THREAT OPS › Threat News
Threat Intelligence News
2573 reports from 110+ open cyber-threat-intelligence sources — APT activity, malware, vulnerabilities and campaigns, newest first.
- Yokogawa FAST/TOOLS and CI Servercisa_ics · 2026-06-25
- Uncovering Hidden Attack Paths in Cloud Environments Using Runtime Signalswiz_research · 2026-06-25
- Inside the 2026 SMB threat landscape: From phishing and scams to fake AI toolssecurelist · 2026-06-25
- OWASP ASI03: Identity & Privilege Abuse in AI Agentsadversa · 2026-06-25
- Gamaredon in 2025: Leveraging tunnels, workers, dead drops, and new allianceswls_eset · 2026-06-25
- Srsly Risky Biz: Open weight models make the Mythos debate mootriskybiz_news · 2026-06-25
- 27 Biggest Data Breaches in History: Famous Exampleshuntress · 2026-06-25
- The 36 Most Common Cyberattacks (2026) | Huntresshuntress · 2026-06-25
- GitLab Multiple Vulnerabilitieshkcert · 2026-06-25
- Evaluating Mexico’s New Cybersecurity Planrecordedfuture · 2026-06-25
- NVD in the AI Era: The Case for Multi-Source Vulnerability Intelligencesnyk · 2026-06-25
- Where Expertise Meets Algorithm: The Insikt Group® Intelligence Edgerecordedfuture · 2026-06-25
- [CISA KEV] CVE-2026-12569 — PTC Windchill and FlexPLM: PTC Windchill and FlexPLM Improper Input Validation Vulnerabilitycisa_kev · 2026-06-25
- [CISA KEV] CVE-2026-20230 — Cisco Unified Communications Manager: Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerabilitycisa_kev · 2026-06-25
- OpenSSF Newsletter – June 2026openssf_blog · 2026-06-24
- Disposable Tooling: Building LLM-Generated Mythic Agents from Prompt to Deploymentspecterops · 2026-06-24
- Agentic Disconnect: The Latency Crisis Facing Modern AI Architectureakamai_blog · 2026-06-24
- May 2026 Threat Trend Report on APT Attacks (South Korea)ahnlab · 2026-06-24
- Should frontier AI firms fund OSS ecosystem security?reversinglabs · 2026-06-24
- Ransom & Dark Web Issues Week 4, June 2026ahnlab · 2026-06-24
- A Note to Our Customers and Partnerssnyk · 2026-06-24
- How much cyber risk does AI create for organizations? 457 million security issues. Here’s what you can do about it.tenable · 2026-06-24
- macOS Gaslight Backdoor Weaponizes Prompt Injection Against Security Analystsduo_decipher · 2026-06-24
- ESET takes part in Operation Endgame to disrupt Amadey and Stealcwls_eset · 2026-06-24
- How AI Is Rewriting the SecOps Playbookwiz_research · 2026-06-24
- Zero-Day Exploitation of Vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Managermandiant_gti · 2026-06-24
- CERT-In’s AI Vulnerability Blueprint: Why Indian CISOs Need Machine-Speed Risk Operations in the Post-Mythos Eraqualys · 2026-06-24
- From Code to Coverage (Part 6): What netlogon.log Sees That Event 1644 Never Willhuntress · 2026-06-24
- Risky Bulletin: FortiBleed hacks involved a lot of traffic sniffingriskybiz_news · 2026-06-24
- Unlocking the Cloudflare app ecosystem with OAuth for allcloudflare_security · 2026-06-24
- ZDI-26-397: X.Org Server CreateSaverWindow Use-After-Free Information Disclosure Vulnerabilityzdi_published · 2026-06-24
- ZDI-26-396: X.Org Server ChangeDrawableAttributes Out-Of-Bounds Read Information Disclosure Vulnerabilityzdi_published · 2026-06-24
- ZDI-26-395: X.Org Server SyncChangeCounter Use-After-Free Privilege Escalation Vulnerabilityzdi_published · 2026-06-24
- ZDI-26-394: X.Org Server FreeCounter Use-After-Free Privilege Escalation Vulnerabilityzdi_published · 2026-06-24
- ZDI-26-393: X.Org Server SetMap Request Stack-based Buffer Overflow Privilege Escalation Vulnerabilityzdi_published · 2026-06-24
- ZDI-26-392: X.Org Server Xkb Key Types Stack-based Buffer Overflow Privilege Escalation Vulnerabilityzdi_published · 2026-06-24
