Intelligence · Updated daily
AI-analysed threats, vulnerabilities and campaigns. Not just what happened — what it means, who's affected, and what to do about it.
Microsoft released fixes for 137 vulnerabilities spanning Azure, Windows, Dynamics 365, and Jira/Confluence SSO integrations. The breadth of affected platforms suggests defenders face a complex patching prioritisation challenge across multiple attack surfaces.
CVE-2026-45185 is a use-after-free vulnerability in Exim's BDAT command handling that affects GnuTLS-compiled builds, enabling memory corruption and potential code execution on mail servers. Given Exim's deployment across internet-facing mail infrastructure, this poses significant risk to email delivery chains.
Foxconn confirmed a cyberattack affecting multiple North American manufacturing facilities across six US states and Mexico, but has withheld specifics on scope and impact. The incident threatens critical supply chains for consumer electronics and automotive components.
The U.S. House Committee on Homeland Security has demanded testimony from Instructure executives regarding two separate cyberattacks by the ShinyHunters extortion group against Canvas, which exposed student data and disrupted educational institutions during critical exam periods.
Attackers exploited a pull_request_target misconfiguration combined with GitHub Actions cache poisoning and in-memory OIDC token extraction to publish 84 malicious npm package versions under a trusted publisher identity, delivering credential-harvesting malware at install time.
Google Threat Intelligence Group reports that adversaries have progressed from experimental AI use to industrial-scale deployment of generative models for vulnerability exploitation, reconnaissance, and initial access. This represents a qualitative shift in threat capability and operational maturity.
Frame Security, a security awareness and training platform, has emerged from stealth with $50M in funding from prominent venture firms. This reflects sustained investor interest in addressing human-centric security risks rather than purely technical vulnerabilities.
Threat actor TeamPCP compromised the Checkmarx Jenkins AST plugin on the Jenkins Marketplace, following their earlier attack on Checkmarx's KICS tool. Affected users must immediately downgrade to version 2.0.13-829.vc72453fa_1c16 or earlier to avoid potential system compromise.
Texas is suing Netflix for alleged unauthorised data collection and sharing practices, characterising the conduct as 'surveillance machinery'. The suit also seeks to restrict autoplay defaults on children's accounts, signalling regulatory focus on data practices and child safety.
General Motors agreed to a $12.75 million settlement with California over alleged CCPA violations stemming from the sale of driver data without proper consent. The case highlights how automotive manufacturers are monetising connected vehicle data as a revenue stream while often failing to obtain explicit consumer permission.
German police shut down a relaunched version of the Crimenetwork darknet marketplace and arrested its administrator. The operation demonstrates sustained law enforcement capability against criminal infrastructure despite repeated takedown and relaunch cycles.
YARA-X, the Rust-based malware analysis pattern matching engine, released version 1.16.0 with 4 improvements and 4 bug fixes. This is routine maintenance with no security implications identified.
A years-long phishing campaign has compromised over 500 organisations across aviation, energy, infrastructure, logistics, public administration, and technology sectors. The extended campaign duration and cross-sector targeting suggest either a sophisticated threat actor or multiple coordinated groups with sustained operational capability.
CVE-2026-7482, a critical out-of-bounds read flaw in Ollama, permits unauthenticated remote attackers to extract entire process memory from affected instances. With an estimated 300,000+ servers exposed globally, this represents immediate risk to organisations running unpatched deployments.
Attackers are running a malvertising campaign using Google Ads and Claude.ai shared chats to redirect users searching for Claude downloads to malware installers. The campaign exploits search engine placement and trusted service reputation to compromise macOS systems.
free5GC's NEF service exposes the nnef-pfdmanagement API without OAuth2 validation, allowing unauthenticated attackers to read sensitive PFD application data and manipulate subscriptions. This PoC confirms a deployment-wide authentication bypass in production-declared routes.
Snipe-IT versions ≤8.4.0 suffer from an authorization bypass in the file upload API endpoint that allows authenticated users with only 'view' permissions to upload arbitrary files, leading to remote code execution. Defenders must immediately patch or restrict API access.
Cybercriminals breached Canvas, a learning management system serving 9,000 educational institutions, and defaced login pages with ransom demands whilst threatening to leak records for 275 million students and faculty. The attack represents a supply-chain compromise of education infrastructure affecting operational continuity at scale.
SecurityWeek reports on three concurrent threat developments: a train system attacker's arrest, PamDOORa Linux backdoor discovery, and novel mobile malware abusing Windows Phone Link for OTP theft, alongside policy moves on patch cycle acceleration and espionage targeting drone manufacturers.
cPanel has released patches for three vulnerabilities including insufficient input validation in feature file handling and unspecified code execution issues. These affect a critical infrastructure component used by hosting providers and require immediate patching.
General Motors agreed to pay $12 million to California, marking the largest CCPA fine in over five years, for alleged privacy violations involving driver data. This settlement demonstrates regulatory willingness to impose substantial penalties on automotive manufacturers for data handling practices.
Attackers compromised the JDownloader website and replaced legitimate installers with malicious builds containing a Python-based remote access trojan, affecting both Windows and Linux users downloading from the official source.
A critical vulnerability in vm2 allows attackers to mutate host prototypes, enabling sandbox escapes. The PoC highlights the risk of untrusted code accessing and modifying core JavaScript objects.
The `module` builtin in NodeVM allows bypassing the built-in allowlist, enabling sandbox escape and remote code execution.
A critical sandbox escape vulnerability in vm2 allows attackers to execute arbitrary code directly on the host system, potentially compromising any Node.js application using vm2 for code isolation.