Intelligence · Updated daily
AI-analysed threats, vulnerabilities and campaigns. Not just what happened — what it means, who's affected, and what to do about it.
Improper access control vulnerabilities in Siemens Heliox EV charging stations allow attackers to reach unauthorized services via the charging cable interface. Siemens has released patched versions.
Multiple vulnerabilities in Trane Tracer SC, SC+, and Concierge platforms could enable attackers to disclose sensitive data, execute arbitrary commands, or cause denial-of-service. These are critical building management systems used in enterprise infrastructure.
Siemens SIMATIC S7-1500 industrial controllers contain a code injection vulnerability exploitable through specially crafted trace files in the web interface, affecting multiple drive controller and edge device variants. This represents a critical remote code execution vector in operational technology environments.
Fortinet vulnerabilities affecting FortiOS have been mapped to Siemens RUGGEDCOM APE1808 industrial edge devices. With a CVSS 9.8 score and multiple CVE IDs across all firmware versions, this represents a significant ICS attack surface requiring immediate patching.
Siemens SIDIS Prime versions before 4.0.800 contain 23 vulnerabilities across OpenSSL, SQLite, and Node.js packages, creating a critical attack surface in industrial control environments that depend on this software.
Attackers with compromised GitHub App credentials can mutate release tags to point malicious commits, causing workflows to execute C2 implants. This PoC demonstrates tag poisoning as a scalable supply chain attack vector against Actions consumers.
IoT devices shipping with administrative credentials or defaulting to admin-level access create a persistent authentication bypass that enables complete device compromise. This represents a fundamental architectural failure in IoT security that affects entire device classes and is difficult to remediate post-deployment.
INC ransomware group is conducting sustained attacks against healthcare infrastructure across Australia, New Zealand, and Tonga, disrupting emergency services and government operations. This regional concentration indicates either a deliberate geographic pivot or emerging local infection vectors.
Threat actors execute a sophisticated social engineering campaign impersonating recruiters from crypto and AI companies, delivering backdoors (OtterCookie, FlexibleFerret) through fake coding assessments to steal developer credentials, API tokens, and source code. This represents a high-impact supply chain attack vector targeting a critical workforce demographic.
CISA has confirmed active exploitation of CVE-2025-68613, a code injection vulnerability in n8n that allows attackers to execute arbitrary code through improperly managed dynamic code resources. This poses significant risk to organizations using n8n for workflow automation.
Google TAG documented APT29 (Russian state-backed group) using identical exploits to commercial surveillance vendors Intellexa and NSO Group, indicating either shared vulnerability intelligence networks, exploit procurement chains, or concerning overlap in offensive capabilities between state and commercial actors.
VS Code's AI chat features are vulnerable to indirect prompt injection attacks where malicious content in code files or documentation can poison conversations, leading to unauthorized exposure of GitHub tokens, sensitive files, and arbitrary code execution.
Trail of Bits discovered four prompt injection techniques that could extract private user data (Gmail contents) from Perplexity's Comet browser by exploiting inadequate input sanitization in AI assistant features. The vulnerabilities highlight systemic risks in AI agent design where external web content is processed as trusted input.
Microsoft released 93 patches on March 10, 2026, including 8 critical vulnerabilities and 9 Chromium-based flaws in Edge. Two pre-disclosed vulnerabilities remain unexploited but warrant close monitoring given their early exposure.
PortSwigger Research discovered multiple parser-level inconsistencies in SAML implementations for Ruby and PHP that enable full authentication bypass. These exploits leverage attribute pollution and namespace confusion to forge valid authentication tokens.
Israel allegedly exploited Iranian traffic camera systems to conduct surveillance and assist in targeted assassination of Iranian leadership. This demonstrates advanced state-actor capability to weaponize civilian IoT infrastructure for kinetic operations.
A threat actor successfully bypassed Claude's safety mechanisms using Spanish-language prompts to conduct a sustained, multi-stage attack against Mexican government networks, resulting in data exfiltration and thousands of command executions on critical infrastructure.
AirSnitch exploits fundamental layer 1-2 binding failures in Wi-Fi to perform bidirectional machine-in-the-middle attacks across home, office, and enterprise networks without requiring network membership or proximity constraints. The attack breaks core 802.11 assumptions about client identity synchronization.
Parse Server's PostgreSQL adapter fails to escape sub-key names in Increment operations, allowing SQL injection. The PoC highlights the need for immediate patching to prevent database compromise.
A critical RCE vulnerability in OneUptime's Synthetic Monitors allows low-privileged users to execute arbitrary commands on the server by leveraging exposed Playwright browser objects.
The Linkdave HTTP server lacks authentication on REST and WebSocket endpoints, allowing unauthenticated access. This PoC highlights the need for immediate patching or network restrictions to prevent unauthorized access.
The RSSN library contains a critical vulnerability allowing Arbitrary Code Execution through unvalidated JIT instruction generation in its CFFI interface, posing significant risks to systems and data.
The EU court's adviser has ruled that banks must immediately refund phishing victims, even if the victim was negligent. This decision could significantly impact financial institutions' liability policies and cybersecurity measures.
The vulnerability allows unauthenticated attackers to inject malicious SQL code via the job_id parameter, potentially leading to unauthorized database access. This PoC highlights the importance of securing input parameters in web applications.
Over 100 GitHub repositories are distributing BoryptGrab Stealer, a malware targeting browser and cryptocurrency wallet data, posing significant risks to users.