Intelligence · Updated daily

Security Intelligence

AI-analysed threats, vulnerabilities and campaigns. Not just what happened — what it means, who's affected, and what to do about it.

RSS feedCVE index403 entries

Vulnerabilities Malware Campaigns Supply Chain Policy Tools

Page 7 of 17

151–175 of 403

highCampaignActive

Russian Intelligence Phishing Campaign Targets CMA User Accounts - Encryption Circumvention Through Social Engineering

Russian intelligence services are conducting widespread phishing campaigns targeting commercial messaging application accounts of U.S. government officials, military personnel, and journalists. Attackers have successfully compromised thousands of individual accounts to access messages and contact lists, demonstrating a shift from targeting application encryption to exploiting user-level account security.

21 March 2026Commercial Messaging Applications (generic - specific vendors not named in excerpt), Current and former U.S. government officials, U.S. military personnel +2

criticalVulnerabilityActive

JWT Algorithm Confusion in MinIO OIDC Authentication - Defensive Analysis

MinIO's OIDC implementation contains a JWT algorithm confusion vulnerability allowing attackers who possess the ClientSecret to forge identity tokens and obtain admin-level S3 credentials. This PoC demonstrates a deterministic, high-impact attack path requiring only knowledge of a shared credential.

CVE-2026-33322

20 March 2026MinIO/minio (RELEASE.2022-11-08T05-27-07Z through final OSS release)

criticalVulnerabilityActive

AVideo Unauthenticated SSRF via webSiteRootURL Parameter – Standalone Deployment Risk

Unauthenticated SSRF in AVideo's standalone DVR saver allows attackers to forge server-side requests to arbitrary URLs, potentially chaining to authentication bypass and internal network reconnaissance. The PoC demonstrates complete lack of input validation in a publicly accessible endpoint.

CVE-2026-33351

20 March 2026AVideo/AVideo (Live plugin – standalone mode)

criticalVulnerabilityEmerging

Critical Authentication Bypass in IGL-Technologies eParking.fi Threatens EV Charging Infrastructure

All versions of IGL-Technologies eParking.fi contain critical authentication and access control vulnerabilities (CVSS 9.4) that could allow attackers to gain unauthorized administrative control over EV charging stations or launch denial-of-service attacks against charging services.

20 March 2026IGL-Technologies eParking.fi (all versions)

highVulnerabilityEmerging

Mitsubishi Electric CNC Remote DoS via Out-of-Bounds Read Affects Multiple Industrial Control Series

A remote out-of-bounds read vulnerability in Mitsubishi Electric CNC Series controllers enables denial-of-service attacks. This affects critical industrial manufacturing infrastructure across multiple product lines with varying patch states.

20 March 2026Mitsubishi Electric M800VW, Mitsubishi Electric M800VS, Mitsubishi Electric M80V +11

criticalVulnerabilityEmerging

Critical RCE in Schneider Electric EcoStruxure Automation Expert - Engineering Workstation Compromise Risk

Schneider Electric EcoStruxure Automation Expert versions ≤25.0.1 contain a vulnerability enabling arbitrary command execution on engineering workstations. This threatens the integrity of critical industrial control systems across discrete, hybrid, and continuous manufacturing processes.

20 March 2026Schneider Electric EcoStruxure Automation Expert versions <25.0.1 and 25.0.1

criticalVulnerabilityEmerging

WebCTRL Premium Server Cryptographic and Authentication Failures Enable Network Eavesdropping and Spoofing

Automated Logic WebCTRL Premium Server contains multiple critical vulnerabilities including cleartext transmission, authentication bypass via spoofing, and port binding issues that allow attackers to intercept, read, and modify communications in building automation systems.

20 March 2026Automated Logic WebCTRL Premium Server

highVulnerabilityActive

Critical XSS and DoS Vulnerabilities in Schneider Electric Modicon Industrial Controllers Expose OT Environments

Schneider Electric Modicon Controllers (M241, M251, M258, M262, LMC058) contain XSS/open redirect and denial-of-service vulnerabilities affecting web interfaces. Exploitation could lead to account takeover, browser-based code execution, or operational disruption in industrial environments.

