THREAT OPS › Threat News
Threat Intelligence News
2594 reports from 110+ open cyber-threat-intelligence sources — APT activity, malware, vulnerabilities and campaigns, newest first.
- [NVD] CVE-2026-23479 (HIGH 8.8) — Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from `processCommandAndResetClient` when re-executing a blocked command. If a blocked client is evicted during this flow, an authenticated anvd · 2026-05-05
- How Mythos changes the AppSec calculusreversinglabs · 2026-05-05
- Turn Intelligence into Action Instantly with Retroactive Threat Detection on Verity471intel471 · 2026-05-05
- [NVD] CVE-2026-6322 (HIGH 7.5) — fast-uri normalize() decoded percent-encoded authority delimiters inside the host component and then re-emitted them as raw delimiters during serialization. A host that combined an allowed domain, an encoded at-sign, and a different domain was re-emitted with the at-sign as a rawnvd · 2026-05-05
- Escalating a Windows driver registry bug to a kernel write primitivetrailofbits · 2026-05-05
- A rigged game: ScarCruft compromises gaming platform in a supply-chain attackwls_eset · 2026-05-05
- DNSSEC: The Extra Security Layer That Can Break Your Padlocksucuri_blog · 2026-05-05
- Your UEBA is lying to you: Why entity record quality decides everythingelastic_security · 2026-05-05
- Know who to watch before the incident finds youelastic_security · 2026-05-05
- AI-generated hunting leads: The hunt starts before you ask the questionelastic_security · 2026-05-05
- Hacking Embodied AIrecordedfuture · 2026-05-05
- Elastic Workflows GA: automation where your security data already liveselastic_security · 2026-05-05
- [NVD] CVE-2026-6321 (HIGH 7.5) — fast-uri decoded percent-encoded path separators and dot segments before applying dot-segment removal in its normalize() and equal() functions. Encoded path data was treated like real slashes and parent-directory references, so distinct URIs could collapse onto the same normalizenvd · 2026-05-04
- [NVD] CVE-2026-42154 (HIGH 7.5) — Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the remote read endpoint (/api/v1/read) does not validate the declared decoded length in a snappy-compressed request body before allocating memory. An unauthenticated attanvd · 2026-05-04
- [NVD] CVE-2026-42151 (HIGH 7.5) — Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the client_secret field in the Azure AD remote write OAuth configuration (storage/remote/azuread) was typed as string instead of Secret. Prometheus redacts fields of type nvd · 2026-05-04
- Copirate 365 at DEF CON: Plundering in the Depths of Microsoft Copilot (CVE-2026-24299)embracethered · 2026-05-04
- Elastic Conversational Entity Analytics: threat hunting in a single conversationelastic_security · 2026-05-04
- From plain English to production rule: AI-native Elasticsearch ES|QL detection in Elastic Securityelastic_security · 2026-05-04
- One agent, the right skills: Elastic Security 9.4 brings domain expertise on demand to every SOC workflowelastic_security · 2026-05-04
- Copy Fail Flaw: 5 YARA Rules for Detectionreversinglabs · 2026-05-01
- How Much Does Anthropic’s Mythos Change Enterprise Security?intel471 · 2026-05-01
- Preparing for a ‘vulnerability patch wave’ncsc_uk · 2026-05-01
- Overview of Content Published in Aprildidier_stevens · 2026-05-01
- [NVD] CVE-2026-43001 (HIGH 7.9) — An issue was discovered in OpenStack Keystone before 29.0.2. POST /v3/credentials did not validate that the caller-supplied project_id for an EC2-type credential matched the project of the authenticating application credential. This allowed an attacker holding an unrestricted appnvd · 2026-05-01
- Vulnerability & Patch Roundup — April 2026sucuri_blog · 2026-05-01
