Intelligence · Updated daily

Security Intelligence

AI-analysed threats, vulnerabilities and campaigns. Not just what happened — what it means, who's affected, and what to do about it.

RSS feedCVE index632 entries

Vulnerabilities Malware Campaigns Supply Chain Policy Tools

Page 2 of 26

26–50 of 632

informationalPolicyEmerging

EU Tech Sovereignty Push: Regulatory Framework to Reduce US and Chinese Semiconductor Dependency

The EU has announced a legislative package comprising Chips Act 2.0, Cloud and AI Development Act, open-source strategy, and energy digitalisation roadmap aimed at reducing technological reliance on US and Chinese suppliers. This represents a strategic shift toward supply-chain resilience and domestic capability development.

6 June 2026Semiconductor industry, Cloud service providers, AI vendors +1

highSupply ChainActive

Polyfill CDN Compromise Enables Credential Theft on Toshiba and Muji Websites

Toshiba and Muji websites served malicious login prompts via a compromised polyfill library, enabling attackers to harvest user credentials from visitors. This represents a supply-chain attack exploiting third-party JavaScript dependencies.

6 June 2026Toshiba, Muji, Polyfill library users

criticalVulnerabilityActive

Unauthenticated Stored DOM XSS in AVideo YPTSocket Plugin via Broadcast Metadata

An unauthenticated attacker can inject malicious JavaScript into WebSocket broadcast messages that execute in the browsers of all connected administrators. The vulnerability stems from unsanitized query parameters being stored and propagated to authenticated users without validation.

5 June 2026WWBN/AVideo YPTSocket Plugin

criticalVulnerabilityActive

Supply Chain Compromise: Malicious @cap-js/openapi Package with Credential Harvesting

A compromised npm package (@cap-js/openapi v1.4.1) was published containing malicious code that harvests machine-local credentials and attempts self-propagation. Organizations must assume all credentials accessible during installation are compromised.

5 June 2026@cap-js/openapi@1.4.1

criticalVulnerabilityActive

MCP-for-Stata Command Injection via Unsanitized log_file_name Parameter

Unsanitized user input in the log_file_name parameter allows command injection into Stata execution contexts, enabling arbitrary code execution. This PoC demonstrates a critical trust boundary violation in parameter handling that bypasses existing security guards.

CVE-2026-47708

5 June 2026MCP-for-Stata

informationalPolicyResolved

Cisco Live Conference Coverage: Industry Networking Report Without Security Findings

Cisco Talos published a conference attendance report from Cisco Live U.S. focusing on networking opportunities, AI discussions, and attendee wellness rather than security research findings or threat intelligence.

5 June 2026

criticalVulnerabilityActive

Cisco SD-WAN zero-day exploitation pattern suggests systematic targeting or quality regression

Cisco disclosed CVE-2026-20245, a root-level remote code execution vulnerability in SD-WAN products currently exploited in the wild with no patch available. This marks the seventh SD-WAN zero-day from Cisco in 2026, indicating either a sustained adversarial campaign or significant product security deficiencies.

CVE-2026-20245

5 June 2026Cisco SD-WAN

highCampaignActive

PCPJack's 230-Server SMTP Relay Network Exposes Multi-Cloud Credential Compromise at Scale

The PCPJack threat actor has compromised approximately 230 servers across AWS, Google Cloud, and Azure to establish a covert SMTP relay network for sending spoofed or spam emails. The campaign reflects systemic credential theft and weak access controls across major cloud providers.

5 June 2026Amazon Web Services, Google Cloud Platform, Microsoft Azure

informationalPolicyEmerging

Palantir CTO nominated for CISA directorship signals shift toward commercial intelligence integration

Shyam Sankar, CTO of Palantir Technologies, is a leading candidate to head the US Cybersecurity and Infrastructure Security Agency. This reflects potential policy shifts toward closer collaboration between federal cybersecurity infrastructure and commercial data analytics platforms.

5 June 2026CISA, US federal cybersecurity infrastructure

informationalPolicyActive

Brave Origin launch signals market demand for privacy-first browsers without monetisation cruft

Brave Software has released Origin, a paid subscription browser that removes cryptocurrency rewards, AI features, and other monetisation mechanisms from the standard Brave browser. This reflects growing user frustration with feature bloat and signals a viable commercial model for stripped-down privacy tools.

5 June 2026Brave Software

highCampaignActive

Gamaredon-Turla Operational Collaboration Signals Rare FSB-Linked Espionage Coordination Against Ukraine

ESET researchers have documented direct operational cooperation between Gamaredon and Turla, two FSB-linked threat actors, with Gamaredon facilitating initial access for Turla against Ukrainian targets in 2025. This represents an unusual departure from typical competitive dynamics between state-sponsored groups and suggests coordinated Russian intelligence operations.

3 June 2026Ukrainian government entities, Critical infrastructure operators in Ukraine

informationalPolicyEmerging

U.S. Pre-Release AI Model Vetting Framework: Policy Signal for Supervised Deployment vs. Innovation Friction

The U.S. executive order establishes a federal vetting process allowing up to one month pre-release review of advanced AI models for national security risks before public deployment. This represents a significant shift toward regulatory oversight of frontier AI systems.

