THREAT OPS › Threat News
Threat Intelligence News
2681 reports from 110+ open cyber-threat-intelligence sources — APT activity, malware, vulnerabilities and campaigns, newest first.
- AI Is Building Your Attack Surface. Are You Testing It?snyk · 2026-03-19
- The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat Actorsmandiant_gti · 2026-03-18
- Introducing Attack Path Management for GitHub in BloodHound Enterprisespecterops · 2026-03-18
- BloodHound Enterprise Expands Beyond Microsoft: Mapping Identity Attack Paths Across Okta, GitHub, and Mac environmentsspecterops · 2026-03-18
- The Most Organized Threat Actors Use Your ITSM (BMC FootPrints Pre-Auth Remote Code Execution Chains)watchtowr · 2026-03-18
- [Breach] Infinite Campus — 137,123 accounts exposedhibp_breaches · 2026-03-18
- Introducing Cyber Threat Exposure Bundle: A Unified Approach to External Riskintel471 · 2026-03-17
- Agent Commander: Promptware-Powered Command and Controlembracethered · 2026-03-17
- Update: oledump.py Version 0.0.85didier_stevens · 2026-03-17
- Update: oledump.py Version 0.0.84didier_stevens · 2026-03-14
- CVE-2026-20127: Critical Cisco SD-WAN vulnerability exploited in wildintel471 · 2026-03-13
- Handala Threat Groupintel471 · 2026-03-13
- Face value: What it takes to fool facial recognitionwls_eset · 2026-03-13
- Update: pdf-parser.py Version 0.7.14didier_stevens · 2026-03-13
- [Breach] Divine Skins — 105,814 accounts exposedhibp_breaches · 2026-03-13
- OpenClaw: A viral AI assistant and a magnet for infostealer malware and ClickFix trickeryintel471 · 2026-03-12
- [NVD] CVE-2026-32141 (HIGH 7.5) — flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse() function uses a recursive revive() phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causnvd · 2026-03-12
- Announcing Pwn2Own Berlin for 2026zdi_blog · 2026-03-12
- Cyber fallout from the Iran war: What to have on your radarwls_eset · 2026-03-12
- Announcing Cloudflare Account Abuse Protection: prevent fraudulent attacks from bots and humanscloudflare_security · 2026-03-12
- Study of Binaries Created with Rust through Reverse Engineeringjpcert_blog · 2026-03-12
- Announcing Cloudflare Account Abuse Protection: prevent fraudulent attacks from bots and humanscloudflare_security · 2026-03-12
- [Breach] Crunchyroll — 1,195,684 accounts exposedhibp_breaches · 2026-03-12
- AI Security for Apps is now generally availablecloudflare_security · 2026-03-11
- AI Security for Apps is now generally availablecloudflare_security · 2026-03-11
- [NVD] CVE-2026-31837 (HIGH 7.5) — Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a user of Istio is impacted if the JWKS resolver becomes unavailable or the fetch fails, exposing hardcoded defaults regardless of use of the RequestAuthentication resourcnvd · 2026-03-10
- The March 2026 Security Update Reviewzdi_blog · 2026-03-10
- Investigating multi-vector attacks in Log Explorercloudflare_security · 2026-03-10
- Sednit reloaded: Back in the trencheswls_eset · 2026-03-10
- GreyNoise Integrates with Google Security Operations to Enhance Detection and Response Capabilitiesgreynoise_blog · 2026-03-10
- Uncovering agent logging gaps in Copilot Studiodatadog_seclabs · 2026-03-10
- Israeli, US strikes against Iran triggers a surge in hacktivist activityintel471 · 2026-03-09
- Active defense: introducing a stateful vulnerability scanner for APIscloudflare_security · 2026-03-09
- Behind the console: Active phishing campaign targeting AWS console credentialsdatadog_seclabs · 2026-03-09
