Intelligence · Updated daily
AI-analysed threats, vulnerabilities and campaigns. Not just what happened — what it means, who's affected, and what to do about it.
A authentication bypass vulnerability in WP Maps Pro allows unauthenticated attackers to create administrative accounts on WordPress sites. Active exploitation is reported in the wild.
YAMCS yamcs-core 5.12.7 contains a user enumeration vulnerability allowing attackers to discover valid usernames through differential authentication responses. This information disclosure facilitates targeted account compromise and social engineering attacks.
YAMCS yamcs-core 5.12.7 lacks rate limiting controls on endpoints, enabling attackers to conduct brute-force attacks against authentication mechanisms and launch denial-of-service attacks. Defenders must implement protective controls at application and network layers.
A local privilege escalation flaw in the Linux kernel's CIFS implementation allows attackers to forge authentication key descriptions and exploit the kernel's key request mechanism to gain root access. The vulnerability affects multiple Linux distributions.
Coordinated attacks targeted Polish water treatment facilities, while Google has identified what appears to be the first AI-generated zero-day exploit. These incidents signal a shift toward both critical infrastructure targeting and AI-assisted vulnerability development.
Russian state intelligence is intensifying efforts to acquire restricted Western technology through front companies, procurement intermediaries, and cyber operations to circumvent sanctions and support strategic infrastructure capabilities. This represents a coordinated supply-chain espionage campaign rather than isolated incidents.
GREYVIBE, a previously unknown Russian-speaking threat actor, has been conducting persistent cyberattacks against Ukraine and Ukraine-related entities since August 2025, reportedly incorporating AI-powered capabilities. The campaign aligns with Kremlin state interests and represents a notable escalation in sophistication.
CVE-2026-0257, a medium-severity authentication bypass in Palo Alto Networks PAN-OS and Prisma Access GlobalProtect, is now under active exploitation in the wild. Attackers are using it to establish unauthorised VPN connections and breach corporate networks.
PraisonAI Platform exposes a chain of authorization bypasses allowing any authenticated user to read/modify/delete cross-tenant resources and escalate their own privileges to admin or owner, enabling complete workspace takeover with only open registration.
PraisonAI Platform defaults to a publicly-known JWT signing secret when environment variables are not explicitly configured, allowing attackers to forge authentication tokens and impersonate any user including admins. This vulnerability is trivially exploitable in any default deployment.
Any workspace member can unilaterally promote themselves or others to owner role via an unauthenticated authorization check in the PATCH /workspaces/{id}/members/{user_id} endpoint. This is a complete privilege escalation requiring only workspace membership and a single HTTP request.
ESET Research has published their quarterly APT activity analysis covering Q4 2025 through Q1 2026, documenting the operational patterns, targets, and tactics of selected advanced persistent threat groups. This comprehensive threat intelligence helps organisations understand the current threat landscape and adversary priorities.
SecurityWeek reports three concurrent security incidents: Trump Mobile customer data exposure, phishing attacks targeting FIFA World Cup 2026 attendees and stakeholders, and a supply chain attack wave that triggered official CISA intervention. Each represents a distinct threat pattern requiring different defensive responses.
Permiso Security disclosed a vulnerability in ChatGPT's web summary renderer that trusts Markdown links and images, allowing attackers to inject prompts and construct phishing attacks against users relying on the feature.
A researcher has published working proof-of-concept exploits for multiple Microsoft zero-day vulnerabilities on GitHub, prompting Microsoft to publicly dispute the justification for full disclosure. This escalates the ongoing tension between security researchers and vendors over responsible disclosure timelines.
Threat actors are abusing ChatGPT's legitimate content-sharing feature to host convincing fake OpenAI outage pages that redirect users to download malware masquerading as the official ChatGPT desktop client. This exploits user trust in OpenAI's infrastructure and takes advantage of the feature's legitimacy to bypass security filters.
Cisco Talos advocates moving beyond CVSS scoring for patch prioritisation, recommending EPSS (Exploit Prediction Scoring System) and GCVE (Google Chromium Vulnerability Evaluation) to focus remediation efforts on threats with genuine exploitation risk rather than severity alone.
Russia-linked threat actor GreyVibe is using generative AI tools like ChatGPT and Gemini to accelerate attack development and execution. This represents an operational shift toward AI-assisted scaling that defenders should anticipate becoming standard practice across sophisticated threat groups.
A critical remote code execution vulnerability in Gogs (CVSS 9.4) permits any authenticated user to execute arbitrary code on self-hosted Git service instances. This significantly lowers the barrier to exploitation since attackers only need valid credentials rather than unauthenticated access.
A Canadian offender received a 33-year sentence for years of child sexual exploitation material (CSEM) production via social media impersonation. The case exemplifies ongoing vulnerabilities in platform moderation and law enforcement's capacity to disrupt predatory networks at scale.
Anthropic has postponed releasing Mythos-class Claude models to the public following identification of security risks to both public and private software systems. The delay reflects growing tension between deploying advanced AI capabilities and managing their potential misuse.
Cisco Talos discovered four heap-based buffer overflow vulnerabilities in MediaArea's MediaInfoLib, a widely-used media metadata extraction library embedded in numerous applications. Exploitation could lead to remote code execution when processing malicious media files.
UK's cyberspying chief has characterised AI as an unstoppable force whilst warning of escalating Russian hostile activity in the grey zone below conventional warfare. The assessment reflects intelligence community concerns that AI amplifies state-sponsored cyber threat capabilities.
Two coordinated banking trojan campaigns deliver Grandoreiro malware to Windows systems and BTMOB RAT to Android devices across Spain, Portugal, Mexico, and Brazil. The targeting of financial institutions and mobile users suggests organised cybercriminal activity with cross-platform capabilities.
A Romanian national was sentenced to over 4 years after hacking Oregon's Office of Emergency Management systems. The case demonstrates both the vulnerability of state critical infrastructure and the increasing willingness of US authorities to pursue international extradition for cyber offences.