- ZDI-26-391: X.Org Server miSyncDestroyFence Use-After-Free Privilege Escalation Vulnerabilityzdi_published · 2026-06-24
- ZDI-26-390: X.Org Server Font Alias Stack-based Buffer Overflow Privilege Escalation Vulnerabilityzdi_published · 2026-06-24
- ZDI-26-389: Oracle PeopleSoft ExecuteProcessActivityCommand External Control of File Path Remote Code Execution Vulnerabilityzdi_published · 2026-06-24
- ZDI-26-388: Oracle PeopleSoft HubMBeanPersistance Deserialization of Untrusted Data Remote Code Execution Vulnerabilityzdi_published · 2026-06-24
- ZDI-26-387: Oracle PeopleSoft HttpListeningConnector Server-Side Request Forgery Vulnerabilityzdi_published · 2026-06-24
- ZDI-26-386: Unraid Web Server ToggleState Command Injection Remote Code Execution Vulnerabilityzdi_published · 2026-06-24
- ZDI-26-385: Unraid Web Server FileUpload Command Injection Remote Code Execution Vulnerabilityzdi_published · 2026-06-24
- ZDI-26-384: MosaicML Composer Deserialization of Untrusted Data Remote Code Execution Vulnerabilityzdi_published · 2026-06-24
- ZDI-26-383: ATEN Unizon doCryptoHugeFileToFile Improper Verification of Cryptographic Signature Remote Code Execution Vulnerabilityzdi_published · 2026-06-24
- ZDI-26-382: ATEN Unizon ImportDeviceList Directory Traversal Remote Code Execution Vulnerabilityzdi_published · 2026-06-24
- ZDI-26-381: ATEN Unizon restoreDB Directory Traversal Remote Code Execution Vulnerabilityzdi_published · 2026-06-24
- ZDI-26-380: ATEN Unizon writeFileToHttpServletResponse Directory Traversal Information Disclosure Vulnerabilityzdi_published · 2026-06-24
- ZDI-26-379: ATEN Unizon uploadSSL Directory Traversal Arbitrary File Deletion Vulnerabilityzdi_published · 2026-06-24
- ZDI-26-378: ATEN Unizon updateLicense Directory Traversal Arbitrary File Deletion Vulnerabilityzdi_published · 2026-06-24
- ZDI-26-377: Quest NetVault Backup viewclient Cross-Site Scripting Authentication Bypass Vulnerabilityzdi_published · 2026-06-24
- ZDI-26-376: Quest NetVault Backup NVBULogDaemon Command Injection Remote Code Execution Vulnerabilityzdi_published · 2026-06-24
- ZDI-26-375: Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerabilityzdi_published · 2026-06-24
- ZDI-26-374: Quest NetVault Backup NVBULibrarySlot SQL Injection Remote Code Execution Vulnerabilityzdi_published · 2026-06-24
- ZDI-26-373: Quest NetVault Backup NVBULibraryPort SQL Injection Remote Code Execution Vulnerabilityzdi_published · 2026-06-24
- ZDI-26-372: Quest NetVault Backup NVBURemovableMedia SQL Injection Remote Code Execution Vulnerabilityzdi_published · 2026-06-24
- ZDI-26-371: Quest NetVault Backup NVBUDeviceDrive SQL Injection Remote Code Execution Vulnerabilityzdi_published · 2026-06-24
- ZDI-26-370: Quest NetVault Backup NVBURASDevice SQL Injection Remote Code Execution Vulnerabilityzdi_published · 2026-06-24
- ZDI-26-369: Quest NetVault Backup addclient3 Cross-Site Scripting Authentication Bypass Vulnerabilityzdi_published · 2026-06-24
- ZDI-26-368: Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerabilityzdi_published · 2026-06-24
- ZDI-26-367: Fuji Electric Tellus pcid64 Driver Registry APIs Exposed Dangerous Method Local Privilege Escalation Vulnerabilityzdi_published · 2026-06-24
- ZDI-26-366: Fuji Electric Tellus pcid64 Driver File APIs Exposed Dangerous Method Arbitrary File Deletion Vulnerabilityzdi_published · 2026-06-24
- ZDI-26-365: FlowiseAI Flowise CSV Agent customReadCSV Code Injection Remote Code Execution Vulnerabilityzdi_published · 2026-06-24
- ZDI-26-364: FlowiseAI Flowise CSV Agent Prompt Injection Remote Code Execution Vulnerabilityzdi_published · 2026-06-24
- ZDI-26-363: Docker MCP Plugin OCI Image Label Parsing Argument Injection Remote Code Execution Vulnerabilityzdi_published · 2026-06-24