- [Breach] Baydöner — 1,266,822 accounts exposedhibp_breaches · 2026-03-08
- [NVD] CVE-2026-27137 (HIGH 7.5) — When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.nvd · 2026-03-06
- [NVD] CVE-2026-25679 (HIGH 7.5) — url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.nvd · 2026-03-06
- [NVD] CVE-2026-29063 (CRITICAL 9.8) — Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in immutable via the mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject() APIs. This issue has been patched in versions 3.8nvd · 2026-03-06
- What cybersecurity actually does for your businesswls_eset · 2026-03-06
- JSAC2026 -Workshop/Lightning Talk Session/Panel Discussion-jpcert_blog · 2026-03-06
- [Breach] CFGI — 248,235 accounts exposedhibp_breaches · 2026-03-06
- [Breach] Aura — 903,080 accounts exposedhibp_breaches · 2026-03-06
- CVE-2026-1731: Finding a critical RCE in an age of AI-driven vulnerability researchintel471 · 2026-03-05
- On the Effectiveness of Mutational Grammar Fuzzingproject_zero · 2026-03-05
- Born to bypass MFA: Taking down Tycoon 2FAintel471 · 2026-03-04
- GreyNoise Intelligence Is Available Across the CrowdStrike Falcon Platformgreynoise_blog · 2026-03-04
- [Breach] Woflow — 447,593 accounts exposedhibp_breaches · 2026-03-04
- [Breach] SUCCESS — 253,510 accounts exposedhibp_breaches · 2026-03-04
- Sometimes, You Can Just Feel The Security In The Design (Juniper Junos Evolved CVE-2026-21902 Pre-Auth RCE)watchtowr · 2026-03-03
- [Breach] Ameriprise — 502,597 accounts exposedhibp_breaches · 2026-03-02
- Cultivating a robust and efficient quantum-safe HTTPSgoogle_security · 2026-02-27
- JSAC2026 -Day 2-jpcert_blog · 2026-02-27
- Active Reconnaissance Campaign Targets SonicWall Firewalls Through Commercial Proxy Infrastructuregreynoise_blog · 2026-02-27
- Hook, line, and vault: A technical deep dive into the 1Phish kitdatadog_seclabs · 2026-02-27
- 2026-002: Multiple Vulnerabilities in Cisco Productscert_eu · 2026-02-26
- A Deep Dive into the GetProcessHandleFromHwnd APIproject_zero · 2026-02-26
- Buy A Help Desk, Bundle A Remote Access Solution? (SolarWinds Web Help Desk Pre-Auth RCE Chain(s))watchtowr · 2026-02-25
- Staying One Step Ahead: Strengthening Android’s Lead in Scam Protectiongoogle_security · 2026-02-25
- The UK Cyber Security Resilience Billintel471 · 2026-02-24
- 2026 GreyNoise State of the Edge Report: Where Attacks Concentrate and Defenses Fall Shortgreynoise_blog · 2026-02-24
- Apache ActiveMQ Exploit Leads to LockBit Ransomwaredfirreport · 2026-02-23
- [NVD] CVE-2026-25896 (CRITICAL 9.3) — fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. From 4.1.3to before 5.3.5, a dot (.) in a DOCTYPE entity name is treated as a regex wildcard during entity replacement, allowing an attnvd · 2026-02-20
- How AI and the human advantage beat tomorrow’s threatsintel471 · 2026-02-20
- JSAC2026 -Day 1-jpcert_blog · 2026-02-20
- CVE-2026-20841: Arbitrary Code Execution in the Windows Notepadzdi_blog · 2026-02-19
- [NVD] CVE-2026-26278 (HIGH 7.5) — fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4.1.3 through 5.3.5, the XML parser can be forced to do an unlimited amount of entity expansion. With a very small XML inpunvd · 2026-02-19
- Keeping Google Play & Android app ecosystems safe in 2025google_security · 2026-02-19
- Kubernetes project issues warning on Ingress NGINX retirementdatadog_seclabs · 2026-02-19