- [CISA KEV] CVE-2026-31431 — Linux Kernel: Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerabilitycisa_kev · 2026-05-01
- The Iran War: What You Need to Knowrecordedfuture · 2026-05-01
- How agentic AI flips the trust modelreversinglabs · 2026-04-30
- Post-quantum encryption for Cloudflare IPsec is generally availablecloudflare_security · 2026-04-30
- 2026-005: High Vulnerability in the Linux Kernel ("Copy Fail")cert_eu · 2026-04-30
- This month in security with Tony Anscombe – April 2026 editionwls_eset · 2026-04-30
- lightning PyPI Compromise: A Bun-Based Credential Stealer in Pythonsnyk · 2026-04-30
- [CISA KEV] CVE-2026-41940 — WebPros cPanel & WHM and WP2 (WordPress Squared): WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerabilitycisa_kev · 2026-04-30
- Risk Scenarios for the US’s Strategic Pivotrecordedfuture · 2026-04-30
- Building with AI: Here's What No Briefing Will Tell Yourecordedfuture · 2026-04-30
- The Internet Is Falling Down, Falling Down, Falling Down (cPanel & WHM Authentication Bypass CVE-2026-41940)watchtowr · 2026-04-29
- Claude adds malware to crypto agentreversinglabs · 2026-04-29
- MCP rug-pull attack worries mountreversinglabs · 2026-04-29
- Extending Ruzzy with LibAFLtrailofbits · 2026-04-29
- "A Mini Shai-Hulud Has Appeared": Bun-Based Stealer Hits SAP @cap-js and mbt npm Packagessnyk · 2026-04-29
- Bridging the Gap to Autonomous Fixes: Snyk and Atlassian Unveil Intelligent Remediation for Jirasnyk · 2026-04-29
- Don't Panic: The Thymeleaf Template Injection That Only Hurts If You Let It (CVE-2026-40478)snyk · 2026-04-29
- Project Swarm: Join the Collective. Defend the Edgegreynoise_blog · 2026-04-29
- What is online gambling spam and what can I do about it?sucuri_blog · 2026-04-28
- Cisco Identity Services Engine Remote Code Execution and Path Traversal Vulnerabilitiescisco_psirt · 2026-04-28
- Identity APM Has Gone Mainstream. The Hard Work Is Just Starting.specterops · 2026-04-28
- [CISA KEV] CVE-2024-1708 — ConnectWise ScreenConnect: ConnectWise ScreenConnect Path Traversal Vulnerabilitycisa_kev · 2026-04-28
- The Money Mule Solution: What Every Scam Has in Commonrecordedfuture · 2026-04-28
- Lazarus Doesn't Need AGIrecordedfuture · 2026-04-28
- Malicious Release of elementary-data PyPI Package Steals Cloud Credentials from Data Engineerssnyk · 2026-04-27
- Could your choice of metrics be harming your SOC?ncsc_uk · 2026-04-27
- Introducing the New Agentic Architecture for Snyk Agent Fix: Faster, Smarter, and More Securesnyk · 2026-04-27
- Qinglong task scheduler RCE vulnerabilities exploited in the wild for cryptominingsnyk · 2026-04-27
- My Website Is Hosting a Phishing Page – Now What?sucuri_blog · 2026-04-25
- [NVD] CVE-2026-42044 (MEDIUM 6.5) — Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.15.2, he Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution in the application's dependency tree to be escalated into surgical, innvd · 2026-04-24
- [NVD] CVE-2026-42039 (HIGH 7.5) — Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, toFormData recursively walks nested objects with no depth limit, so a deeply nested value passed as request data crashes the Node.js process with a RangeError. This vulnerability is fixenvd · 2026-04-24
- [NVD] CVE-2026-41898 (MEDIUM 5.3) — rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::set_psk_client_callback, set_psk_server_callback, set_cookie_generate_cb, and set_stateless_cookie_generate_cb forwarded the usenvd · 2026-04-24
- [NVD] CVE-2026-41681 (HIGH 7.5) — rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.39 to before 0.10.78, EVP_DigestFinal() always writes EVP_MD_CTX_size(ctx) to the out buffer. If out is smaller than that, MdCtxRef::digest_final() writes past its end, usually corrupting the stanvd · 2026-04-24
