Intelligence · Updated daily

Security Intelligence

AI-analysed threats, vulnerabilities and campaigns. Not just what happened — what it means, who's affected, and what to do about it.

Page 10 of 30

226–250 of 728
highCampaignContained

Interpol-led takedown disrupts Middle East scam infrastructure; 200+ arrests and hundreds of compromised devices recovered

Interpol-coordinated law enforcement operations arrested over 200 individuals operating cybercriminal scam networks across the Middle East and recovered hundreds of compromised devices used in the scheme. This represents a significant disruption to a regional fraud operation, though the technical sophistication and scale suggest similar networks remain active.

Hundreds of end-user devices (specific platforms not disclosed)
criticalVulnerabilityResolved

Multi-vendor RCE patch wave signals coordinated disclosure cycle with Ivanti Xtraction critical flaw leading

Ivanti, Fortinet, SAP, VMware, and n8n have released patches for multiple remote code execution and privilege escalation vulnerabilities, with Ivanti Xtraction's CVE-2026-8043 (CVSS 9.6) enabling arbitrary code execution through external file name control. This coordinated patch release suggests these flaws were likely discovered through vulnerability coordination channels.

CVE-2026-8043
Ivanti Xtraction, Fortinet, SAP +2
criticalVulnerabilityResolved

MiniPlasma 0-Day Exposes Systemic Patching Failure in Windows Cloud Files Driver

Researcher Chaotic Eclipse has released a working exploit for MiniPlasma, a Windows privilege escalation zero-day in the Cloud Files Mini Filter Driver (cldflt.sys) that grants SYSTEM access on fully patched systems. This represents a complete bypass of Windows security controls and poses immediate risk to all affected Windows installations.

Microsoft Windows, Windows Cloud Files Mini Filter Driver (cldflt.sys)
highVulnerabilityResolved

Microsoft's Silent Azure Backup Fix Raises Questions on Vulnerability Disclosure Transparency

A security researcher claims Microsoft quietly patched an Azure Backup for AKS vulnerability without issuing a CVE or acknowledging the original report, whilst Microsoft contests the characterisation and denies making product changes. The dispute highlights tensions in coordinated disclosure practices and raises concerns about undisclosed fixes in cloud infrastructure.

Microsoft Azure Backup for AKS
criticalCampaignResolved

UNC6671's BlackFile Campaign: Vishing and AiTM as a Vector to Cloud Extortion at Scale

UNC6671 operates BlackFile, an extortion campaign using sophisticated vishing and adversary-in-the-middle techniques to bypass MFA and compromise Microsoft 365 and Okta environments, exfiltrating corporate data for extortion. The attack chain circumvents traditional perimeter defences by targeting human authentication vectors rather than technical infrastructure.

Microsoft 365, Okta, Cloud environments