Intelligence · Updated daily
AI-analysed threats, vulnerabilities and campaigns. Not just what happened — what it means, who's affected, and what to do about it.
A critical heap overflow vulnerability in VMware ESXi allows an attacker with local admin privileges on a guest VM to escape the sandbox and execute code on the hypervisor host.
CISA and NSA published joint guidance addressing security risks of AI system deployment in critical infrastructure, covering supply chain, model integrity, and adversarial attack mitigations.
A new critical SQL injection vulnerability in MOVEit Transfer is being exploited by the Cl0p ransomware group, echoing the devastating 2023 campaign that compromised thousands of organizations worldwide.
Microsoft's June Patch Tuesday addresses over 50 vulnerabilities including a Windows kernel privilege escalation flaw being exploited in the wild by advanced threat actors.
A critical OGNL injection vulnerability in Atlassian Confluence Server and Data Center allows unauthenticated remote code execution, with ransomware groups actively exploiting unpatched instances.
The US Department of Justice announced federal charges against additional members of the Scattered Spider cybercriminal group responsible for high-profile social engineering attacks against major US corporations.
Google released an emergency Chrome update fixing a high-severity type confusion vulnerability in V8 that was being exploited in targeted attacks against users in the wild.
Coinbase revealed that threat actors bribed overseas customer support contractors to exfiltrate personal data of roughly 1% of monthly transacting users, then demanded a $20 million ransom.
Two vulnerabilities in Ivanti Endpoint Manager Mobile can be chained to achieve unauthenticated remote code execution, with active exploitation targeting government and critical infrastructure organizations.
Microsoft's May 2025 Patch Tuesday addresses over 70 vulnerabilities including five zero-days under active exploitation across Windows kernel, scripting engine, and DWM components.
A maximum-severity vulnerability in Cisco IOS XE for Wireless LAN Controllers allows unauthenticated attackers to upload arbitrary files and execute commands via a hard-coded JSON Web Token.
UK retailer Co-op shut down parts of its IT infrastructure after detecting unauthorized access, becoming the second major British retailer hit by cyberattack in weeks following Marks & Spencer.
UK retail giant Marks & Spencer suffered a significant cyberattack that disrupted contactless payments, click-and-collect services, and online ordering, attributed to the DragonForce ransomware operation working with Scattered Spider affiliates.
A critical zero-day in SAP NetWeaver Visual Composer is being actively exploited to upload webshells to enterprise SAP servers, enabling full remote control of critical business systems.
A critical vulnerability in the Erlang/OTP SSH library allows unauthenticated remote code execution with a perfect CVSS 10.0 score, affecting any application using the built-in SSH server.
The imageboard 4chan was breached and taken offline after attackers exploited an outdated PHP installation, leaking source code, moderator information, and internal tools.
Microsoft's April 2025 Patch Tuesday addresses a Windows Common Log File System zero-day being actively exploited by the RansomEXX ransomware group for privilege escalation.
Threat actors maintained persistent read-only access to Fortinet FortiGate devices through symlinks in the SSL-VPN language files, surviving firmware updates and patches applied by defenders.
A critical authentication bypass in CrushFTP allows unauthenticated attackers to access administrative functions through crafted HTTP requests, with exploitation already observed in the wild.
Four critical vulnerabilities in the Kubernetes ingress-nginx controller, collectively dubbed IngressNightmare, could allow unauthenticated attackers to take over Kubernetes clusters hosting 40% of cloud workloads.
A critical authorization bypass vulnerability in the Next.js framework allows attackers to skip middleware-based security checks by manipulating request headers, potentially affecting millions of web applications.
A critical remote code execution vulnerability in Apache Tomcat allows attackers to upload and execute arbitrary code via partial PUT requests, with active exploitation observed within 30 hours of disclosure.
A supply chain attack targeting the popular tj-actions/changed-files GitHub Action compromised CI/CD secrets across thousands of repositories by injecting malicious code that exfiltrated secrets to workflow logs.
FBI, CISA, and MS-ISAC warn that the Medusa ransomware-as-a-service operation has impacted over 300 organizations across critical infrastructure sectors since 2021.
Microsoft's March 2025 Patch Tuesday is one of the most critical in recent memory, fixing six actively exploited zero-day vulnerabilities across NTFS, the Win32 kernel subsystem, and Microsoft Management Console.