- [NVD] CVE-2026-41676 (HIGH 7.5) — rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive (and PkeyCtxRef::derive) sets len = buf.len() and passes it as the in/out length to EVP_PKEY_derive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519,nvd · 2026-04-24
- Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerabilitycisco_psirt · 2026-04-24
- The calm before the ransom: What you see is not all there iswls_eset · 2026-04-24
- From Overwhelmed to Autonomous: Rethinking Threat Intelligence in 2026recordedfuture · 2026-04-24
- fast16 | Mystery Shadow Brokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnetsentinelone · 2026-04-23
- AI threats in the wild: The current state of prompt injections on the webgoogle_security · 2026-04-23
- MSSQLHound Now Available in Gospecterops · 2026-04-23
- Microsoft Vibing — capturing screenshots and voice samples without governancedoublepulsar · 2026-04-23
- CVE-2026-33824: Remote Code Execution in Windows IKEv2zdi_blog · 2026-04-23
- Can AppSec keep pace with AI coding?reversinglabs · 2026-04-23
- Snow Flurries: How UNC6692 Employed Social Engineering to Deploy a Custom Malware Suitemandiant_gti · 2026-04-23
- Trailmark turns code into graphstrailofbits · 2026-04-23
- NCSC: Leave passwords in the past - passkeys are the futurencsc_uk · 2026-04-23
- International cyber agencies share fresh advice to defend against China-linked covert networksncsc_uk · 2026-04-23
- Passkeys are more secure than traditional ways to log inncsc_uk · 2026-04-23
- Executive Summary: Defending against China-nexus covert networks of compromised devicesncsc_uk · 2026-04-23
- Supporting AI adoption for UK cyber defencencsc_uk · 2026-04-23
- Defending against China-nexus covert networks of compromised devicesncsc_uk · 2026-04-23
- GopherWhisper: A burrow full of malwarewls_eset · 2026-04-23
- JPMorgan Just Published a Cyber To-Do List and Snyk Covers 8 of the 10 Items. How do you stack up?snyk · 2026-04-23
- Hardcoding Security into Every Commit: The Future of Snyk Secretssnyk · 2026-04-23
- Critical minerals and cyber operationsrecordedfuture · 2026-04-23
- Today, trust is the superpower that makes innovation possiblerecordedfuture · 2026-04-23
- LABScon25 Replay | Are Your Chinese Cameras Spying For You Or On You?sentinelone · 2026-04-22
- Cisco Integrated Management Controller Cross-Site Scripting Vulnerabilitiescisco_psirt · 2026-04-22
- SpecterOps Selected for OpenAI’s Trusted Access for Cyber Programspecterops · 2026-04-22
- Cisco Integrated Management Controller Command Injection and Remote Code Execution Vulnerabilitiescisco_psirt · 2026-04-22
- Cisco Catalyst SD-WAN Vulnerabilitiescisco_psirt · 2026-04-22
- LLMmap puts its finger on ML attacksreversinglabs · 2026-04-22
- Bissa Scanner Exposed: AI-Assisted Mass Exploitation and Credential Harvestingdfirreport · 2026-04-22
- Evolution of Chinese-Language Guarantee Telegram Marketplacesrecordedfuture · 2026-04-22
- AI Hype vs. Reality: Is AI Really Rewriting the Vulnerability Equation?recordedfuture · 2026-04-22
- The Vercel Breach Explains Why Identity Attack Path Management Can’t Waitspecterops · 2026-04-21
- QR Code Phishing Evolves: How to Keep Upreversinglabs · 2026-04-21
- New NGate variant hides in a trojanized NFC payment appwls_eset · 2026-04-21
- Emerging Enterprise Security Risks of AIrecordedfuture · 2026-04-21
- Ransomware negotiations: What CISOs should know before negotiatingintel471 · 2026-04-20
- What the ransom note won’t saywls_eset · 2026-04-20
- The Internet Changes Before the Advisory Dropsgreynoise_blog · 2026-04-20
- Update: cut-bytes.py Version 0.0.18didier_stevens · 2026-04-19
- Breaking Opus 4.7 with ChatGPT (Hacking Claude's Memory)embracethered · 2026-04-17
- Tracking Mirai Variant Nexcorium: A Vulnerability-Driven IoT Botnet Campaignfortinet_research · 2026-04-17