- ZDI-26-362: Oracle VirtualBox VMSVGA Stack-based Buffer Overflow Local Privilege Escalation Vulnerabilityzdi_published · 2026-06-24
- ZDI-26-361: Adobe Acrobat Reader DC Field signatureInfo Use-After-Free Remote Code Execution Vulnerabilityzdi_published · 2026-06-24
- FortiBleed Campaign Exposing Credentials for 73,932 FortiGate Systemsrecordedfuture · 2026-06-24
- Behind the console: An AiTM phishing kit harvesting AWS console credentials and beyonddatadog_seclabs · 2026-06-24
- PCI Compliance Isn’t a Checkbox: How to Secure Ecommerce Checkouts Before Attackers Arrivesucuri_blog · 2026-06-23
- OpenClaw’s Skill Marketplace and the Emerging AI Supply Chain Threatunit42 · 2026-06-23
- macOS.Gaslight | Rust Backdoor Turns Prompt Injection on the Analyst, Not the Sandboxsentinelone · 2026-06-23
- Bridging the Gap Between Code and Research: Why SCORED ’26 Matters for Open Source Securityopenssf_blog · 2026-06-23
- AI Threat Report: How Artificial Intelligence Is Used Across Illicit Communitiesflashpoint · 2026-06-23
- The White House's post-quantum executive order is an important milestone. It’s time to get to workcloudflare_security · 2026-06-23
- ShinyHunters’ 0-day attacks: After patching, find out if you were breachedintel471 · 2026-06-23
- Why SIEM is Moving Toward Unified Security Operations: Rapid7 Named a Major Player in IDC MarketScaperapid7 · 2026-06-23
- Zscaler and AWS Join Forces to Secure GenAI Across Government, Healthcare, and Educationzscaler_threatlabz · 2026-06-23
- Scattered Spider Hackers Plead Guilty on Day 1 of Trialkrebs · 2026-06-23
- AI Reconnaissance: The Missing Layer in Chatbot Securityakamai_blog · 2026-06-23
- 3 Paths to Upgrade Windows 11 before 24H2 End of Servicing (EOL)qualys · 2026-06-23
- Can AI beat AI? 3 challenges with VulnOps adoptionreversinglabs · 2026-06-23
- Payouts King Ransomware Initial Access Broker Deploys New Edgecution Malwarezscaler_threatlabz · 2026-06-23
- Signal Over Noise: Reachability Analysis Is the Reality Check SCA Has Been Missingsonatype · 2026-06-23
- What the Miasma campaign reveals about the new supply chain threat model and the underground market for developer credentialstenable · 2026-06-23
- AI Threat Readiness Pillar 4: Detect and contain threats in real-timewiz_research · 2026-06-23
- Solving the “Breaking the Prompt” DEF CON AI CTF with AI Red Teaming Agentadversa · 2026-06-23
- Sponsored: Trail of Bits and OpenAI patch the planetriskybiz_news · 2026-06-23
- What nearly 10,000 developer environments reveal about agentic development risksnyk · 2026-06-23
- Announcing Agentic Development Security (ADS)snyk · 2026-06-23
- The New Security Control Point: Governing AI Agents Inside the Execution Loopsnyk · 2026-06-23
- When a vendor's breach becomes yours: lessons from the Klue incidentsnyk · 2026-06-23
- From vulnerability report to CVE draft in minutes: how Elastic automated security advisories with AIelastic_security · 2026-06-23
- The Purchase Scam Tactic Headed for the World Cup | Recorded Futurerecordedfuture · 2026-06-23
- [CISA KEV] CVE-2025-67038 — Lantronix EDS5000: Lantronix EDS5000 Code Injection Vulnerabilitycisa_kev · 2026-06-23
- [CISA KEV] CVE-2026-34910 — Ubiquiti UniFi OS: Ubiquiti UniFi OS Improper Input Validation Vulnerabilitycisa_kev · 2026-06-23
- [CISA KEV] CVE-2026-34909 — Ubiquiti UniFi OS: Ubiquiti UniFi OS Path Traversal Vulnerabilitycisa_kev · 2026-06-23
- [CISA KEV] CVE-2026-34908 — Ubiquiti UniFi OS: Ubiquiti UniFi OS Improper Access Control Vulnerabilitycisa_kev · 2026-06-23
- The Global Namespace Risk: Universal Bucket Hijacking Technique for Cloud Data Exfiltrationunit42 · 2026-06-22
- Software Security Has to Start at Assemblysonatype · 2026-06-22