3 June 2026AI model developers, Large language model vendors, U.S. federal government agencies

highVulnerabilityActive

Android Framework Privilege Escalation Under Active Exploitation Signals Shift in Attack Surface

Google patched 124 Android vulnerabilities in June 2026, including CVE-2025-48595, a high-severity privilege escalation flaw in the Framework component already under active exploitation in targeted attacks. This represents an unauthenticated, interaction-free privilege escalation affecting a core system component.

CVE-2025-48595

3 June 2026Google Android

informationalPolicyActive

White House AI Executive Order Signals Federal Governance Framework with Security-First Data Access Controls

The White House has issued a pared-back executive order on AI that establishes confidentiality, cybersecurity, and intellectual property safeguards for federal access to AI models. This represents a policy shift toward managed risk rather than comprehensive regulation, with direct implications for how government agencies will interact with commercial and internal AI systems.

3 June 2026U.S. federal government agencies, AI model providers

informationalToolEmerging

Microsoft Coreutils for Windows: expanding cross-platform CLI tooling with security considerations

Microsoft released Coreutils for Windows at Build 2026, bringing native Linux command-line utilities to Windows. This development simplifies cross-platform development workflows but introduces new attack surface and dependency management concerns for Windows environments.

3 June 2026Microsoft Windows, developers using cross-platform tooling

highVulnerabilityActive

Vitest UI API Path Traversal via Improper URL Normalization on Windows

Vitest UI server on Windows fails to properly normalize file paths before security checks, allowing unauthenticated attackers to read arbitrary files via the `/__vitest_attachment__` endpoint when the server is network-exposed. This affects developers running Vitest in UI or Browser Mode on Windows systems.

CVE-2026-47429

2 June 2026vitest/vitest

criticalVulnerabilityActive

Privilege Escalation via Insufficient Authorization Check in Workspace Member Addition

PraisonAI Platform allows any workspace member to inject arbitrary users (including attacker-controlled accounts) as workspace owners by bypassing role-assignment authorization checks. This enables immediate privilege escalation and cross-tenant compromise within a workspace.

CVE-2026-47413

2 June 2026praisonai/praisonai-platform

highVulnerabilityActive

Meta's AI Support Bot Exploited to Bypass Instagram Account Security, High-Profile Accounts Compromised

Attackers discovered a method to manipulate Meta's AI support assistant into resetting Instagram account passwords without proper verification, leading to defacement of prominent accounts including those of the Obama White House and U.S. Space Force. Instructions circulated on Telegram, indicating active exploitation in the wild.

2 June 2026Meta Instagram, Meta AI Support Assistant

criticalVulnerabilityActive

Unauthenticated Admin Account Creation in WP Maps Pro Exposes Thousands of WordPress Installations

CVE-2026-8732 in WP Maps Pro allows unauthenticated attackers to create administrative accounts, granting complete control of affected WordPress sites. Active exploitation has been observed in the wild.

CVE-2026-8732

2 June 2026WP Maps Pro

mediumCampaignContained

Dashlane Brute-Force Attack Exposes Encrypted Vaults: 2FA Bypass Demonstrates Authentication Layer Risk

Dashlane disclosed a brute-force attack in May 2026 where threat actors bypassed 2FA on fewer than 20 personal subscription accounts and downloaded encrypted vaults. The incident highlights authentication vulnerabilities in password managers and raises questions about 2FA implementation robustness.

2 June 2026Dashlane Personal subscription plan

highPolicyActive

NVD Backlog Crisis Doubles in One Year: NIST's Vulnerability Database Losing Credibility

NIST's National Vulnerability Database has fallen critically behind in processing new vulnerabilities, with unprocessed items doubling from 13,000 to 27,000 between February 2024 and end of 2025, according to an inspector general report. This operational failure directly undermines the NVD's utility as the primary source of truth for vulnerability data across the security industry.

2 June 2026National Vulnerability Database (NVD), NIST, Security industry dependency on NVD

highCampaignActive

DriveSurge's Mass Website Hijacking Campaign Distributes ClickFix and FakeUpdate Malware

Threat actor DriveSurge has compromised thousands of websites to distribute ClickFix and FakeUpdate malware variants. The scale and persistence of this campaign indicates sophisticated compromised-site infrastructure being repurposed for high-volume malware distribution.

2 June 2026Third-party websites (thousands compromised), End users visiting compromised sites

informationalToolResolved

YARA-X 1.17.0 Maintenance Release: Performance Gains for Malware Detection Infrastructure

YARA-X, the modernised Rust implementation of the YARA malware detection language, reached version 1.17.0 with performance improvements and a single bugfix. This routine release reflects ongoing maintenance of a critical tool in the security analyst's arsenal.

1 June 2026YARA-X

highMalwareActive

Unknown threat actor distributes NetSupport RAT via secondary infection chain

A previously unidentified threat actor is distributing NetSupport RAT, a legitimate remote access tool repurposed for malicious purposes. This represents an active malware campaign using RAT tooling for post-compromise control.

1 June 2026NetSupport Manager

highMalwareResolved

17 Million-Device Botnet Dismantled by Dutch Authorities: Infrastructure Analysis and Takedown Mechanics

Dutch law enforcement and the NCSC successfully dismantled a botnet commanding at least 17 million infected devices across multiple platforms, with over 200 command-and-control servers operating from the Netherlands. This represents a significant disruption to a large-scale criminal infrastructure, though the source and purpose of the botnet remain unclear from available details.

1 June 2026computers, tablets, smartphones +1