Intelligence · Updated daily
AI-analysed threats, vulnerabilities and campaigns. Not just what happened — what it means, who's affected, and what to do about it.
Large-scale credential attacks are targeting security vendors' devices and infrastructure, putting downstream customers at risk. Unit 42 publishes mitigation guidance as these campaigns remain actively exploited.
SecurityWeek reports several significant security issues including an Apple Beats eavesdropping flaw patch, an unpatched GCP Config Connector vulnerability enabling account takeover, an Android TV botnet linked to an Israeli firm, and closure of the DOT's Delta Air Lines CrowdStrike incident investigation.
Researchers have demonstrated a working exploit (usbliter8) that achieves arbitrary code execution in the immutable SecureROM of Apple A12 and A13 chips. Because the affected code is burned into silicon at manufacture, no software update can patch this vulnerability, affecting millions of devices permanently.
Law enforcement conducted a coordinated international operation against the SocGholish botnet, a distribution mechanism linked to Russia-based cybercrime group Evil Corp. The disruption degrades Evil Corp's ability to deliver secondary payloads and conduct follow-on attacks against compromised networks.
Klue, a market intelligence platform, suffered a breach exposing OAuth tokens that provide access to customers' Salesforce environments. The Icarus extortion group claims responsibility and is threatening to release stolen data.
Crawl4AI's download handler fails to sanitize filenames from HTTP headers and page-controlled sources, allowing path traversal to write arbitrary files with attacker content. Pre-authenticated exploitation is possible via the Docker `/crawl` endpoint, enabling remote code execution through shell rc-file overwriting, SSH key injection, or cron job placement.
Crawl4AI's unauthenticated Docker API accepts user-supplied Chromium launch arguments that bypass a denylist-based filter, enabling arbitrary command execution as the container user. The vulnerability class (argument injection + incomplete denylist) is a known anti-pattern that defenders should watch for in containerized applications.
gemini-mcp-tool versions prior to 1.1.6 fail to validate @file prompt directives, enabling arbitrary file exfiltration and OS command injection on Windows. Defenders must patch immediately and audit logs for suspicious @file references.
Popa, a multi-year Android botnet compromising millions of consumer TV boxes, has been attributed to NetNut, a residential proxy service operated by publicly-traded Israeli firm Alarum Technologies. The botnet facilitates advertising fraud, account takeovers, and mass data scraping under commercial cover.
A significant majority of internet-facing REDCap servers remain unpatched and are actively targeted by China-linked UNC6508 for initial access and backdoor installation. This represents a widespread supply-chain risk affecting research institutions and healthcare organisations globally.
F5 released patches for two critical remote code execution vulnerabilities in NGINX Open Source, with CVE-2026-42530 being a use-after-free in the HTTP/3 module exploitable by unauthenticated remote attackers. This affects organisations running NGINX with HTTP/3 support enabled.
Human Rights Watch obtained Bulgarian export records showing the government approved surveillance technology exports by firm Circles to law enforcement and intelligence agencies in countries with documented human rights abuse records between 2018 and 2023. This represents a systemic compliance failure in export controls for dual-use surveillance capabilities.
Gentlemen ransomware-as-a-service is actively developing and maintaining multiple EDR killer tools to help affiliates disable endpoint defences during attacks. This represents a shift towards commoditised EDR bypass capabilities within the RaaS ecosystem.
The `/api/v1/upload/{flow_id}` endpoint in Langflow lacks authentication and input validation, allowing unauthenticated attackers to exhaust server disk space and extract absolute file paths for further reconnaissance.
HAPI FHIR's saxonTransform() methods instantiate bare Saxon TransformerFactory instances without XXE protections, enabling XML External Entity injection for file disclosure and SSRF attacks. This bypasses the library's own hardened factory pattern documented in XMLUtil.
Missing authorization check on POST endpoint for attaching associated records allows authenticated low-privilege users to bypass UI controls and manipulate authorization-bearing relationships, leading to privilege escalation and cross-tenant data exposure.
A flaw in Google's Vertex AI Python SDK allows attackers to hijack model uploads through bucket squatting and achieve remote code execution across tenant boundaries via unsafe pickle deserialization. This affects any organisation using the SDK to upload models to Google Cloud.
SecurityWeek is hosting a webinar on attack techniques that circumvent multi-factor authentication and evade detection systems. The event highlights a growing capability gap where conventional MFA implementations no longer provide adequate protection against sophisticated threat actors.
A threat actor is running a coordinated campaign to distribute cryptocurrency clipper malware through fake reviews, AI-generated content, compromised platforms (GitHub, SourceForge, YouTube), and a WordPress phishing infrastructure. The campaign exploits legitimate distribution channels and social proof mechanisms to build credibility.
UK National Cyber Security Centre leadership has warned that hostile nation-states are behind approximately 75% of cyber attacks on British critical infrastructure and are actively pre-positioning access for use in future kinetic conflicts. This represents a shift from opportunistic compromise to strategic preparation for wartime operations.
OpenAI is testing a specialised ChatGPT subscription tier targeting scientific research use cases, indicating a shift toward product differentiation and vertical market focus rather than horizontal commodity offerings.
The U.S. government ordered Anthropic to immediately suspend access to its advanced AI models Claude Fable 5 and Mythos 5 for all foreign nationals, citing national security concerns. This represents a significant precedent in AI model export control and raises questions about the enforceability and scope of such restrictions.
Chinese-attributed threat actors compromised an organisation's authentication infrastructure and maintained undetected access for 10 years with administrative visibility. This represents a failure of both perimeter and internal security controls to detect long-term auth-layer persistence.
NPM 12 will block dependency scripts from running during npm install unless explicitly whitelisted, fundamentally altering how the Node.js ecosystem handles post-install hooks. This addresses a critical attack surface but introduces significant compatibility challenges.
CVE-2026-20253, a CVSS 9.8 critical vulnerability in Splunk Enterprise versions before 10.2.4 and 10.0.7, permits unauthenticated attackers to perform arbitrary file operations and achieve remote code execution, affecting a primary target for enterprise threat actors seeking post-compromise persistence and reconnaissance.