Intelligence · Updated daily

Security Intelligence

AI-analysed threats, vulnerabilities and campaigns. Not just what happened — what it means, who's affected, and what to do about it.

Page 11 of 30

251–275 of 728
mediumCampaignResolved

Aggregated Security Digest: Multiple Vectors from Cloud Gaming Breaches to Legislative Pressure

SecurityWeek reports on multiple concurrent security issues including an Nvidia cloud gaming data breach, Canvas LMS compromise by ShinyHunters following FBI warning, Android 17 hardening, and automotive/enterprise vulnerabilities. The clustering suggests defenders face distributed pressure across consumer, educational, and enterprise sectors.

Nvidia, Canvas LMS, Android +2
highVulnerabilityResolved

Pixel 10 0-click exploit chain demonstrates persistent Android attack surface despite mitigations

Google Project Zero published a 0-click exploit chain for Pixel 10 leveraging CVE-2025-54957 (Dolby vulnerability) and bypassing RET PAC mitigations. The attack requires only two exploits to achieve root access from a zero-interaction context, indicating modern Android devices remain vulnerable despite security hardening.

CVE-2025-54957
Google Pixel 10, Google Pixel 9, Android platform (historical)
highCampaignResolved

Chinese-linked FamousSparrow expands targeting to Azerbaijani energy sector via Microsoft Exchange exploitation

A Chinese-affiliated threat actor designated FamousSparrow conducted a multi-wave intrusion against an Azerbaijani oil and gas company between December 2025 and February 2026, exploiting Microsoft Exchange vulnerabilities as an initial access vector. This represents a notable shift in the group's targeting geography and suggests persistent interest in critical infrastructure.

Microsoft Exchange, Azerbaijani oil and gas sector
criticalVulnerabilityResolved

Exim BDAT use-after-free in GnuTLS builds creates RCE window for mail infrastructure

CVE-2026-45185 is a use-after-free vulnerability in Exim's BDAT command handling that affects GnuTLS-compiled builds, enabling memory corruption and potential code execution on mail servers. Given Exim's deployment across internet-facing mail infrastructure, this poses significant risk to email delivery chains.

CVE-2026-45185
Exim MTA (GnuTLS builds), Mail infrastructure running affected configurations