THREAT OPS › Threat News
Threat Intelligence News
2669 reports from 110+ open cyber-threat-intelligence sources — APT activity, malware, vulnerabilities and campaigns, newest first.
- Master C and C++ with our new Testing Handbook chaptertrailofbits · 2026-04-09
- Unpatchable Vulnerabilities of Kubernetes: CVE-2020-8562datadog_seclabs · 2026-04-09
- [NVD] CVE-2026-32591 (MEDIUM 5.2) — A flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an organization administrator configures an upstream registry for proxy caching, Quay makes a network connection to the specified registry hostname without verifying that it points to a legitimate externalnvd · 2026-04-08
- Node.js Trust Falls: Dangerous Module Resolution on Windowszdi_blog · 2026-04-08
- Given Enough Agents, All Bugs Become Shallowembracethered · 2026-04-08
- [NVD] CVE-2026-33810 (HIGH 8.2) — When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted certificate chains, issued by a root CA in thnvd · 2026-04-08
- [NVD] CVE-2026-32283 (HIGH 7.5) — If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.nvd · 2026-04-08
- [NVD] CVE-2026-32280 (HIGH 7.5) — During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tlsnvd · 2026-04-08
- [Breach] 7-Eleven — 185,256 accounts exposedhibp_breaches · 2026-04-08
- Cloudflare targets 2029 for full post-quantum securitycloudflare_security · 2026-04-07
- [NVD] CVE-2026-33816 (CRITICAL 9.8) — Memory-safety vulnerability in github.com/jackc/pgx/v5.nvd · 2026-04-07
- [NVD] CVE-2026-33815 (CRITICAL 9.8) — Memory-safety vulnerability in github.com/jackc/pgx/v5.nvd · 2026-04-07
- What we learned about TEE security from auditing WhatsApp's Private Inferencetrailofbits · 2026-04-07
- As breakout time accelerates, prevention-first cybersecurity takes center stagewls_eset · 2026-04-07
- Introducing C2 Detection: Know When Your Edge Devices Are Calling Home to Attackersgreynoise_blog · 2026-04-07
- [Breach] My Lovely AI — 106,271 accounts exposedhibp_breaches · 2026-04-07
- AI Red Teaming Still Comes Back to Identity, Access, and Attack Pathsspecterops · 2026-04-06
- [NVD] CVE-2026-34986 (HIGH 7.5) — Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption (JWnvd · 2026-04-06
- [Breach] LegionProxy — 10,144 accounts exposedhibp_breaches · 2026-04-06
- Simplifying MBA obfuscation with CoBRAtrailofbits · 2026-04-03
- [Breach] Amtrak — 2,147,679 accounts exposedhibp_breaches · 2026-04-03
- Cisco IOS XE Software Denial of Service Vulnerabilitycisco_psirt · 2026-04-02
- ghostsurf: From NTLM Relay to Browser Session Hijackingspecterops · 2026-04-02
- Google Workspace’s continuous approach to mitigating indirect prompt injectionsgoogle_security · 2026-04-02
- vSphere and BRICKSTORM Malware: A Defender's Guidemandiant_gti · 2026-04-02
- DPRK-Related Campaigns with LNK and GitHub C2fortinet_research · 2026-04-02
- You’re Not Supposed To ShareFile With Everyone (Progress ShareFile Pre-Auth RCE Chain CVE-2026-2699 & CVE-2026-2701)watchtowr · 2026-04-02
- The Invisible Army: Why IP Reputation Fails Against the Rotation Economygreynoise_blog · 2026-04-02
- Overview of Content Published in Marchdidier_stevens · 2026-04-02
- [Breach] SongTrivia2 — 291,739 accounts exposedhibp_breaches · 2026-04-02
- Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerabilitycisco_psirt · 2026-04-01
- Cisco Evolved Programmable Network Manager Improper Authorization Vulnerabilitycisco_psirt · 2026-04-01
- Ludus SCCM Lab Expansionspecterops · 2026-04-01
