THREAT OPS › Threat News
Threat Intelligence News
2702 reports from 110+ open cyber-threat-intelligence sources — APT activity, malware, vulnerabilities and campaigns, newest first.
- "A Mini Shai-Hulud Has Appeared": Bun-Based Stealer Hits SAP @cap-js and mbt npm Packagessnyk · 2026-04-29
- Bridging the Gap to Autonomous Fixes: Snyk and Atlassian Unveil Intelligent Remediation for Jirasnyk · 2026-04-29
- Don't Panic: The Thymeleaf Template Injection That Only Hurts If You Let It (CVE-2026-40478)snyk · 2026-04-29
- Project Swarm: Join the Collective. Defend the Edgegreynoise_blog · 2026-04-29
- What is online gambling spam and what can I do about it?sucuri_blog · 2026-04-28
- Cisco Identity Services Engine Remote Code Execution and Path Traversal Vulnerabilitiescisco_psirt · 2026-04-28
- Identity APM Has Gone Mainstream. The Hard Work Is Just Starting.specterops · 2026-04-28
- [CISA KEV] CVE-2024-1708 — ConnectWise ScreenConnect: ConnectWise ScreenConnect Path Traversal Vulnerabilitycisa_kev · 2026-04-28
- The Money Mule Solution: What Every Scam Has in Commonrecordedfuture · 2026-04-28
- Lazarus Doesn't Need AGIrecordedfuture · 2026-04-28
- [Breach] Vimeo — 119,167 accounts exposedhibp_breaches · 2026-04-28
- Malicious Release of elementary-data PyPI Package Steals Cloud Credentials from Data Engineerssnyk · 2026-04-27
- Could your choice of metrics be harming your SOC?ncsc_uk · 2026-04-27
- Introducing the New Agentic Architecture for Snyk Agent Fix: Faster, Smarter, and More Securesnyk · 2026-04-27
- Qinglong task scheduler RCE vulnerabilities exploited in the wild for cryptominingsnyk · 2026-04-27
- [Breach] CTT — 468,124 accounts exposedhibp_breaches · 2026-04-26
- My Website Is Hosting a Phishing Page – Now What?sucuri_blog · 2026-04-25
- [NVD] CVE-2026-42044 (MEDIUM 6.5) — Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.15.2, he Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution in the application's dependency tree to be escalated into surgical, innvd · 2026-04-24
- [NVD] CVE-2026-42039 (HIGH 7.5) — Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, toFormData recursively walks nested objects with no depth limit, so a deeply nested value passed as request data crashes the Node.js process with a RangeError. This vulnerability is fixenvd · 2026-04-24
- [NVD] CVE-2026-41898 (MEDIUM 5.3) — rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::set_psk_client_callback, set_psk_server_callback, set_cookie_generate_cb, and set_stateless_cookie_generate_cb forwarded the usenvd · 2026-04-24
- [NVD] CVE-2026-41681 (HIGH 7.5) — rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.39 to before 0.10.78, EVP_DigestFinal() always writes EVP_MD_CTX_size(ctx) to the out buffer. If out is smaller than that, MdCtxRef::digest_final() writes past its end, usually corrupting the stanvd · 2026-04-24
- [NVD] CVE-2026-41676 (HIGH 7.5) — rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive (and PkeyCtxRef::derive) sets len = buf.len() and passes it as the in/out length to EVP_PKEY_derive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519,nvd · 2026-04-24
- Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerabilitycisco_psirt · 2026-04-24
- The calm before the ransom: What you see is not all there iswls_eset · 2026-04-24
- From Overwhelmed to Autonomous: Rethinking Threat Intelligence in 2026recordedfuture · 2026-04-24
- [Breach] Udemy — 1,401,259 accounts exposedhibp_breaches · 2026-04-24
