Intelligence · Updated daily
AI-analysed threats, vulnerabilities and campaigns. Not just what happened — what it means, who's affected, and what to do about it.
A critical remote code execution vulnerability in Apache Tomcat allows attackers to upload and execute arbitrary code via partial PUT requests, with active exploitation observed within 30 hours of disclosure.
A supply chain attack targeting the popular tj-actions/changed-files GitHub Action compromised CI/CD secrets across thousands of repositories by injecting malicious code that exfiltrated secrets to workflow logs.
FBI, CISA, and MS-ISAC warn that the Medusa ransomware-as-a-service operation has impacted over 300 organizations across critical infrastructure sectors since 2021.
Microsoft's March 2025 Patch Tuesday is one of the most critical in recent memory, fixing six actively exploited zero-day vulnerabilities across NTFS, the Win32 kernel subsystem, and Microsoft Management Console.
Three VMware zero-day vulnerabilities in ESXi, Workstation, and Fusion are being actively exploited, enabling attackers to escape virtual machines and compromise hypervisors.
French telecommunications giant Orange confirmed a data breach after a threat actor leaked thousands of internal documents, source code, and customer records from the company's Romanian branch.
Cryptocurrency exchange Bybit lost approximately $1.5 billion in Ethereum from a cold wallet, in what is believed to be the largest cryptocurrency theft in history, attributed to North Korean state-sponsored hackers.
A joint advisory warns that the Ghost (Cring) ransomware group, operating from China, has compromised organizations across 70 countries by exploiting known vulnerabilities in internet-facing services.
A SQL injection zero-day in PostgreSQL's interactive tool was exploited alongside the BeyondTrust Remote Support zero-day to compromise US Treasury Department systems.
A critical authentication bypass in Palo Alto Networks PAN-OS management interface is being chained with other vulnerabilities to achieve remote code execution on firewalls.
Microsoft's February 2025 Patch Tuesday addresses over 55 vulnerabilities including multiple zero-days under active exploitation in Windows, with critical flaws in NTLMv2 and LDAP.
Google's February Android security update patches an actively exploited Linux kernel USB-video class vulnerability that enabled privilege escalation on Android devices.
Cisco has released patches for multiple critical vulnerabilities in Identity Services Engine that could allow authenticated attackers to execute arbitrary commands as root.
Threat actors are actively exploiting command injection vulnerabilities in Zyxel CPE series devices, with no patches available from the vendor for affected end-of-life products.
Critical vulnerabilities in SimpleHelp remote monitoring and management software are being exploited by threat actors to gain unauthorized access to managed client networks.
The rapid rise of Chinese AI lab DeepSeek's open-source models has sparked significant security and data privacy concerns, with researchers identifying exposed databases and questionable data handling practices.
Apple released emergency security updates to fix a zero-day vulnerability in the CoreMedia framework that was being actively exploited against devices running older iOS versions.
CISA and FBI publish joint guidance urging software manufacturers to adopt memory-safe programming languages and practices to eliminate buffer overflow vulnerabilities at their source.
A Mirai botnet variant is actively scanning for and compromising Juniper SSR routers that still use factory-default credentials, incorporating them into DDoS infrastructure.
CISA has issued an emergency directive ordering federal agencies to mitigate Ivanti Connect Secure vulnerabilities amid widespread exploitation by nation-state actors.
Education technology giant PowerSchool suffered a major data breach exposing personal information of students and staff across numerous K-12 school districts in North America.
Microsoft's January 2025 Patch Tuesday addresses 159 vulnerabilities including eight zero-days, three of which are under active exploitation in Windows Hyper-V and Windows components.
A critical authentication bypass in FortiOS and FortiProxy is being actively exploited, allowing remote attackers to gain super-admin privileges on affected firewalls.
Multiple critical vulnerabilities in Moxa industrial networking devices could allow attackers to gain root access to OT and ICS infrastructure.
A critical zero-day vulnerability in Ivanti Connect Secure VPN appliances is being actively exploited by threat actors to gain unauthenticated remote code execution.