Intelligence · Updated daily
AI-analysed threats, vulnerabilities and campaigns. Not just what happened — what it means, who's affected, and what to do about it.
Attackers are posting fake VS Code security alerts in GitHub project Discussions to trick developers into downloading malware. The campaign exploits trust in legitimate tooling warnings and the open nature of GitHub's collaboration features.
TeamPCP compromised the legitimate Telnyx package on PyPI and uploaded malicious versions that extract credential-stealing malware from embedded WAV files. This represents a direct attack on Python's package supply chain affecting any developer who installed the backdoored version.
CISA has added CVE-2025-53521, a remote code execution vulnerability in F5 BIG-IP, to its Known Exploited Vulnerabilities catalog following evidence of active exploitation. This represents an immediate threat to federal networks and critical infrastructure relying on BIG-IP for load balancing and application delivery.
Google has committed to migrating its infrastructure to post-quantum cryptography by 2029, signalling that the cryptographically-relevant quantum computer threat window is closing faster than many organisations anticipated. This accelerates industry pressure to inventory and remediate legacy systems before quantum capabilities render current encryption obsolete.
A new iOS exploit kit called Coruna reuses and updates kernel exploits originally deployed in Operation Triangulation three years ago, indicating that sophisticated threat actors are recycling proven attack code rather than developing entirely new exploits.
Multiple security vendors announced new products and features at RSAC 2026 (days 3-4), representing typical conference-cycle releases rather than responses to critical threats or novel attack patterns.
Bearlyfy, a pro-Ukrainian cyber group, has conducted 70+ attacks on Russian companies since January 2025 using a custom Windows ransomware called GenieLocker. The campaign targets Russian business infrastructure as part of broader geopolitical conflict.
The Alliance for Creativity and Entertainment shut down AnimePlay, a pirated anime streaming platform with 5 million users, through coordinated enforcement action. This represents continued success in disrupting consumer-facing piracy infrastructure but raises questions about replacement rate and user migration patterns.
Three security flaws in LangChain and LangGraph frameworks allow attackers to read filesystem data, extract environment variables containing secrets, and access conversation histories. These widely-adopted LLM frameworks put thousands of dependent applications at risk.
Dutch National Police experienced a successful phishing attack leading to a security breach with limited scope and no impact on citizen data. The incident highlights the persistence of credential-harvesting campaigns against high-value targets despite security awareness programmes.
Microsoft released KB5079391 with improvements to Smart App Control, a machine learning-based application allowlisting feature in Windows 11. This represents iterative hardening of Windows' application execution controls rather than a critical security fix.
CVE-2026-33863 exposes two prototype pollution paths in node-convict's config loading and schema initialization that allow attackers to pollute Object.prototype through untrusted JSON/schema data, potentially enabling authentication bypass or RCE.
Convict 6.2.4 contains a prototype pollution flaw where attackers can override String.prototype.startsWith to bypass validation checks, enabling Object.prototype contamination. The PoC demonstrates that previous mitigation attempts are insufficient and defenders must implement input validation at multiple layers.
A privilege escalation flaw in OpenClaw's device.pair.approve method allowed operators with pairing-level permissions to approve device requests with elevated operator scopes they don't possess, enabling unauthorized administrative access.
CISA has confirmed active exploitation of CVE-2026-33017 in Langflow, a framework for building AI agent workflows. Attackers are hijacking AI pipelines, likely to poison outputs or exfiltrate training data integrated into these systems.
Attackers exploited unpatched vulnerabilities in Ajax Amsterdam's IT infrastructure to access fan data and enable ticket hijacking. The incident highlights how sporting organisations remain attractive targets for financially motivated threat actors.
A hidden function in WAGO industrial managed switches allows unauthenticated remote attackers to escape the restricted CLI interface and achieve complete device compromise across six hardware models. This represents a critical supply chain risk for industrial control systems.
OpenCode Systems OC Messaging and USSD Gateway versions 6.32.2 contain an insecure direct object reference (IDOR) vulnerability allowing authenticated users to access SMS messages from other tenants by manipulating company or tenant identifiers. This affects multi-tenant deployments handling sensitive communications.
CVE-2026-4681 allows remote code execution in PTC Windchill Product Lifecycle Management across versions 11.0 through 13.1.3.0. This impacts organisations managing product designs and intellectual property across manufacturing, aerospace, and defence sectors.
Dell and HP have announced quantum-resistant security features integrated into their PC and printer products ahead of NIST's finalised post-quantum cryptography standards. This represents early industry adoption to address the theoretical but long-term threat of cryptanalytically relevant quantum computers.
Hambardzum Minasyan, an Armenian national allegedly involved in developing and administering the RedLine infostealer, has been extradited to the United States. This arrest represents a significant enforcement action against a malware-as-a-service operation that has compromised thousands of organisations globally.
Attackers are deploying payment skimmers that abuse WebRTC data channels to receive malicious payloads and exfiltrate stolen card data, successfully circumventing Content Security Policy controls that block traditional HTTP-based exfiltration vectors.
Authenticated users can bypass AlaSQL sandbox restrictions in n8n's Merge node to execute arbitrary SQL, read sensitive files, and achieve remote code execution. This PoC demonstrates insufficient input validation in what should be a restricted query execution environment.
OpenTelemetry Java instrumentation versions <2.26.1 fail to apply serialization filters on RMI deserialization, allowing unauthenticated remote code execution when RMI endpoints are network-accessible and gadget chains are present. This affects production observability infrastructure with potential for supply-chain compromise.
AVideo's live stream control endpoint accepts user-supplied URLs for token verification, allowing attackers to redirect authentication checks to attacker-controlled servers that approve all tokens. This completely bypasses stream access controls without credentials.