patches a wormable remote code execution vulnerability in the Windows TCP/IP stack along with two actively exploited privilege escalation zero-days.
PyPI now requires all newly published packages to include build provenance attestations using Sigstore, marking a major milestone in supply chain security for the Python ecosystem.
A critical vulnerability in GitLab CE/EE allows attackers to hijack any account by manipulating the password reset flow, with exploitation already observed targeting internet-facing instances.
US intelligence agencies released a joint advisory warning that Chinese state-sponsored group Volt Typhoon has expanded pre-positioning operations to water treatment facilities, maintaining persistent access for potential disruptive attacks.
A supply chain attack targeting a widely-used npm package injected cryptocurrency-stealing malware, affecting over 12 million weekly downloads before detection.
Microsoft's August Patch Tuesday addresses over 80 vulnerabilities with six confirmed actively exploited zero-days spanning Windows kernel, Office, and the SmartScreen security feature.
A critical stack-based buffer overflow in SonicWall SMA 100 series appliances allows unauthenticated remote code execution, with multiple ransomware affiliates exploiting it as an initial access vector.
Google Cloud began enforcing mandatory multi-factor authentication for all user accounts, completing a phased rollout that started in late 2024 and affecting millions of cloud platform users worldwide.
Apple released emergency security updates across iOS, iPadOS, and macOS to fix two WebKit zero-day vulnerabilities actively exploited in sophisticated spyware attacks targeting journalists and activists.
A major US health insurance provider confirmed a data breach affecting approximately 15 million current and former members, with stolen data including Social Security numbers, medical records, and financial information.
A critical unauthenticated RCE vulnerability in FortiManager is being exploited by a Chinese-nexus threat actor to compromise managed Fortinet devices across government and defense networks.
Microsoft's July Patch Tuesday fixes over 60 vulnerabilities including a critical Hyper-V guest-to-host escape being exploited by nation-state actors for cloud infrastructure attacks.
A critical signal handler race condition in OpenSSH server allows unauthenticated remote code execution on affected Linux systems, dubbed 'regreSSHion 2' as a follow-up to last year's CVE-2024-6387.
A critical authentication bypass in ASUS router firmware allows unauthenticated attackers to remotely take over affected routers, with botnets already scanning for and exploiting vulnerable devices.
A critical heap overflow vulnerability in VMware ESXi allows an attacker with local admin privileges on a guest VM to escape the sandbox and execute code on the hypervisor host.
CISA and NSA published joint guidance addressing security risks of AI system deployment in critical infrastructure, covering supply chain, model integrity, and adversarial attack mitigations.
A new critical SQL injection vulnerability in MOVEit Transfer is being exploited by the Cl0p ransomware group, echoing the devastating 2023 campaign that compromised thousands of organizations worldwide.
Microsoft's June Patch Tuesday addresses over 50 vulnerabilities including a Windows kernel privilege escalation flaw being exploited in the wild by advanced threat actors.
A critical OGNL injection vulnerability in Atlassian Confluence Server and Data Center allows unauthenticated remote code execution, with ransomware groups actively exploiting unpatched instances.
The US Department of Justice announced federal charges against additional members of the Scattered Spider cybercriminal group responsible for high-profile social engineering attacks against major US corporations.
Google released an emergency Chrome update fixing a high-severity type confusion vulnerability in V8 that was being exploited in targeted attacks against users in the wild.
Coinbase revealed that threat actors bribed overseas customer support contractors to exfiltrate personal data of roughly 1% of monthly transacting users, then demanded a $20 million ransom.
Two vulnerabilities in Ivanti Endpoint Manager Mobile can be chained to achieve unauthenticated remote code execution, with active exploitation targeting government and critical infrastructure organizations.
Microsoft's May 2025 Patch Tuesday addresses over 70 vulnerabilities including five zero-days under active exploitation across Windows kernel, scripting engine, and DWM components.