- fast16 | Mystery Shadow Brokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnetsentinelone · 2026-04-23
- AI threats in the wild: The current state of prompt injections on the webgoogle_security · 2026-04-23
- MSSQLHound Now Available in Gospecterops · 2026-04-23
- Microsoft Vibing — capturing screenshots and voice samples without governancedoublepulsar · 2026-04-23
- CVE-2026-33824: Remote Code Execution in Windows IKEv2zdi_blog · 2026-04-23
- Can AppSec keep pace with AI coding?reversinglabs · 2026-04-23
- Snow Flurries: How UNC6692 Employed Social Engineering to Deploy a Custom Malware Suitemandiant_gti · 2026-04-23
- Trailmark turns code into graphstrailofbits · 2026-04-23
- NCSC: Leave passwords in the past - passkeys are the futurencsc_uk · 2026-04-23
- International cyber agencies share fresh advice to defend against China-linked covert networksncsc_uk · 2026-04-23
- Passkeys are more secure than traditional ways to log inncsc_uk · 2026-04-23
- Executive Summary: Defending against China-nexus covert networks of compromised devicesncsc_uk · 2026-04-23
- Supporting AI adoption for UK cyber defencencsc_uk · 2026-04-23
- Defending against China-nexus covert networks of compromised devicesncsc_uk · 2026-04-23
- GopherWhisper: A burrow full of malwarewls_eset · 2026-04-23
- JPMorgan Just Published a Cyber To-Do List and Snyk Covers 8 of the 10 Items. How do you stack up?snyk · 2026-04-23
- Hardcoding Security into Every Commit: The Future of Snyk Secretssnyk · 2026-04-23
- Critical minerals and cyber operationsrecordedfuture · 2026-04-23
- Today, trust is the superpower that makes innovation possiblerecordedfuture · 2026-04-23
- LABScon25 Replay | Are Your Chinese Cameras Spying For You Or On You?sentinelone · 2026-04-22
- Cisco Integrated Management Controller Cross-Site Scripting Vulnerabilitiescisco_psirt · 2026-04-22
- SpecterOps Selected for OpenAI’s Trusted Access for Cyber Programspecterops · 2026-04-22
- Cisco Integrated Management Controller Command Injection and Remote Code Execution Vulnerabilitiescisco_psirt · 2026-04-22
- Cisco Catalyst SD-WAN Vulnerabilitiescisco_psirt · 2026-04-22
- LLMmap puts its finger on ML attacksreversinglabs · 2026-04-22
- Bissa Scanner Exposed: AI-Assisted Mass Exploitation and Credential Harvestingdfirreport · 2026-04-22
- Evolution of Chinese-Language Guarantee Telegram Marketplacesrecordedfuture · 2026-04-22
- AI Hype vs. Reality: Is AI Really Rewriting the Vulnerability Equation?recordedfuture · 2026-04-22
- The Vercel Breach Explains Why Identity Attack Path Management Can’t Waitspecterops · 2026-04-21
- QR Code Phishing Evolves: How to Keep Upreversinglabs · 2026-04-21
- New NGate variant hides in a trojanized NFC payment appwls_eset · 2026-04-21
- Emerging Enterprise Security Risks of AIrecordedfuture · 2026-04-21
- Ransomware negotiations: What CISOs should know before negotiatingintel471 · 2026-04-20
- What the ransom note won’t saywls_eset · 2026-04-20
- The Internet Changes Before the Advisory Dropsgreynoise_blog · 2026-04-20
- [Breach] Canada Life — 237,810 accounts exposedhibp_breaches · 2026-04-20
- [Breach] Aman — 215,563 accounts exposedhibp_breaches · 2026-04-20
- [Breach] Pitney Bowes — 8,243,989 accounts exposedhibp_breaches · 2026-04-20
- [Breach] ADT — 5,488,888 accounts exposedhibp_breaches · 2026-04-20
- Update: cut-bytes.py Version 0.0.18didier_stevens · 2026-04-19
- [Breach] Carnival — 7,531,359 accounts exposedhibp_breaches · 2026-04-18
- Breaking Opus 4.7 with ChatGPT (Hacking Claude's Memory)embracethered · 2026-04-17