- [NVD] CVE-2026-24734 (HIGH 7.5) — Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native (and Tomcat's FFM port of the Tomcat Native code) did not complete verification or freshness checks on the OCSP response which could allow certificate revonvd · 2026-02-17
- Multiple Threat Actors Rapidly Exploit React2Shell: A Case Study of Active Compromisejpcert_blog · 2026-02-13
- Reconnaissance Has Begun for the New BeyondTrust RCE (CVE-2026-1731): Here's What We See So Fargreynoise_blog · 2026-02-12
- [NVD] CVE-2025-69873 (LOW 2.9) — ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax ($data reference), which is passed directly to the JavaScript RegExp(nvd · 2026-02-11
- Winter Olympics 2026: Hacktivism Surges Ahead of Protests and Suspected Sabotageintel471 · 2026-02-11
- Scary Agent Skills: Hidden Unicode Instructions in Skills ...And How To Catch Themembracethered · 2026-02-11
- The February 2026 Security Update Reviewzdi_blog · 2026-02-10
- How Threat Hunting and “Good” Metrics Help The Businessintel471 · 2026-02-10
- Active Ivanti Exploitation Traced to Single Bulletproof IP—Published IOC Lists Point Elsewheregreynoise_blog · 2026-02-10
- [NVD] CVE-2026-25639 (HIGH 7.5) — Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providinvd · 2026-02-09
- Likely fake ransomware operator 0APT causes panic — Our analysisintel471 · 2026-02-06
- CVE-2025-6978: Arbitrary Code Execution in the Arista NG Firewallzdi_blog · 2026-02-05
- Top 10 web hacking techniques of 2025portswigger_research · 2026-02-05
- OpenAI Explains URL-Based Data Exfiltration Mitigations in New Paperembracethered · 2026-02-05
- From Automation to Infection (Part II): Reverse Shells, Semantic Worms, and Cognitive Rootkits in OpenClaw Skillsvirustotal_blog · 2026-02-04
- New in Event Feeds: Vendor CVE Spike & Tag Spikegreynoise_blog · 2026-02-03
- From Automation to Infection: How OpenClaw AI Agent Skills Are Being Weaponizedvirustotal_blog · 2026-02-02
- React Server Components Exploitation Consolidates as Two IPs Generate Majority of Attack Trafficgreynoise_blog · 2026-02-02
- The Noise in the Silence: Unmasking CISA's Hidden KEV Ransomware Updatesgreynoise_blog · 2026-02-02
- Someone Knows Bash Far Too Well, And We Love It (Ivanti EPMM Pre-Auth RCEs CVE-2026-1281 & CVE-2026-1340)watchtowr · 2026-01-30
- 2026-001: Critical vulnerabilities in Ivanti EPMMcert_eu · 2026-01-30
- Breaking the Sound Barrier, Part II: Exploiting CVE-2024-54529project_zero · 2026-01-30
- [Breach] Provecho — 712,904 accounts exposedhibp_breaches · 2026-01-30
- Hunting APTs: from state policy to TTPsintel471 · 2026-01-29
- [NVD] CVE-2025-61726 (HIGH 7.5) — The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a lanvd · 2026-01-28
- GreyNoise Introduces Recall: Time-Series Intelligence for GreyNoise Query Language (GNQL)greynoise_blog · 2026-01-28
- CrazyHunter Ransomwareintel471 · 2026-01-27
- New Android Theft Protection Feature Updates: Smarter, Strongergoogle_security · 2026-01-27
- [NVD] CVE-2026-21721 (HIGH 8.1) — The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions:* action. As a result, a user who has permission management rights on one dashboard can read and modify permissions on other dashboards. This is an organization‑intnvd · 2026-01-27
- Bypassing Windows Administrator Protectionproject_zero · 2026-01-26
- [Breach] Edmunds — 177,860 accounts exposedhibp_breaches · 2026-01-24
- Pwn2Own Automotive 2026 - Day Three Results and the Master of Pwnzdi_blog · 2026-01-23