Intelligence · Updated daily

Security Intelligence

AI-analysed threats, vulnerabilities and campaigns. Not just what happened — what it means, who's affected, and what to do about it.

RSS feedCVE index728 entries

Vulnerabilities Malware Campaigns Supply Chain Policy Tools

Page 4 of 30

76–100 of 728

highPolicyResolved

Insider threat severity: imprisoned former IT employee's sustained sabotage campaign exposes school district access controls failure

A former Iowa school district IT employee received a 21-month prison sentence for conducting a prolonged cyberattack against the district after employment termination, causing operational disruption, account deletion, and significant financial damage. The case underscores systemic failures in access revocation and post-employment security procedures.

14 June 2026Iowa school district

criticalVulnerabilityActive

Budibase Privilege Escalation via Unvalidated Role Assignment in Public API

Workspace-scoped builders can escalate to global admin by directly injecting role properties into the /api/public/v1/roles/assign endpoint, bypassing authorization checks. This represents a complete tenant-wide privilege escalation from a restricted app-level role.

CVE-2026-48150

13 June 2026Budibase/budibase

informationalToolEmerging

New macOS Tahoe 26 Forensic Artifact Enables Detailed User Activity Reconstruction

Unit 42 researchers have identified a previously unknown macOS Tahoe 26 forensic artifact that records user menu selections system-wide. This discovery is significant for digital forensics and incident response teams seeking to reconstruct user behaviour during investigations.

13 June 2026macOS Tahoe 26

highPolicyActive

Industry-Wide Security Talent and Trust Erosion: Google Layoffs, Vendor Credibility Questions, and Persistent Infrastructure Exposure

Google security layoffs, alleged incident response cover-ups by IBM and AT&T, regulatory fines against Coupang, and flat ICS exposure rates collectively signal organisational security maturity challenges and regulatory pressure intensifying across tech and e-commerce sectors.

13 June 2026Google, IBM, AT&T +2

criticalSupply ChainActive

Mass AUR Compromise: 400+ Packages Weaponised with Credential Stealer and eBPF Rootkit

Attackers compromised over 400 packages in the Arch User Repository, injecting a Rust-based credential stealer that escalates to deploy an eBPF rootkit when run with elevated privileges. This represents a severe supply-chain attack targeting the Arch Linux developer ecosystem.

13 June 2026Arch User Repository (AUR), Arch Linux users, Developers using AUR packages

highPolicyResolved

23andMe settlement highlights organisational failures in breach response and customer data protection

A $47 million settlement fund has been approved for approximately 7 million 23andMe customers whose genetic and personal data were compromised starting in April 2023 and subsequently posted on dark web marketplaces. The breach underscores inadequate credential hygiene, delayed breach disclosure, and the growing market for personal genomic data.

13 June 202623andMe

highPolicyContained

Maine's breach notification portal hijacked by fake disclosures, exposing governance gaps in public security infrastructure

Maine's public data breach notification portal was taken offline after attackers published fraudulent breach disclosures on the state website, highlighting inadequate access controls and verification procedures in government reporting systems that citizens rely on for authentic security information.

13 June 2026Maine state government data breach notification portal

criticalVulnerabilityActive

Meta Ads MCP: Unauthenticated HTTP Middleware Bypass Exposes Operator Credentials via Error Serialization

AuthInjectionMiddleware fails to enforce authentication, allowing unauthenticated callers to invoke MCP tools and trigger error responses that leak the operator's Meta access token as a query parameter in JSON-RPC responses.

CVE-2026-48039

12 June 2026pipeboard-co/meta-ads-mcp (≤1.0.101)

criticalVulnerabilityActive

CodeIgniter4 File Extension Validation Bypass Leading to Arbitrary Code Execution

CodeIgniter4's `ext_in` validation rule checks MIME-guessed extensions rather than actual filename extensions, allowing attackers to upload executable files (e.g., PHP shells) that bypass validation. This leads to arbitrary code execution when uploads are stored in web-accessible directories with script execution enabled.

CVE-2026-48062

12 June 2026CodeIgniter/CodeIgniter4 < 4.7.3

informationalPolicyEmerging

Security Architecture Crisis: Non-Standardised Stack Complexity Undermines Cyber Defence Steering

Juan Andrés Guerrero-Saade argues that decades of uncoordinated security tool accumulation have created an unmanageable, non-standardised technology stack that prevents organisations from effectively directing their own cyber defence strategies. The proposal centres on building an ecology model for cyber security architecture.

12 June 2026

highPolicyActive

Alert Fatigue as a Security Multiplier: When Detection Systems Enable Breaches

Alert fatigue is a systemic operational security problem where SOCs become overwhelmed by alert volume, causing genuine threats to be missed or delayed. This is a control failure that degrades the effectiveness of existing detection infrastructure.

12 June 2026

highVulnerabilityEmerging

OpenClaw AI Agent Vulnerable to Code Execution via Steganographic Injection in Contact Data

Two independent security teams demonstrated that OpenClaw can be coerced into executing arbitrary code and exfiltrating sensitive data through embedded instructions hidden in benign-looking vCards, contacts, and location data. The attack requires no authentication and exploits the agent's unsafe parsing and execution model.

