Intelligence · Updated daily

Security Intelligence

AI-analysed threats, vulnerabilities and campaigns. Not just what happened — what it means, who's affected, and what to do about it.

RSS feedCVE index728 entries

Vulnerabilities Malware Campaigns Supply Chain Policy Tools

Page 7 of 30

151–175 of 728

highCampaignActive

Escalating Russian Intelligence Operations Targeting Western Technology via Sanctions Evasion Networks

Russian state intelligence is intensifying efforts to acquire restricted Western technology through front companies, procurement intermediaries, and cyber operations to circumvent sanctions and support strategic infrastructure capabilities. This represents a coordinated supply-chain espionage campaign rather than isolated incidents.

31 May 2026Western technology sector (general), Critical infrastructure operators, Dual-use technology manufacturers

highCampaignActive

GREYVIBE: Russian-Linked APT Escalates Ukraine Campaign with AI-Enhanced Targeting

GREYVIBE, a previously unknown Russian-speaking threat actor, has been conducting persistent cyberattacks against Ukraine and Ukraine-related entities since August 2025, reportedly incorporating AI-powered capabilities. The campaign aligns with Kremlin state interests and represents a notable escalation in sophistication.

31 May 2026Ukraine government entities, Ukraine-related organisations

highVulnerabilityActive

Active exploitation of Palo Alto GlobalProtect auth bypass signals VPN perimeter as primary attack vector

CVE-2026-0257, a medium-severity authentication bypass in Palo Alto Networks PAN-OS and Prisma Access GlobalProtect, is now under active exploitation in the wild. Attackers are using it to establish unauthorised VPN connections and breach corporate networks.

CVE-2026-0257

31 May 2026Palo Alto Networks PAN-OS, Palo Alto Networks Prisma Access

criticalVulnerabilityActive

PraisonAI Platform: Cross-Workspace IDOR and Unenforceed Role-Based Access Control

PraisonAI Platform exposes a chain of authorization bypasses allowing any authenticated user to read/modify/delete cross-tenant resources and escalate their own privileges to admin or owner, enabling complete workspace takeover with only open registration.

CVE-2026-47407

30 May 2026PraisonAI/PraisonAI-Platform

criticalVulnerabilityActive

Hardcoded JWT Secret in Default Configuration Enables Unauthenticated Privilege Escalation

PraisonAI Platform defaults to a publicly-known JWT signing secret when environment variables are not explicitly configured, allowing attackers to forge authentication tokens and impersonate any user including admins. This vulnerability is trivially exploitable in any default deployment.

CVE-2026-47410

30 May 2026praisonai/praisonai-platform

criticalVulnerabilityActive

Vertical Privilege Escalation in PraisonAI Platform Workspace Member Management

Any workspace member can unilaterally promote themselves or others to owner role via an unauthenticated authorization check in the PATCH /workspaces/{id}/members/{user_id} endpoint. This is a complete privilege escalation requiring only workspace membership and a single HTTP request.

CVE-2026-47416

30 May 2026praisonai/praisonai-platform

highCampaignActive

ESET Q4 2025-Q1 2026 APT Activity Report: Tracking Adversary Operations Across Multiple Campaigns

ESET Research has published their quarterly APT activity analysis covering Q4 2025 through Q1 2026, documenting the operational patterns, targets, and tactics of selected advanced persistent threat groups. This comprehensive threat intelligence helps organisations understand the current threat landscape and adversary priorities.

30 May 2026

highCampaignActive

Three distinct threat vectors emerge: Trump Mobile breach, FIFA World Cup phishing campaign, and coordinated supply chain attacks prompt CISA response

SecurityWeek reports three concurrent security incidents: Trump Mobile customer data exposure, phishing attacks targeting FIFA World Cup 2026 attendees and stakeholders, and a supply chain attack wave that triggered official CISA intervention. Each represents a distinct threat pattern requiring different defensive responses.

30 May 2026Trump Mobile, FIFA World Cup 2026 infrastructure and stakeholders, unspecified supply chain vendors

highVulnerabilityEmerging

ChatGPhish: Markdown Rendering in ChatGPT Web Summaries Enables Prompt Injection and Credential Harvesting

Permiso Security disclosed a vulnerability in ChatGPT's web summary renderer that trusts Markdown links and images, allowing attackers to inject prompts and construct phishing attacks against users relying on the feature.

30 May 2026ChatGPT, OpenAI

highPolicyActive

Coordinated zero-day disclosure escalates responsible disclosure debate as Microsoft disputes public release justification

A researcher has published working proof-of-concept exploits for multiple Microsoft zero-day vulnerabilities on GitHub, prompting Microsoft to publicly dispute the justification for full disclosure. This escalates the ongoing tension between security researchers and vendors over responsible disclosure timelines.

30 May 2026Microsoft

highMalwareActive

ChatGPT Share Links Exploited as Malware Distribution Vector via Fake Outage Social Engineering

Threat actors are abusing ChatGPT's legitimate content-sharing feature to host convincing fake OpenAI outage pages that redirect users to download malware masquerading as the official ChatGPT desktop client. This exploits user trust in OpenAI's infrastructure and takes advantage of the feature's legitimacy to bypass security filters.

30 May 2026OpenAI ChatGPT, ChatGPT desktop application users

informationalPolicyActive

Vulnerability prioritisation framework shifts from CVSS-only reliance to EPSS and GCVE metrics

Cisco Talos advocates moving beyond CVSS scoring for patch prioritisation, recommending EPSS (Exploit Prediction Scoring System) and GCVE (Google Chromium Vulnerability Evaluation) to focus remediation efforts on threats with genuine exploitation risk rather than severity alone.

