THREAT OPS › Threat News
Threat Intelligence News
2463 reports from 110+ open cyber-threat-intelligence sources — APT activity, malware, vulnerabilities and campaigns, newest first.
- Flash Alert: EtherRat and TukTuk C2 End in The Gentleman Ransomwaredfirreport · 2026-05-11
- GTIG AI Threat Tracker: Adversaries Leverage AI for Vulnerability Exploitation, Augmented Operations, and Initial Accessmandiant_gti · 2026-05-11
- Wiz at Wiz: Reducing Risk through Service Ownershipwiz_research · 2026-05-11
- 10 questions to ask when using AI models to find vulnerabilitiesncsc_uk · 2026-05-11
- Eyes wide open: How to mitigate the security and privacy risks of smart glasseswls_eset · 2026-05-11
- Advancing Collective Defense with Project Glasswingakamai_blog · 2026-05-11
- TanStack Npm Packages Compromised Inside The Mini Shai Hulud Supply Chain Attacksnyk · 2026-05-11
- Malicious Coding Agent Skills and the Risk of Dynamic Contextdatadog_seclabs · 2026-05-11
- Copy Fail and DirtyFrag: Linux Page Cache Bugs in the Wildelastic_security · 2026-05-09
- A Framework for AI Threat Readinesswiz_research · 2026-05-08
- What Comes Before Ticketsspecterops · 2026-05-08
- See and Secure Everything at the Edge with Wiz and Akamaiwiz_research · 2026-05-08
- CVE-2026-34354: Guardicore Local Privilege Escalation Vulnerabilityakamai_blog · 2026-05-08
- Dirty Frag: Linux Kernel Local Privilege Escalation via ESP and RxRPCwiz_research · 2026-05-08
- [CISA KEV] CVE-2026-42208 — BerriAI LiteLLM: BerriAI LiteLLM SQL Injection Vulnerabilitycisa_kev · 2026-05-08
- Working in London at the World’s Largest Intelligence Companyrecordedfuture · 2026-05-08
- Kubernetes security fundamentals: Secretsdatadog_seclabs · 2026-05-08
- Detecting Web Server Probing & Fuzzing in Traefik with Automated Cloudflare Responseelastic_security · 2026-05-08
- [NVD] CVE-2026-42880 (CRITICAL 9.6) — Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From versions 3.2.0 to before 3.2.11 and 3.3.0 to before 3.3.9, there is a missing authorization and data-masking gap in Argo CD's ServerSideDiff endpoint that allows an attacker with read-only access to exnvd · 2026-05-07
- [NVD] CVE-2026-42499 (HIGH 7.5) — Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.nvd · 2026-05-07
- [NVD] CVE-2026-39820 (HIGH 7.5) — Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.nvd · 2026-05-07
- Shift Happens – Uncovering Two Built-in Command Injections in Windows Context Menusspecterops · 2026-05-07
- Selective NVD enrichment: Why it mattersreversinglabs · 2026-05-07
- Build Fast, Build Secure: Wiz findings are now in Lovablewiz_research · 2026-05-07
- How Cloudflare responded to the “Copy Fail” Linux vulnerabilitycloudflare_security · 2026-05-07
- It's Time to Go After Achieving Zero Code Criticalswiz_research · 2026-05-07
- PCPJack | Cloud Worm Evicts TeamPCP and Steals Credentials at Scalesentinelone · 2026-05-07
- Fake call logs, real payments: How CallPhantom tricks Android userswls_eset · 2026-05-07
- Fixing the password problem is as easy as 123456wls_eset · 2026-05-07
- [CISA KEV] CVE-2026-6973 — Ivanti Endpoint Manager Mobile (EPMM): Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerabilitycisa_kev · 2026-05-07
- Quantum Risk Explainedrecordedfuture · 2026-05-07
- TCLBANKER: Brazilian Banking Trojan Spreading via WhatsApp and Outlookelastic_security · 2026-05-07
- AI Survey: 50% of Organizations Struggle to Maintain Latency at Scaleakamai_blog · 2026-05-06