20 March 2026Schneider Electric Modicon M241 (versions < 5.4.13.12), Schneider Electric Modicon M251 (versions < 5.4.13.12), Schneider Electric Modicon M258 (all firmware versions) +2

highVulnerabilityActive

HTTP Header Leakage During Redirect Following in HAPI FHIR

HAPI FHIR's HTTP client transmits authentication headers and sensitive data to redirect destinations without validation, enabling credential theft and cross-host impersonation attacks. Defenders must identify and patch affected deployments immediately.

CVE-2026-33180

19 March 2026HAPI FHIR < 6.8.3

criticalVulnerabilityActive

gRPC-Go Authorization Bypass via Non-Canonical :path Header Validation

gRPC-Go servers fail to canonicalize HTTP/2 :path pseudo-headers before authorization checks, allowing attackers to bypass path-based access control policies by omitting the leading slash in requests.

CVE-2026-33186

19 March 2026google.golang.org/grpc, google.golang.org/grpc/authz

criticalVulnerabilityActive

Path Traversal in Tekton Pipelines Git Resolver - Arbitrary File Read via Parameter Injection

The Tekton git resolver fails to sanitize the `pathInRepo` parameter, allowing namespace-scoped tenants to read arbitrary files from the resolver pod filesystem via path traversal sequences. This enables credential exfiltration including ServiceAccount tokens.

CVE-2026-33211

19 March 2026Tekton/Tekton-Pipelines

criticalVulnerabilityActive

ScreenConnect Authentication Bypass via Cryptographic Signature Verification Flaw

ConnectWise patched a cryptographic signature verification vulnerability in ScreenConnect that allows attackers to bypass authentication and hijack remote access sessions. This is a critical supply-chain risk affecting thousands of managed service providers and their downstream customers.

19 March 2026ConnectWise ScreenConnect

highVulnerabilityActive

Active Zimbra XSS Exploitation Triggers Federal Patch Mandate - Government Email Infrastructure at Risk

CISA issued a binding directive for U.S. federal agencies to patch an actively exploited XSS vulnerability in Zimbra Collaboration Suite, indicating threat actors are leveraging email infrastructure compromises for potential lateral movement and data theft.

19 March 2026Zimbra Collaboration Suite (ZCS)

highPolicyContained

Identity Protection Provider Aura Exposes 900K Contacts - Ironic Security Failure

Aura, an identity protection company, suffered a data breach exposing ~900,000 marketing contact records (names, emails). The breach is particularly damaging given Aura's core business is protecting customers from identity theft and data exposure.

19 March 2026Aura (identity protection company), ~900,000 marketing contacts

criticalCampaignActive

Endpoint Management Systems Under Active Exploitation - Microsoft Intune Environment Compromise at Stryker

CISA confirmed March 2026 cyberattack against Stryker Corporation exploiting endpoint management system misconfigurations in Microsoft environments. This represents active adversary targeting of legitimate administration tools to achieve organizational compromise.

19 March 2026Microsoft Intune, Stryker Corporation, US Medical Technology Sector

highVulnerabilityActive

CISA Catalog Updates Highlight Dual Enterprise Threats: Zimbra XSS and SharePoint Deserialization

CISA added two known-exploited vulnerabilities to its KEV catalog: a Zimbra Collaboration Suite XSS flaw and a Microsoft SharePoint deserialization vulnerability. Both are under active exploitation and carry significant risk to federal and enterprise environments.

CVE-2025-66376CVE-2026-20963

19 March 2026Synacor Zimbra Collaboration Suite (ZCS), Microsoft SharePoint

highVulnerabilityActive

SiYuan SanitizeSVG Bypass via XML MIME Type Omission – Incomplete CVE-2026-29183 Fix

SiYuan's SVG sanitizer blocks data:text/html and data:image/svg+xml but misses data:text/xml and data:application/xml, allowing unauthenticated XSS via the /api/icon/getDynamicIcon endpoint. The fix for CVE-2026-29183 was incomplete, leaving equivalent bypass vectors.