29 May 2026Enterprise patch management practices

highCampaignActive

GreyVibe's AI-Augmented Attack Pipeline Signals Operational Scaling in State-Aligned Campaigns

Russia-linked threat actor GreyVibe is using generative AI tools like ChatGPT and Gemini to accelerate attack development and execution. This represents an operational shift toward AI-assisted scaling that defenders should anticipate becoming standard practice across sophisticated threat groups.

29 May 2026Organisations across sectors targeted by GreyVibe campaigns

criticalVulnerabilityEmerging

Gogs Authentication Bypass to RCE: Self-Hosted Git Services Face Widened Attack Surface

A critical remote code execution vulnerability in Gogs (CVSS 9.4) permits any authenticated user to execute arbitrary code on self-hosted Git service instances. This significantly lowers the barrier to exploitation since attackers only need valid credentials rather than unauthenticated access.

29 May 2026Gogs

highCampaignActive

Sentencing milestone reveals persistent gaps in social media child exploitation detection

A Canadian offender received a 33-year sentence for years of child sexual exploitation material (CSEM) production via social media impersonation. The case exemplifies ongoing vulnerabilities in platform moderation and law enforcement's capacity to disrupt predatory networks at scale.

29 May 2026Social media platforms (unspecified)

informationalPolicyEmerging

Anthropic delays Claude Mythos public rollout citing security risks: model safety vs. accessibility trade-off

Anthropic has postponed releasing Mythos-class Claude models to the public following identification of security risks to both public and private software systems. The delay reflects growing tension between deploying advanced AI capabilities and managing their potential misuse.

29 May 2026Anthropic Claude Mythos-class models

highVulnerabilityEmerging

MediaInfoLib heap overflows expose widespread media processing risk across desktop and embedded systems

Cisco Talos discovered four heap-based buffer overflow vulnerabilities in MediaArea's MediaInfoLib, a widely-used media metadata extraction library embedded in numerous applications. Exploitation could lead to remote code execution when processing malicious media files.

28 May 2026MediaArea MediaInfoLib

highPolicyActive

UK Intelligence Warns AI Poses Asymmetric Threat in Russian Grey-Zone Operations

UK's cyberspying chief has characterised AI as an unstoppable force whilst warning of escalating Russian hostile activity in the grey zone below conventional warfare. The assessment reflects intelligence community concerns that AI amplifies state-sponsored cyber threat capabilities.

28 May 2026UK critical infrastructure, NATO allies, Democratic institutions

highCampaignActive

Coordinated Banking Trojan Campaign Targets Latin America and Europe with Grandoreiro and BTMOB RAT

Two coordinated banking trojan campaigns deliver Grandoreiro malware to Windows systems and BTMOB RAT to Android devices across Spain, Portugal, Mexico, and Brazil. The targeting of financial institutions and mobile users suggests organised cybercriminal activity with cross-platform capabilities.

28 May 2026Windows systems, Android mobile devices, Financial institutions in Spain, Portugal, Mexico, and Brazil

highCampaignResolved

Romanian national sentenced for Oregon emergency management hack: state infrastructure compromise and extradition precedent

A Romanian national was sentenced to over 4 years after hacking Oregon's Office of Emergency Management systems. The case demonstrates both the vulnerability of state critical infrastructure and the increasing willingness of US authorities to pursue international extradition for cyber offences.

28 May 2026Oregon Office of Emergency Management

highCampaignActive

Coordinated SEO poisoning and AI chatbot manipulation drives GPU mining malware distribution

Threat actors are executing a multi-vector cryptojacking campaign targeting high-performance computing systems through SEO poisoning and AI chatbot manipulation to distribute GPU mining malware. This hybrid approach exploits both traditional search ranking tactics and emerging AI recommendation systems to reach victims.

28 May 2026Systems with high-performance GPUs, Users of AI chatbot services, Search engine users

highVulnerabilityActive

XWiki Platform Path Traversal in Resource Endpoints – Configuration File Disclosure

XWiki's ssx and jsx endpoints fail to sanitize the resource parameter when leading slashes are present, allowing unauthenticated path traversal to read sensitive files like WEB-INF/xwiki.cfg. The PoC demonstrates reliable, low-complexity exploitation that could expose database credentials and system configuration.

CVE-2026-23734

27 May 2026XWiki/xwiki-platform (<16.10.17), XWiki/xwiki-platform (<17.4.9), XWiki/xwiki-platform (<17.10.3) +1

criticalVulnerabilityActive

XWiki Platform Unauthenticated XAR Import via REST API - Authentication Bypass

The POST /wikis/{wikiName} endpoint in XWiki Platform lacks authentication checks, allowing unauthenticated attackers to import XAR files and modify wiki content. This is a high-impact authentication bypass affecting content integrity and availability.

CVE-2026-33137

27 May 2026XWiki Platform <16.10.17, XWiki Platform 17.0-17.4.8, XWiki Platform 17.10.0-17.10.2 +1

highCampaignActive

Multi-vector cryptojacking campaign exploits SEO poisoning, ScreenConnect, and .NET tools to target GPU resources

Threat actors are running a coordinated cryptojacking operation that uses SEO poisoning and AI chatbot abuse to distribute malicious sites, then deploys ScreenConnect and Microsoft .NET utilities as initial access and persistence mechanisms to hijack GPU resources on high-performance systems.

27 May 2026ScreenConnect, Microsoft .NET utilities, High-performance computing systems

informationalToolEmerging

AppOmni's Marlin AI automates SaaS misconfiguration investigation while preserving human control over remediation

AppOmni has released Marlin AI, a tool that autonomously investigates SaaS security misconfigurations and traces their blast radius across enterprise environments, stopping short of automatic remediation. This represents incremental progress in scaling SaaS security operations but raises questions about investigation accuracy and false positive rates.

27 May 2026SaaS platforms (general)