- Tracking Mirai Variant Nexcorium: A Vulnerability-Driven IoT Botnet Campaignfortinet_research · 2026-04-17
- We beat Google’s zero-knowledge proof of quantum cryptanalysistrailofbits · 2026-04-17
- That data breach alert might be a trapwls_eset · 2026-04-17
- 4 Essential Integration Workflows for Operationalizing Threat Intelligence Recorded Futurerecordedfuture · 2026-04-17
- [NVD] CVE-2026-35469 (MEDIUM 6.5) — spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled counts and lengths before allocating memory. Three allocation paths are affected: the SETTINGS frame entry count, nvd · 2026-04-16
- Cisco Webex Services Certificate Validation Vulnerabilitycisco_psirt · 2026-04-16
- Into The Rainbow: Google’s NTLMv1 Rainbow Tables Explained in a Bit Too Much Detailspecterops · 2026-04-16
- Vibeware: More than bad vibes for AppSecreversinglabs · 2026-04-16
- VirusTotal Inside the Agent Loopvirustotal_blog · 2026-04-16
- Defending Your Enterprise When AI Models Can Find Vulnerabilities Faster Than Evermandiant_gti · 2026-04-16
- Cisco Secure Web Appliance Authentication Bypass Vulnerabilitycisco_psirt · 2026-04-16
- Supply chain dependencies: Have you checked your blind spot?wls_eset · 2026-04-16
- From Bazooka to Fake Nikesrecordedfuture · 2026-04-16
- The case for dependency cooldowns in a post-axios worlddatadog_seclabs · 2026-04-16
- Cisco Identity Services Engine Remote Code Execution Vulnerabilitiescisco_psirt · 2026-04-15
- Cisco Identity Services Engine Authenticated Privilege Escalation Vulnerabilitycisco_psirt · 2026-04-15
- Cisco Identity Services Engine Multiple Cross-Site Scripting Vulnerabilitiescisco_psirt · 2026-04-15
- Cisco ThousandEyes Enterprise Agent Arbitrary File Overwrite Vulnerabilitycisco_psirt · 2026-04-15
- Cisco Unity Connection Arbitrary File Download Vulnerabilitiescisco_psirt · 2026-04-15
- Cisco Unity Connection Cross-Site Scripting, Open Redirect, and SQL Injection Vulnerabilitiescisco_psirt · 2026-04-15
- Cisco Webex Contact Center Cross-Site Scripting Vulnerabilitycisco_psirt · 2026-04-15
- What’s New in the BloodHound Query Library: BYOL, OpenGraph, Multi-Server, and Morespecterops · 2026-04-15
- The CRA is coming: Are you ready?reversinglabs · 2026-04-15
- The German Cyber Criminal Überfall: Shifts in Europe's Data Leak Landscapemandiant_gti · 2026-04-15
- [NVD] CVE-2026-5588 (HIGH 7.5) — Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all (pkix modules), Legion of the Bouncy Castle Inc. BCPKIX-FIPS bcpkix on All (pkix modules), Legion of the Bouncy Castle Inc. BCPIX-LTS bcpkix on All (pkix modulnvd · 2026-04-15
- [NVD] CVE-2026-0636 (MEDIUM 6.5) — Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (prov modules). This vulnerability is associated with program files LDAPStoreHelper. This issue affects BC-JAVA: from nvd · 2026-04-15
- [NVD] CVE-2025-14813 (HIGH 7.5) — : Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (core modules). This vulnerability is associated with program files G3413CTRBlockCipher. This issue affects BC-JAVA: from 1.59 before 1.80.2, from 1.81 nvd · 2026-04-15
- Security Alert: Alert Regarding Vulnerabilities in Adobe Acrobat and Reader (APSB26-44)jpcert · 2026-04-15
- Your Supply Chain Breach Is Someone Else's Paydayrecordedfuture · 2026-04-15
- [Breach] Kemper — 269,299 accounts exposedhibp_breaches · 2026-04-15
- [Breach] Zara — 197,376 accounts exposedhibp_breaches · 2026-04-15
- The April 2026 Security Update Reviewzdi_blog · 2026-04-14