12 June 2026OpenClaw

informationalPolicyActive

U.S. Senate defeats Cyber Force amendment, signalling resistance to dedicated military cyber branch

The U.S. Senate Armed Services Committee rejected Senator Kirsten Gillibrand's amendment to establish a dedicated Cyber Force as a distinct military service during fiscal 2027 defense authorization debate. The narrow 14-13 vote reflects ongoing congressional disagreement over optimal cyber defence organisational structures.

12 June 2026

highPolicyContained

Physical security failure at Kyushu Electric exposes 10.9 million customer records

Kyushu Electric Power Co. lost a portable drive containing personal data of 10.9 million customers through a physical security incident. The breach highlights the ongoing risk of unencrypted data storage devices in large organisations handling critical infrastructure client information.

12 June 2026Kyushu Electric Power Co., Inc.

criticalVulnerabilityActive

Hardcoded JWT Secret in go-base Boilerplate Enables Token Forgery and Authentication Bypass

Go REST API boilerplate ships with hardcoded JWT secret 'random' in both template and code defaults, allowing attackers to forge valid authentication tokens and bypass access controls entirely.

CVE-2026-48031

11 June 2026github.com/dhax/go-base

highCampaignActive

The Gentlemen Ransomware: Second-Tier Gang Climbing Ranks Through Aggressive Affiliate Economics

The Gentlemen ransomware group has rapidly ascended to become the second most prolific gang by victim count, using a 90% ransom split to aggressively recruit skilled affiliates. Attribution efforts are now pointing toward identifying the group's administrator.

11 June 2026Organisations across multiple sectors

highMalwareActive

Infostealer-First Attack Pattern Signals Shift Away From Exploit Dependency

Attackers are increasingly deploying infostealers to harvest credentials at scale, using stolen login details as the primary entry vector for ransomware and other operations rather than relying on exploits. This trend indicates defenders must prioritise credential hygiene and detection of infostealer activity.

11 June 2026Enterprise networks (all sectors), End-user devices (Windows, macOS, Linux), Cloud platforms relying on stolen credentials

highMalwareActive

JDY Botnet Resurges with 1,500+ SOHO and IoT Devices for State-Sponsored Reconnaissance

A China-linked botnet called JDY has expanded to compromise over 1,500 small office, home office, and IoT devices, operating as a centralised scanner for discovering and mapping exposed internet-facing services. This represents a significant reconnaissance infrastructure used by state-sponsored actors to identify targets at scale.

11 June 2026SOHO devices (unspecified models), IoT devices (unspecified models)

highPolicyActive

CISA Mandates 3-Day Patch Window for Federal Agencies, Signalling Shift in US Cyber Governance

CISA has issued a directive requiring federal agencies to patch certain cyber vulnerabilities within 3 days, with a 180-day adoption period. This represents a significant tightening of vulnerability remediation timelines across US government IT infrastructure.

11 June 2026US Federal Agencies

highVulnerabilityActive

Active exploitation of Langflow path traversal flaw exposes AI development platforms to arbitrary file write attacks

CVE-2024-5027, a path traversal vulnerability in Langflow (CVSS 8.8), is being actively exploited in the wild to write arbitrary files to exposed servers. Organisations running unpatched instances face immediate risk of system compromise.

CVE-2024-5027

11 June 2026Langflow

highVulnerabilityActive

shell-quote Input Validation Bypass: Newline Injection in Object Token Operators

The shell-quote library fails to escape line terminators in object token `.op` fields, allowing callers who pass attacker-controlled object tokens to `quote()` to inject shell commands. The vulnerability exists in documented API surface and bypasses the intended shell-safety boundary.

CVE-2026-9277

10 June 2026shell-quote (npm package)

highToolActive

Cloud Logging Blind Spots: How Attackers Erase Their Tracks in Multi-Tenant Environments

Unit 42 research demonstrates practical techniques for disabling or manipulating cloud logging services (AWS CloudTrail, Azure Monitor, GCP Cloud Logging) to evade detection. This represents a critical post-compromise capability that undermines forensic investigation and compliance monitoring.

10 June 2026AWS CloudTrail, Azure Monitor, Google Cloud Logging

highVulnerabilityActive

Microsoft's 200-Vulnerability Patch Cycle Undermined by Pre-Disclosure of Three Issues

Microsoft's latest Patch Tuesday addressed 200 vulnerabilities, but three were publicly disclosed before patches became available, creating an active exploitation window. This pattern highlights coordination failures in coordinated disclosure processes.

10 June 2026Microsoft

highVulnerabilityEmerging

Six RCE and DoS vulnerabilities in protobuf.js demonstrate risks of untrusted schema deserialization in Node.js ecosystems

Six vulnerabilities in protobuf.js, a widely-used Protocol Buffers library for JavaScript/TypeScript, allow remote code execution and denial-of-service attacks when processing malicious protobuf schemas or payloads. The widespread adoption of protobuf.js in Node.js applications makes this a significant supply-chain concern.

10 June 2026protobuf.js, Node.js applications using protobuf.js

informationalPolicyEmerging

CISA Revises Federal Vulnerability Management Strategy Through New Binding Operational Directive

CISA is issuing a binding operational directive requiring federal agencies to prioritise vulnerability remediation based on new assessment criteria, deprioritising certain vulnerabilities whilst elevating others. This represents a significant shift in how the US federal government allocates security resources.

10 June 2026US Federal Agencies