- Mutation testing for the agentic eratrailofbits · 2026-04-01
- TeamPCP Supply Chain Attacksintel471 · 2026-04-01
- Digital assets after death: Managing risks to your loved one’s digital estatewls_eset · 2026-04-01
- [NVD] CVE-2026-4800 (HIGH 8.1) — Impact: The fix for CVE-2021-23337 (https://github.com/advisories/GHSA-35jh-r3h4-6jhm) added validation for the variable option in _.template but did not apply the same validation to options.imports key names. Both paths flow into the same Function() constructor sink. When an anvd · 2026-03-31
- Expanding Attack Path Management to macOS Environmentsspecterops · 2026-03-31
- Turning Geopolitical Tension into Actionable Intelligenceintel471 · 2026-03-31
- VRP 2025 Year in Reviewgoogle_security · 2026-03-31
- JamfHound v1.1 Update: SSO Attack Paths and Okta Additionsspecterops · 2026-03-31
- North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attackmandiant_gti · 2026-03-31
- How we made Trail of Bits AI-native (so far)trailofbits · 2026-03-31
- This month in security with Tony Anscombe – March 2026 editionwls_eset · 2026-03-31
- [NVD] CVE-2026-34881 (MEDIUM 5.0) — OpenStack Glance before 29.1.1, 30.x before 30.1.1, and 31.0.0 is affected by Server-Side Request Forgery (SSRF). By use of HTTP redirects, an authenticated user can bypass URL validation checks and redirect to internal services. Only glance image import functionality is affectednvd · 2026-03-31
- Compromised axios npm package delivers cross-platform RATdatadog_seclabs · 2026-03-31
- [Breach] Hallmark — 1,736,520 accounts exposedhibp_breaches · 2026-03-31
- GitHub for Beginners: Getting started with GitHub securitygithub_security_lab · 2026-03-30
- Cloudflare Client-Side Security: smarter detection, now open to everyonecloudflare_security · 2026-03-30
- TSUBAME Report Overflow (Jul-Sep 2025)jpcert_blog · 2026-03-30
- Please, We Beg, Just One Weekend Free Of Appliances (Citrix NetScaler CVE-2026-3055 Memory Overread Part 2)watchtowr · 2026-03-29
- The Sequels Are Never As Good, But We're Still In Pain (Citrix NetScaler CVE-2026-3055 Memory Overread)watchtowr · 2026-03-28
- RSAC 2026 wrap-up – Week in security with Tony Anscombewls_eset · 2026-03-27
- A cunning predator: How Silver Fox preys on Japanese firms this tax seasonwls_eset · 2026-03-27
- Unpatchable Vulnerabilities of Kubernetes: CVE-2020-8561datadog_seclabs · 2026-03-27
- [Breach] ZenBusiness — 5,118,184 accounts exposedhibp_breaches · 2026-03-27
- [NVD] CVE-2026-4926 (HIGH 7.5) — Impact: A bad regular expression is generated any time you have multiple sequential optional groups (curly brace syntax), such as `{a}{b}{c}:z`. The generated regex grows exponentially with the number of groups, causing denial of service. Patches: Fixed in version 8.4.0. Worknvd · 2026-03-26
- Leveling Up Secure Code Reviews with Claude Codespecterops · 2026-03-26
- Introducing Intelligence Center 3.7: Faster decisions with clearer context across defense and enterpriseeclecticiq · 2026-03-26
- Free TIP Bundles to test, validate, and operationalize threat intelligence fastereclecticiq · 2026-03-26
- [Breach] BreachForums Version 5 — 339,778 accounts exposedhibp_breaches · 2026-03-26
- [NVD] CVE-2025-67030 (HIGH 8.8) — Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary codenvd · 2026-03-25
- Security for the Quantum Era: Implementing Post-Quantum Cryptography in Androidgoogle_security · 2026-03-25
- Try our new dimensional analysis Claude plugintrailofbits · 2026-03-25