- Akamai Is the 2026 Gartner® Peer Insights™ Customers’ Choice for API Protectionakamai_blog · 2026-05-06
- Cisco SG350 and SG350X Series Managed Switches SNMP Denial of Service Vulnerabilitycisco_psirt · 2026-05-06
- Cisco Unity Connection Remote Code Execution and Server-Side Request Forgery Vulnerabilitiescisco_psirt · 2026-05-06
- Cisco Enterprise Chat and Email Lite Agent File Upload Vulnerabilitycisco_psirt · 2026-05-06
- Cisco Identity Services Engine Authentication Bypass Vulnerabilitiescisco_psirt · 2026-05-06
- Cisco Prime Infrastructure Information Disclosure Vulnerabilitycisco_psirt · 2026-05-06
- Cisco Slido Insecure Direct Object Reference Vulnerabilitycisco_psirt · 2026-05-06
- Cisco IoT Field Network Director Vulnerabilitiescisco_psirt · 2026-05-06
- The Accidental C2: Exploring Dev Tunnels for Remote Accessspecterops · 2026-05-06
- How We Think about Red Teamingspecterops · 2026-05-06
- The Jenkins Threat Landscapewiz_research · 2026-05-06
- Spectra Analyze in Action: Retrohunting Botsreversinglabs · 2026-05-06
- LABScon25 Replay | Please Connect to the Foreign Entity to Enhance Your User Experiencesentinelone · 2026-05-06
- Critical Buffer Overflow Vulnerability in PAN-OS Exploited in-the-Wildwiz_research · 2026-05-06
- 2026-006: Critical Vulnerability in PAN-OScert_eu · 2026-05-06
- Akamai Cloud Is Built for What Cloud Has Become (Updated May 2026)akamai_blog · 2026-05-06
- [CISA KEV] CVE-2026-0300 — Palo Alto Networks PAN-OS: Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerabilitycisa_kev · 2026-05-06
- Threat Activity Enablers: The Backbone of Today’s Threat Landscaperecordedfuture · 2026-05-06
- Recorded Future Named a Leader in the 2026 Gartner® Magic Quadrant™ for Cyberthreat Intelligence Technologies. And there’s more.recordedfuture · 2026-05-06
- Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilitiescisco_psirt · 2026-05-05
- How Akamai's Zero Trust Framework Meets Critical U.S. Government Mandatesakamai_blog · 2026-05-05
- How Mythos changes the AppSec calculusreversinglabs · 2026-05-05
- The Other Side of the MCP Threat Conversationakamai_blog · 2026-05-05
- [NVD] CVE-2026-6322 (HIGH 7.5) — fast-uri normalize() decoded percent-encoded authority delimiters inside the host component and then re-emitted them as raw delimiters during serialization. A host that combined an allowed domain, an encoded at-sign, and a different domain was re-emitted with the at-sign as a rawnvd · 2026-05-05
- Escalating a Windows driver registry bug to a kernel write primitivetrailofbits · 2026-05-05
- A rigged game: ScarCruft compromises gaming platform in a supply-chain attackwls_eset · 2026-05-05
- DNSSEC: The Extra Security Layer That Can Break Your Padlocksucuri_blog · 2026-05-05
- Elastic Workflows GA: automation where your security data already liveselastic_security · 2026-05-05
- Your UEBA is lying to you: Why entity record quality decides everythingelastic_security · 2026-05-05
- Know who to watch before the incident finds youelastic_security · 2026-05-05
- AI-generated hunting leads: The hunt starts before you ask the questionelastic_security · 2026-05-05
- Hacking Embodied AIrecordedfuture · 2026-05-05
- [Breach] Cushman & Wakefield — 310,431 accounts exposedhibp_breaches · 2026-05-05
