THREAT OPS › Threat News
Threat Intelligence News
2556 reports from 110+ open cyber-threat-intelligence sources — APT activity, malware, vulnerabilities and campaigns, newest first.
- A rigged game: ScarCruft compromises gaming platform in a supply-chain attackwls_eset · 2026-05-05
- DNSSEC: The Extra Security Layer That Can Break Your Padlocksucuri_blog · 2026-05-05
- Elastic Workflows GA: automation where your security data already liveselastic_security · 2026-05-05
- Your UEBA is lying to you: Why entity record quality decides everythingelastic_security · 2026-05-05
- Know who to watch before the incident finds youelastic_security · 2026-05-05
- AI-generated hunting leads: The hunt starts before you ask the questionelastic_security · 2026-05-05
- Hacking Embodied AIrecordedfuture · 2026-05-05
- [Breach] Cushman & Wakefield — 310,431 accounts exposedhibp_breaches · 2026-05-05
- [NVD] CVE-2026-42154 (HIGH 7.5) — Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the remote read endpoint (/api/v1/read) does not validate the declared decoded length in a snappy-compressed request body before allocating memory. An unauthenticated attanvd · 2026-05-04
- [NVD] CVE-2026-42151 (HIGH 7.5) — Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the client_secret field in the Azure AD remote write OAuth configuration (storage/remote/azuread) was typed as string instead of Secret. Prometheus redacts fields of type nvd · 2026-05-04
- Copirate 365 at DEF CON: Plundering in the Depths of Microsoft Copilot (CVE-2026-24299)embracethered · 2026-05-04
- Elastic Conversational Entity Analytics: threat hunting in a single conversationelastic_security · 2026-05-04
- From plain English to production rule: AI-native Elasticsearch ES|QL detection in Elastic Securityelastic_security · 2026-05-04
- One agent, the right skills: Elastic Security 9.4 brings domain expertise on demand to every SOC workflowelastic_security · 2026-05-04
- Copy Fail Flaw: 5 YARA Rules for Detectionreversinglabs · 2026-05-01
- How Much Does Anthropic’s Mythos Change Enterprise Security?intel471 · 2026-05-01
- Preparing for a ‘vulnerability patch wave’ncsc_uk · 2026-05-01
- Overview of Content Published in Aprildidier_stevens · 2026-05-01
- Vulnerability & Patch Roundup — April 2026sucuri_blog · 2026-05-01
- [CISA KEV] CVE-2026-31431 — Linux Kernel: Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerabilitycisa_kev · 2026-05-01
- The Iran War: What You Need to Knowrecordedfuture · 2026-05-01
- DFIR: From alert to root cause using Osquery without leaving Elastic Securityelastic_security · 2026-05-01
- How agentic AI flips the trust modelreversinglabs · 2026-04-30
- Post-quantum encryption for Cloudflare IPsec is generally availablecloudflare_security · 2026-04-30
- 2026-005: High Vulnerability in the Linux Kernel ("Copy Fail")cert_eu · 2026-04-30
- This month in security with Tony Anscombe – April 2026 editionwls_eset · 2026-04-30
- lightning PyPI Compromise: A Bun-Based Credential Stealer in Pythonsnyk · 2026-04-30
- [CISA KEV] CVE-2026-41940 — WebPros cPanel & WHM and WP2 (WordPress Squared): WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerabilitycisa_kev · 2026-04-30
- Risk Scenarios for the US’s Strategic Pivotrecordedfuture · 2026-04-30
- Building with AI: Here's What No Briefing Will Tell Yourecordedfuture · 2026-04-30
- [Breach] Reborn Gaming — 126 accounts exposedhibp_breaches · 2026-04-30
- The Internet Is Falling Down, Falling Down, Falling Down (cPanel & WHM Authentication Bypass CVE-2026-41940)watchtowr · 2026-04-29
- Claude adds malware to crypto agentreversinglabs · 2026-04-29
- MCP rug-pull attack worries mountreversinglabs · 2026-04-29
- Extending Ruzzy with LibAFLtrailofbits · 2026-04-29
- "A Mini Shai-Hulud Has Appeared": Bun-Based Stealer Hits SAP @cap-js and mbt npm Packagessnyk · 2026-04-29
- Bridging the Gap to Autonomous Fixes: Snyk and Atlassian Unveil Intelligent Remediation for Jirasnyk · 2026-04-29
- Don't Panic: The Thymeleaf Template Injection That Only Hurts If You Let It (CVE-2026-40478)snyk · 2026-04-29
- Project Swarm: Join the Collective. Defend the Edgegreynoise_blog · 2026-04-29
- What is online gambling spam and what can I do about it?sucuri_blog · 2026-04-28
- Cisco Identity Services Engine Remote Code Execution and Path Traversal Vulnerabilitiescisco_psirt · 2026-04-28
- Identity APM Has Gone Mainstream. The Hard Work Is Just Starting.specterops · 2026-04-28
- [CISA KEV] CVE-2024-1708 — ConnectWise ScreenConnect: ConnectWise ScreenConnect Path Traversal Vulnerabilitycisa_kev · 2026-04-28
- [CISA KEV] CVE-2026-32202 — Microsoft Windows: Microsoft Windows Protection Mechanism Failure Vulnerabilitycisa_kev · 2026-04-28
- The Money Mule Solution: What Every Scam Has in Commonrecordedfuture · 2026-04-28
