Intelligence · Updated daily
AI-analysed threats, vulnerabilities and campaigns. Not just what happened — what it means, who's affected, and what to do about it.
PraisonAI's token validation function returns True for any unrecognized token when the internal token store is empty (default state), allowing unauthenticated access to all MCP tools including agent execution and file operations. This bypasses intended OAuth authentication entirely.
Juju controllers (3.2.0+) fail to validate TLS client certificates on Dqlite cluster endpoints, allowing unauthenticated attackers with network access to join the cluster, read/modify all data, and escalate privileges. The PoC demonstrates practical network-level exploitation without credentials.
EvilTokens is a commercialised malicious service that automates Microsoft device code phishing attacks, enabling attackers to steal authentication tokens and compromise corporate accounts at scale without requiring passwords.
Attackers are exploiting an unpatched zero-day in TrueConf conference servers to inject malicious updates that propagate to all connected client endpoints, turning legitimate software distribution channels into attack vectors.
Apple is expanding iOS 18 security updates across a wider range of iPhone models to address the actively exploited DarkSword exploit kit. This indicates an ongoing threat with sufficient prevalence to warrant rapid, broad patching.
CrystalRAT is a new malware-as-a-service offering combining remote access, data theft, keylogging, and clipboard hijacking, distributed via Telegram. The bundling of multiple attack capabilities into a single commodity service lowers the barrier to entry for financially motivated threat actors.
CISA added CVE-2026-5281, a zero-day use-after-free in Google Chrome's Dawn WebGPU implementation, to its Known Exploited Vulnerabilities Catalog after evidence of active exploitation. This represents an emerging attack vector targeting GPU rendering pipelines rather than traditional browser exploits.
OpenClaw loads `.env` files from the current working directory before applying trusted state-dir configuration, allowing attackers to inject malicious environment variables through repository-committed or workspace files. This bypasses intended host environment isolation policies and enables configuration/security setting override.
Unsanitized user input in Methods Management functionality results in stored XSS payloads that execute globally across all pages where the malicious method appears in navigation menus, enabling account takeover and privilege escalation.
Unsanitized input in group/role management fields allows stored XSS execution in administrative contexts, enabling full account takeover and application compromise. This PoC demonstrates a complete authentication bypass pathway for defenders to understand systemic input validation failures.
Google is rolling out the ability for U.S. users to change their primary @gmail.com address or create aliases, improving account flexibility but introducing new vectors for account compromise, impersonation, and social engineering attacks.
Anthropic accidentally published Claude Code's closed-source implementation to NPM, exposing proprietary code but not customer data or authentication credentials. The leak represents a supply-chain accident rather than an exploitable vulnerability, though source code disclosure carries competitive and reverse-engineering risks.
Microsoft issued an emergency hotfix (KB5086672) to resolve widespread installation failures from a March 2026 preview update that was already pulled. The incident highlights systemic issues in Microsoft's preview testing and release validation processes.
PX4 Autopilot v1.16.0 contains an authentication bypass in the MAVLink interface allowing unauthenticated attackers to execute arbitrary shell commands. This affects unmanned aerial systems and robotics platforms relying on PX4.
CVE-2026-3356 affects all versions of Anritsu's Remote Spectrum Monitor series, allowing network-accessible attackers to modify operational settings, exfiltrate signal intelligence, or cause denial of service. The vulnerability impacts spectrum analysis infrastructure used in telecommunications and defence sectors.
mpp versions before 0.8.0 contain multiple authentication bypass vulnerabilities allowing attackers to replay payment requests, hijack session channels, and manipulate fee responsibility. This PoC matters for defenders as it demonstrates systemic weaknesses in request validation and session management that affect financial transaction integrity.
GitHub Actions workflows that directly embed `issue_comment.body` into shell commands without sanitization allow unauthenticated attackers to inject arbitrary shell commands and execute code on runners. This PoC demonstrates escape-and-execute techniques that bypass basic quoting.
MikroORM fails to properly validate internal ORM markers, allowing attackers to inject raw SQL through specially crafted objects passed to write APIs. This requires direct application-level data flow to ORM methods, making input validation the primary defense.
DShield Cowrie honeypot analysis shows that session duration, command count, and disconnect patterns can distinguish automated attacks from manual reconnaissance. Defenders can use these signals to identify fingerprinting attempts and refine threat intelligence collection.
A file read vulnerability in Smart Slider 3 WordPress plugin allows subscriber-level users to access arbitrary files on affected servers. With 800,000+ installations, this represents a significant exposure vector for sensitive configuration files and database credentials.
The Handala group, assessed as Iranian state-affiliated, compromised FBI Director Kash Patel's personal email account and published sensitive materials. This represents a significant counter-intelligence breach targeting the highest levels of US law enforcement.
A logic flaw in Zebra's transaction processing allows remote attackers to crash nodes by sending crafted V5 transactions that pass network deserialization but fail during TxID computation. This PoC demonstrates unauthenticated network-level DoS impact on blockchain infrastructure.
OpenClaw gateway authentication allows paired devices to silently escalate privileges from operator.read to operator.admin during reconnect events without explicit approval, enabling node RCE. This demonstrates an implicit trust model vulnerability in local shared-auth flows.
A threat actor obtained unauthorised access to the European Commission's Amazon Web Services environment, triggering an ongoing investigation. The incident highlights how even well-resourced government bodies remain vulnerable to cloud misconfigurations and identity compromise.
Organisations are acquiring agentic GRC (Governance, Risk, Compliance) tools to automate workflows, but the transition is failing because teams remain operationally focused rather than adopting risk leadership mindsets required for the technology to deliver value.