CVE-2026-29183

18 March 2026SiYuan/v3.6.0

highVulnerabilityActive

jsPDF HTML Injection via Unsafe Options Serialization in New Window Output

jsPDF versions before 4.2.1 fail to sanitize user-controlled options passed to window-opening output methods, allowing attackers to inject arbitrary HTML and JavaScript into the PDF viewer context. This enables XSS attacks when applications pass unsanitized user input to these functions.

CVE-2026-31938

18 March 2026jspdf/jsPDF (<4.2.1)

highVulnerabilityActive

Apple Introduces Background Security Improvements model to patch WebKit vulnerability without full OS update

Apple released a new Background Security Improvements update addressing WebKit CVE-2026-20643 across iOS, iPadOS, and macOS without requiring full operating system upgrades. This represents a significant shift in Apple's patching strategy, enabling faster security remediation for critical browser engine vulnerabilities.

CVE-2026-20643

18 March 2026Apple iPhone, Apple iPad, Apple Mac

criticalVulnerabilityActive

CODESYS Runtime Vulnerability in Festo Automation Suite Enables Unauthenticated Code Execution

A vulnerability in CODESYS runtime components bundled with Festo Automation Suite prior to v2.8.0.138 allows unauthenticated remote attackers to execute arbitrary code on industrial automation systems. This affects a widely-used ICS development platform with significant operational technology footprint.

18 March 2026Festo Automation Suite (versions < 2.8.0.138), CODESYS Development System 3.0, CODESYS Development System 3.5.16.10

criticalVulnerabilityActive

Schneider Electric SCADAPack RTU Authentication Bypass Exposes Critical ICS Infrastructure

Schneider Electric SCADAPack x70 RTUs and RemoteConnect products contain an authentication or access control vulnerability affecting firmware versions prior to 9.12.2, potentially allowing unauthorized remote access to critical industrial control systems with downstream impacts on device integrity and availability.

18 March 2026Schneider Electric SCADAPack 47xi, Schneider Electric SCADAPack 47x, Schneider Electric SCADAPack 57x +1

highVulnerabilityEmerging

Schneider Electric DCE Hard-Coded Credentials Enable Authenticated RCE in Critical Infrastructure Monitoring

Schneider Electric's EcoStruxure Data Center Expert contains hard-coded credentials that, combined with an optional SOCKS proxy feature, allow authenticated attackers to compromise the monitoring platform. This threatens visibility and control of critical data center infrastructure.

18 March 2026Schneider Electric EcoStruxure IT Data Center Expert ≤9.0, Schneider Electric EcoStruxure IT Data Center Expert 9.1

highVulnerabilityActive

Siemens SICAM SIAPP SDK Misuse Vulnerabilities Enable Data Corruption and DoS in Industrial Control Applications

Siemens SICAM SIAPP SDK versions below 2.1.7 contain multiple vulnerabilities exploitable through improper API usage or missing hardening, risking denial of service, data corruption, and simulation environment compromise in customer-developed SIAPP applications.

18 March 2026Siemens SICAM SIAPP SDK <2.1.7

criticalVulnerabilityActive

Privilege Escalation via Unsafe Default Permission Application in User Signup

Unauthenticated users can register as administrators when self-signup is enabled and default permissions include admin privileges. The signup handler blindly applies all defaults without stripping elevated permissions.

CVE-2026-32760

17 March 2026File-Browser

criticalVulnerabilityActive

SiYuan Authorization Bypass: Unauthenticated SQL Execution via Inconsistent Middleware Chain

The `/api/search/fullTextSearchBlock` endpoint in SiYuan v3.6.0 bypasses role-based access controls present on other SQL endpoints, allowing any authenticated user (including read-only roles) to execute arbitrary SQL. This PoC proves the middleware chain inconsistency is exploitable in production deployments.

CVE-2026-32767

17 March 2026SiYuan/SiYuan (<= 3.6.0)