- Lazarus Doesn't Need AGIrecordedfuture · 2026-04-28
- [Breach] Vimeo — 119,167 accounts exposedhibp_breaches · 2026-04-28
- Malicious Release of elementary-data PyPI Package Steals Cloud Credentials from Data Engineerssnyk · 2026-04-27
- Could your choice of metrics be harming your SOC?ncsc_uk · 2026-04-27
- Qinglong task scheduler RCE vulnerabilities exploited in the wild for cryptominingsnyk · 2026-04-27
- Introducing the New Agentic Architecture for Snyk Agent Fix: Faster, Smarter, and More Securesnyk · 2026-04-27
- [Breach] CTT — 468,124 accounts exposedhibp_breaches · 2026-04-26
- My Website Is Hosting a Phishing Page – Now What?sucuri_blog · 2026-04-25
- Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerabilitycisco_psirt · 2026-04-24
- The calm before the ransom: What you see is not all there iswls_eset · 2026-04-24
- [CISA KEV] CVE-2025-29635 — D-Link DIR-823X: D-Link DIR-823X Command Injection Vulnerabilitycisa_kev · 2026-04-24
- [CISA KEV] CVE-2024-7399 — Samsung MagicINFO 9 Server: Samsung MagicINFO 9 Server Path Traversal Vulnerabilitycisa_kev · 2026-04-24
- [CISA KEV] CVE-2024-57728 — SimpleHelp SimpleHelp: SimpleHelp Path Traversal Vulnerabilitycisa_kev · 2026-04-24
- From Overwhelmed to Autonomous: Rethinking Threat Intelligence in 2026recordedfuture · 2026-04-24
- [Breach] Udemy — 1,401,259 accounts exposedhibp_breaches · 2026-04-24
- fast16 | Mystery Shadow Brokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnetsentinelone · 2026-04-23
- AI threats in the wild: The current state of prompt injections on the webgoogle_security · 2026-04-23
- MSSQLHound Now Available in Gospecterops · 2026-04-23
- Microsoft Vibing — capturing screenshots and voice samples without governancedoublepulsar · 2026-04-23
- CVE-2026-33824: Remote Code Execution in Windows IKEv2zdi_blog · 2026-04-23
- Can AppSec keep pace with AI coding?reversinglabs · 2026-04-23
- Snow Flurries: How UNC6692 Employed Social Engineering to Deploy a Custom Malware Suitemandiant_gti · 2026-04-23
- Trailmark turns code into graphstrailofbits · 2026-04-23
- Defending against China-nexus covert networks of compromised devicesncsc_uk · 2026-04-23
- NCSC: Leave passwords in the past - passkeys are the futurencsc_uk · 2026-04-23
- International cyber agencies share fresh advice to defend against China-linked covert networksncsc_uk · 2026-04-23
- Passkeys are more secure than traditional ways to log inncsc_uk · 2026-04-23
- Executive Summary: Defending against China-nexus covert networks of compromised devicesncsc_uk · 2026-04-23
- Supporting AI adoption for UK cyber defencencsc_uk · 2026-04-23
- GopherWhisper: A burrow full of malwarewls_eset · 2026-04-23
- JPMorgan Just Published a Cyber To-Do List and Snyk Covers 8 of the 10 Items. How do you stack up?snyk · 2026-04-23
- Hardcoding Security into Every Commit: The Future of Snyk Secretssnyk · 2026-04-23
- Critical minerals and cyber operationsrecordedfuture · 2026-04-23
- Today, trust is the superpower that makes innovation possiblerecordedfuture · 2026-04-23
- LABScon25 Replay | Are Your Chinese Cameras Spying For You Or On You?sentinelone · 2026-04-22
- Cisco Integrated Management Controller Cross-Site Scripting Vulnerabilitiescisco_psirt · 2026-04-22
- SpecterOps Selected for OpenAI’s Trusted Access for Cyber Programspecterops · 2026-04-22
- Cisco Integrated Management Controller Command Injection and Remote Code Execution Vulnerabilitiescisco_psirt · 2026-04-22
- Cisco Catalyst SD-WAN Vulnerabilitiescisco_psirt · 2026-04-22
- LLMmap puts its finger on ML attacksreversinglabs · 2026-04-22
- Bissa Scanner Exposed: AI-Assisted Mass Exploitation and Credential Harvestingdfirreport · 2026-04-22
- Evolution of Chinese-Language Guarantee Telegram Marketplacesrecordedfuture · 2026-04-22
- AI Hype vs. Reality: Is AI Really Rewriting the Vulnerability Equation?recordedfuture · 2026-04-22
- The Vercel Breach Explains Why Identity Attack Path Management Can’t Waitspecterops · 2026-04-21
- QR Code Phishing Evolves: How to Keep Upreversinglabs · 2026-04-21
- New NGate variant hides in a trojanized NFC payment appwls_eset · 2026-04-21
- Emerging Enterprise Security Risks of AIrecordedfuture · 2026-04-21
- Ransomware negotiations: What CISOs should know before negotiatingintel471 · 2026-04-20
- What the ransom note won’t saywls_eset · 2026-04-20
- The Internet Changes Before the Advisory Dropsgreynoise_blog · 2026-04-20
- [Breach] Canada Life — 237,810 accounts exposedhibp_breaches · 2026-04-20
- [Breach] Aman — 215,563 accounts exposedhibp_breaches · 2026-04-20
- [Breach] Pitney Bowes — 8,243,989 accounts exposedhibp_breaches · 2026-04-20
- [Breach] ADT — 5,488,888 accounts exposedhibp_breaches · 2026-04-20
- Update: cut-bytes.py Version 0.0.18didier_stevens · 2026-04-19