Intelligence · Updated daily
AI-analysed threats, vulnerabilities and campaigns. Not just what happened — what it means, who's affected, and what to do about it.
Admidio's documents-files module fails to enforce DELETE authorization and CSRF protection, allowing unauthenticated users to permanently destroy document libraries when public access is enabled, or allowing authenticated read-only users to delete content they cannot modify.
Microsoft Exchange Online experienced a widespread outage blocking mailbox and calendar access for customers globally. This incident underscores the operational risks of cloud-based email dependencies and the cascading business impact when a single provider experiences infrastructure failures.
Companies House, the UK's official business registry, suffered a security flaw in its WebFiling service that exposed sensitive business information for approximately 4 months (October 2025 - present). The breach affected a government-critical infrastructure system handling registration data for all UK companies.
CISA confirmed that a Wing FTP Server vulnerability is being actively exploited in attacks against U.S. government agencies, with potential for chaining into remote code execution. This represents an immediate threat to federal infrastructure and requires urgent patching.
Stryker suffered a destructive cyberattack that remotely wiped tens of thousands of employee devices through compromised Microsoft cloud credentials, requiring no malware payload and leveraging legitimate administrative access to cloud infrastructure.
CISA added CVE-2025-47813, a medium-severity information disclosure flaw in Wing FTP Server, to its Known Exploited Vulnerabilities catalog due to evidence of active exploitation. The vulnerability leaks application installation paths under certain conditions, enabling reconnaissance for follow-on attacks.
Hackers accessed personal information including names, email addresses, and phone numbers from Loblaw, one of Canada's largest retailers. This exposure affects a potentially massive customer base and creates significant identity theft and phishing risks.
Google is implementing API restrictions in Android 17 to prevent non-accessibility apps from abusing the accessibility services API, a common malware technique for achieving privileged operations without proper permissions. This is a preventive security hardening measure rather than a response to active exploitation.
Betterleaks, a new open-source secrets scanner, offers an alternative to Gitleaks for identifying hardcoded credentials in code repositories and files. This reflects ongoing community demand for robust secret detection tooling in DevSecOps pipelines.
OpenAI is rolling out advertisements on ChatGPT's free and Plus tiers, initially limited to US users, with privacy policy updates creating confusion about global deployment timelines. This monetization shift introduces new attack surface for ad injection and data harvesting concerns.
A critical unauthenticated vulnerability in HPE AOS-CX switches allows remote attackers to reset admin credentials without any authentication, providing immediate device takeover capability. This impacts network infrastructure security across enterprise environments.
GlassWorm threat actors are exploiting extensionPack and extensionDependencies features in Open VSX to achieve transitive malware propagation across 72+ extensions, significantly improving attack efficiency and evading detection. This represents a watershed moment in IDE-based supply-chain attacks targeting developer environments.
China's CNCERT warned that OpenClaw's weak default security configurations enable prompt injection attacks and potential data exfiltration. This affects organizations deploying the self-hosted AI agent without hardening baseline security controls.
AppsFlyer's Web SDK was compromised and served malicious JavaScript designed to steal cryptocurrency from end-users. This supply-chain attack affected all downstream applications integrating the SDK until remediation.
Microsoft released an out-of-band hotpatch to remediate a remote code execution vulnerability in Routing and Remote Access Service (RRAS) affecting Windows 11 Enterprise devices. This emergency deployment indicates active exploitation risk and bypasses the standard monthly patch cycle.
Centrifugo performs JWT claim extraction and dynamic URL interpolation before cryptographic signature verification, allowing unauthenticated attackers to trigger SSRF requests to arbitrary destinations via crafted JWT claims.
Apollo Federation gateway fails to properly sanitize field aliases and variable names, allowing prototype pollution of Object.prototype. Successful exploitation persists across subsequent requests, potentially enabling privilege escalation and data integrity violations.
A logic flaw in OpenClaw's WebSocket authentication path allows shared-secret clients to self-declare elevated scopes (e.g., operator.admin) without server-side validation, enabling unauthorized admin operations. Defenders must patch immediately and audit existing shared-auth connections.
Organizations migrating from VMware to alternative hypervisors face elevated data security and recovery risks during transition periods. Verified backups and cross-platform recovery capabilities are critical to prevent data loss and maintain business continuity.
Microsoft is investigating widespread synchronization and connection failures in classic Outlook desktop client, affecting email delivery and user productivity across enterprise deployments.
Poland's National Centre for Nuclear Research (NCBJ) was targeted by cyberattackers who attempted to compromise its IT infrastructure, but intrusion detection systems successfully identified and blocked the attack before any material impact occurred. This incident underscores persistent adversarial interest in critical infrastructure sectors, particularly those with strategic national importance.
Eight malicious games on Steam were used to distribute malware to an unknown number of victims. The FBI is actively soliciting victim reports, indicating this represents a significant supply-chain compromise affecting a trusted distribution platform with millions of users.
Microsoft's February 2026 security updates introduced a regression affecting Samsung laptop users running Windows 11, rendering C: drives inaccessible and preventing application launches. This represents a critical post-patch quality assurance failure with widespread operational impact.
Parse Server's OAuth2 adapter uses a shared singleton instance across multiple providers, allowing concurrent authentication requests to cause token validation confusion where one provider's token may be validated against another provider's policy, potentially leading to unauthorized access.
Unauthenticated attackers can hijack user accounts by exploiting improper input validation in authentication data identifiers, converting exact-match lookups into pattern-matching queries. This affects all Parse Server deployments with anonymous authentication enabled by default.