- Virtual machines, virtually everywhere – and with real security gapswls_eset · 2026-03-25
- 2026-004: Critical Vulnerability in SharePoint Exploitedcert_eu · 2026-03-25
- CSIRTs Around the World – Azerbaijanjpcert_blog · 2026-03-25
- Ghost Fleet: Half of All New Scanning IPs Last Week Geolocated to Hong Kong — Nearly None Completed a Connectiongreynoise_blog · 2026-03-25
- [Breach] Addi — 34,532,941 accounts exposedhibp_breaches · 2026-03-25
- [Breach] Sound Radix — 292,993 accounts exposedhibp_breaches · 2026-03-25
- Attack Paths Don’t Stop at Identity Providersspecterops · 2026-03-24
- CVE-2025-68613: Zerobot botnet exploits critical vulnerability impacting n8n AI orchestration platformintel471 · 2026-03-24
- RTFM: Read The Fatal Manual – When Vendor Documentation Creates Critical Attack Pathsspecterops · 2026-03-24
- Spotting issues in DeFi with dimensional analysistrailofbits · 2026-03-24
- Cloud workload security: Mind the gapswls_eset · 2026-03-24
- LiteLLM and Telnyx compromised on PyPI: Tracing the TeamPCP supply chain campaigndatadog_seclabs · 2026-03-24
- 2026-003: Multiple Vulnerabilities in Citrix NetScaler and Citrix ADCcert_eu · 2026-03-23
- GitHub expands application security coverage with AI‑powered detectionsgithub_security_lab · 2026-03-23
- Discovering Unexpected Okta Attack Paths with BloodHoundspecterops · 2026-03-23
- [NVD] CVE-2026-4647 (MEDIUM 6.1) — A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object files and executables. The issue occurs when processing specially crafted XCOFF object files, where a relocation type value is not properly validated before being usnvd · 2026-03-23
- M-Trends 2026: Data, Insights, and Strategies From the Frontlinesmandiant_gti · 2026-03-23
- [NVD] CVE-2026-4601 (HIGH 8.7) — Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by forcing r or s to be zero, so the library emits an invalinvd · 2026-03-23
- [NVD] CVE-2026-33186 (CRITICAL 9.1) — gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` ominvd · 2026-03-20
- Move fast and save things: A quick guide to recovering a hacked accountwls_eset · 2026-03-20
- A 32-Year-Old Bug Walks Into A Telnet Server (GNU inetutils Telnetd CVE-2026-32746 Pre-Auth RCE)watchtowr · 2026-03-19
- Graph the Planet: Shai-Hulud 2.0specterops · 2026-03-19
- EDR killers explained: Beyond the driverswls_eset · 2026-03-19
- [Breach] Berkadia — 305,216 accounts exposedhibp_breaches · 2026-03-19
- The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat Actorsmandiant_gti · 2026-03-18
- Introducing Attack Path Management for GitHub in BloodHound Enterprisespecterops · 2026-03-18
- BloodHound Enterprise Expands Beyond Microsoft: Mapping Identity Attack Paths Across Okta, GitHub, and Mac environmentsspecterops · 2026-03-18
- The Most Organized Threat Actors Use Your ITSM (BMC FootPrints Pre-Auth Remote Code Execution Chains)watchtowr · 2026-03-18
- [Breach] Infinite Campus — 137,123 accounts exposedhibp_breaches · 2026-03-18
- Introducing Cyber Threat Exposure Bundle: A Unified Approach to External Riskintel471 · 2026-03-17
- Agent Commander: Promptware-Powered Command and Controlembracethered · 2026-03-17
- Update: oledump.py Version 0.0.85didier_stevens · 2026-03-17
- Update: oledump.py Version 0.0.84didier_stevens · 2026-03-14
- CVE-2026-20127: Critical Cisco SD-WAN vulnerability exploited in wildintel471 · 2026-03-13
- Handala Threat Groupintel471 · 2026-03-13
- Face value: What it takes to fool facial recognitionwls_eset · 2026-03-13