Intelligence · Updated daily
AI-analysed threats, vulnerabilities and campaigns. Not just what happened — what it means, who's affected, and what to do about it.
A critical vulnerability in the Erlang/OTP SSH library allows unauthenticated remote code execution with a perfect CVSS 10.0 score, affecting any application using the built-in SSH server.
The imageboard 4chan was breached and taken offline after attackers exploited an outdated PHP installation, leaking source code, moderator information, and internal tools.
Microsoft's April 2025 Patch Tuesday addresses a Windows Common Log File System zero-day being actively exploited by the RansomEXX ransomware group for privilege escalation.
Threat actors maintained persistent read-only access to Fortinet FortiGate devices through symlinks in the SSL-VPN language files, surviving firmware updates and patches applied by defenders.
A critical authentication bypass in CrushFTP allows unauthenticated attackers to access administrative functions through crafted HTTP requests, with exploitation already observed in the wild.
Four critical vulnerabilities in the Kubernetes ingress-nginx controller, collectively dubbed IngressNightmare, could allow unauthenticated attackers to take over Kubernetes clusters hosting 40% of cloud workloads.
A critical authorization bypass vulnerability in the Next.js framework allows attackers to skip middleware-based security checks by manipulating request headers, potentially affecting millions of web applications.
A critical remote code execution vulnerability in Apache Tomcat allows attackers to upload and execute arbitrary code via partial PUT requests, with active exploitation observed within 30 hours of disclosure.
A supply chain attack targeting the popular tj-actions/changed-files GitHub Action compromised CI/CD secrets across thousands of repositories by injecting malicious code that exfiltrated secrets to workflow logs.
FBI, CISA, and MS-ISAC warn that the Medusa ransomware-as-a-service operation has impacted over 300 organizations across critical infrastructure sectors since 2021.
Microsoft's March 2025 Patch Tuesday is one of the most critical in recent memory, fixing six actively exploited zero-day vulnerabilities across NTFS, the Win32 kernel subsystem, and Microsoft Management Console.
Three VMware zero-day vulnerabilities in ESXi, Workstation, and Fusion are being actively exploited, enabling attackers to escape virtual machines and compromise hypervisors.
French telecommunications giant Orange confirmed a data breach after a threat actor leaked thousands of internal documents, source code, and customer records from the company's Romanian branch.
Cryptocurrency exchange Bybit lost approximately $1.5 billion in Ethereum from a cold wallet, in what is believed to be the largest cryptocurrency theft in history, attributed to North Korean state-sponsored hackers.
A joint advisory warns that the Ghost (Cring) ransomware group, operating from China, has compromised organizations across 70 countries by exploiting known vulnerabilities in internet-facing services.
A SQL injection zero-day in PostgreSQL's interactive tool was exploited alongside the BeyondTrust Remote Support zero-day to compromise US Treasury Department systems.
A critical authentication bypass in Palo Alto Networks PAN-OS management interface is being chained with other vulnerabilities to achieve remote code execution on firewalls.
Microsoft's February 2025 Patch Tuesday addresses over 55 vulnerabilities including multiple zero-days under active exploitation in Windows, with critical flaws in NTLMv2 and LDAP.
Google's February Android security update patches an actively exploited Linux kernel USB-video class vulnerability that enabled privilege escalation on Android devices.
Cisco has released patches for multiple critical vulnerabilities in Identity Services Engine that could allow authenticated attackers to execute arbitrary commands as root.
Threat actors are actively exploiting command injection vulnerabilities in Zyxel CPE series devices, with no patches available from the vendor for affected end-of-life products.
Critical vulnerabilities in SimpleHelp remote monitoring and management software are being exploited by threat actors to gain unauthorized access to managed client networks.
The rapid rise of Chinese AI lab DeepSeek's open-source models has sparked significant security and data privacy concerns, with researchers identifying exposed databases and questionable data handling practices.
Apple released emergency security updates to fix a zero-day vulnerability in the CoreMedia framework that was being actively exploited against devices running older iOS versions.
CISA and FBI publish joint guidance urging software manufacturers to adopt memory-safe programming languages and practices to eliminate buffer overflow vulnerabilities at their source.