- [NVD] CVE-2026-42154 (HIGH 7.5) — Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the remote read endpoint (/api/v1/read) does not validate the declared decoded length in a snappy-compressed request body before allocating memory. An unauthenticated attanvd · 2026-05-04
- [NVD] CVE-2026-42151 (HIGH 7.5) — Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the client_secret field in the Azure AD remote write OAuth configuration (storage/remote/azuread) was typed as string instead of Secret. Prometheus redacts fields of type nvd · 2026-05-04
- Copirate 365 at DEF CON: Plundering in the Depths of Microsoft Copilot (CVE-2026-24299)embracethered · 2026-05-04
- Elastic Conversational Entity Analytics: threat hunting in a single conversationelastic_security · 2026-05-04
- Copy Fail Flaw: 5 YARA Rules for Detectionreversinglabs · 2026-05-01
- How Much Does Anthropic’s Mythos Change Enterprise Security?intel471 · 2026-05-01
- Preparing for a ‘vulnerability patch wave’ncsc_uk · 2026-05-01
- Overview of Content Published in Aprildidier_stevens · 2026-05-01
- Vulnerability & Patch Roundup — April 2026sucuri_blog · 2026-05-01
- [CISA KEV] CVE-2026-31431 — Linux Kernel: Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerabilitycisa_kev · 2026-05-01
- The Iran War: What You Need to Knowrecordedfuture · 2026-05-01
- DFIR: From alert to root cause using Osquery without leaving Elastic Securityelastic_security · 2026-05-01
- How agentic AI flips the trust modelreversinglabs · 2026-04-30
- Post-quantum encryption for Cloudflare IPsec is generally availablecloudflare_security · 2026-04-30
- 2026-005: High Vulnerability in the Linux Kernel ("Copy Fail")cert_eu · 2026-04-30
- This month in security with Tony Anscombe – April 2026 editionwls_eset · 2026-04-30
- lightning PyPI Compromise: A Bun-Based Credential Stealer in Pythonsnyk · 2026-04-30
- [CISA KEV] CVE-2026-41940 — WebPros cPanel & WHM and WP2 (WordPress Squared): WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerabilitycisa_kev · 2026-04-30
- Risk Scenarios for the US’s Strategic Pivotrecordedfuture · 2026-04-30
- Building with AI: Here's What No Briefing Will Tell Yourecordedfuture · 2026-04-30
- [Breach] Reborn Gaming — 126 accounts exposedhibp_breaches · 2026-04-30
- The Internet Is Falling Down, Falling Down, Falling Down (cPanel & WHM Authentication Bypass CVE-2026-41940)watchtowr · 2026-04-29
- Claude adds malware to crypto agentreversinglabs · 2026-04-29
- MCP rug-pull attack worries mountreversinglabs · 2026-04-29
- Extending Ruzzy with LibAFLtrailofbits · 2026-04-29
- "A Mini Shai-Hulud Has Appeared": Bun-Based Stealer Hits SAP @cap-js and mbt npm Packagessnyk · 2026-04-29
- Bridging the Gap to Autonomous Fixes: Snyk and Atlassian Unveil Intelligent Remediation for Jirasnyk · 2026-04-29
- Don't Panic: The Thymeleaf Template Injection That Only Hurts If You Let It (CVE-2026-40478)snyk · 2026-04-29
- Project Swarm: Join the Collective. Defend the Edgegreynoise_blog · 2026-04-29
- Cisco Identity Services Engine Remote Code Execution and Path Traversal Vulnerabilitiescisco_psirt · 2026-04-28
- Identity APM Has Gone Mainstream. The Hard Work Is Just Starting.specterops · 2026-04-28
- [CISA KEV] CVE-2024-1708 — ConnectWise ScreenConnect: ConnectWise ScreenConnect Path Traversal Vulnerabilitycisa_kev · 2026-04-28
- [CISA KEV] CVE-2026-32202 — Microsoft Windows: Microsoft Windows Protection Mechanism Failure Vulnerabilitycisa_kev · 2026-04-28
- The Money Mule Solution: What Every Scam Has in Commonrecordedfuture · 2026-04-28