THREAT OPS › Threat News
Threat Intelligence News
2484 reports from 110+ open cyber-threat-intelligence sources — APT activity, malware, vulnerabilities and campaigns, newest first.
- New Abuse of the ClickOnce Technology, Part 1: The Inner Workings of ClickOnce Application Deploymentcrowdstrike · 2026-07-14
- The Identity Problem Hiding in AI Agent Deploymentscrowdstrike · 2026-07-14
- 94% of Organizations Report Cloud Breaches: CrowdStrike State of CDR Surveycrowdstrike · 2026-07-14
- New Abuse of the ClickOnce Technology, Part 2: Stop Threat Actors from Clicking Once and Staying Forevercrowdstrike · 2026-07-14
- CrowdStrike Uncovers New Prompt Injection Techniquescrowdstrike · 2026-07-14
- How AI-leading Security Teams Are Building the Agentic SOCcrowdstrike · 2026-07-14
- Browser Security: Zero-Days Are Only Part of the Problemcrowdstrike · 2026-07-14
- Falcon Cloud Security June 2026 Release: Updates for Azure and Google Cloudcrowdstrike · 2026-07-14
- Why AI Governance Without Guardrails Is Theatercrowdstrike · 2026-07-14
- Falcon Secure Access Sets the Standard for Zero Trust Browser Securitycrowdstrike · 2026-07-14
- Microsoft Maps Year-Long ShinyHunters-Linked Salesforce Data Theft Across Three Pathsthehackernews · 2026-07-14
- Top 5 AI Security Risks in 2026groupib_blog · 2026-07-14
- Phishing & Email Security: An AI-Ready Playbookgroupib_blog · 2026-07-14
- Beyond Tax Returns: How Shared Malware Infrastructure Scales Brand Abuse In Indonesiagroupib_blog · 2026-07-14
- Shaping Shadows: Breaking Down New ShadowSyndicate Methods and Infrastructuregroupib_blog · 2026-07-14
- AI, Explain Yourself: Why Is Explainable AI (XAI) Becoming Critical for Cybersecurity?groupib_blog · 2026-07-14
- Your Cloud(s). Adversaries’ Chance At Controlgroupib_blog · 2026-07-14
- Peruvian Peaks: The Digital Loan Illusiongroupib_blog · 2026-07-14
- Six Supply Chain Attack Groups to Watch Out for in 2026groupib_blog · 2026-07-14
- GTFire Phishing Scheme: Avoiding Detection Using Google Servicesgroupib_blog · 2026-07-14
- Operation Olalampo: Inside MuddyWater’s Latest Campaigngroupib_blog · 2026-07-14
- How Hastalamuerte Operates: Group-IB’s Analysis of The Gentlemen’s Attack Methodsgroupib_blog · 2026-07-14
- The Rise of Fake Shipment Tracking Scams in MEAgroupib_blog · 2026-07-14
- Are Risks Revealed in Actions or Activity? Understanding Behavioral Analytics in Cybersecuritygroupib_blog · 2026-07-14
- Cyber Saga: In the Footsteps of the DPRK IT Workersgroupib_blog · 2026-07-14
- Hooking the Archipelago: Dissecting a Phishing Campaign Targeting Philippine Banking Usersgroupib_blog · 2026-07-14
- Phantom Stealer: Credential Theft as a Servicegroupib_blog · 2026-07-14
- Beyond Compliance: How Financial Institutions Can Meet New Fraud-Sharing Mandates While Respecting Privacygroupib_blog · 2026-07-14
- Cybersecurity Strategy Planning: The Essential Reset for Security Teams and Leaders in 2026groupib_blog · 2026-07-14
- Esquema de Phishing GTFire: Evitando la detección mediante servicios de Googlegroupib_blog · 2026-07-14
- Cloud Phones: The Invisible Threatgroupib_blog · 2026-07-14
- Online Payment Fraud Prevention: Best Practices for Organizationsgroupib_blog · 2026-07-14
- Volume Obfuscation Game: The Lead Data Brokers Out To Waste Your Timegroupib_blog · 2026-07-14
- Phoenix Rising: Exposing the PhaaS Kit Behind Global Mass Phishing Campaignsgroupib_blog · 2026-07-14
- Anatomy of a Fraud Operation: Mule Account Creation on B2B Fintech Platforms in Francegroupib_blog · 2026-07-14
- W3LL Unmasked: Inside the Takedown of a Global BEC Phishing-as-a-Service Ecosystemgroupib_blog · 2026-07-14
- Seven Signals Cyber Experts Agreed on at FIRST Paris 2026groupib_blog · 2026-07-14
- GitBait: Phishing the Mexican Financial Sectorgroupib_blog · 2026-07-14
- CVE-2026-62393: Apache Kylin: Improper authorization in job information retrievaloss_sec · 2026-07-14
- [qilin] Sedemi posted to leak siteransomware_live · 2026-07-14
- Accelerating Post-Quantum Readiness Timelines: A New Executive Order on Securing Against Advanced Cryptographic Attackszscaler_threatlabz · 2026-07-14
- GitBait: Phishing dirigido al sector financiero mexicanogroupib_blog · 2026-07-14
- CVE-2026-62392: Apache Kylin: OS Command Injection via Async Query APIoss_sec · 2026-07-14
- Falcon Cloud Security June 2026 Release: Updates for Azure and Google Cloudcrowdstrike · 2026-07-14
- The Identity Problem Hiding in AI Agent Deploymentscrowdstrike · 2026-07-14
- 94% of Organizations Report Cloud Breaches: CrowdStrike State of CDR Surveycrowdstrike · 2026-07-14
- New Abuse of the ClickOnce Technology, Part 2: Stop Threat Actors from Clicking Once and Staying Forevercrowdstrike · 2026-07-14
- New Abuse of the ClickOnce Technology, Part 1: The Inner Workings of ClickOnce Application Deploymentcrowdstrike · 2026-07-14
- Why AI Governance Without Guardrails Is Theatercrowdstrike · 2026-07-14
- Falcon Secure Access Sets the Standard for Zero Trust Browser Securitycrowdstrike · 2026-07-14
- CrowdStrike Uncovers New Prompt Injection Techniquescrowdstrike · 2026-07-14
- How AI-leading Security Teams Are Building the Agentic SOCcrowdstrike · 2026-07-14
- Browser Security: Zero-Days Are Only Part of the Problemcrowdstrike · 2026-07-14
- CVE-2026-62390: Apache Kylin: SQL Injection Vulnerability in Catalog Cache Refresh APIoss_sec · 2026-07-14
- ISC Stormcast For Tuesday, July 14th, 2026 https://isc.sans.edu/podcastdetail/10006, (Tue, Jul 14th)sans_isc · 2026-07-14
- CVE-2026-58319: Apache Doris: Improper Authentication in Frontend HTTP APIoss_sec · 2026-07-14
- Re: new af_alg exploit in the wild?oss_sec · 2026-07-14
- Caught in the Octopus Trap: Unauthenticated RCE in Argo CD with CodeQLsynacktiv · 2026-07-14
- Charting your way in: Helm template injectionsynacktiv · 2026-07-14
- US Sanctions First VPN Cybercriminal Serviceduo_decipher · 2026-07-14
- API Availablehkma · 2026-07-14
- Press Releaseshkma · 2026-07-14
- R & M Columnhkma · 2026-07-14
- Forthcoming Eventshkma · 2026-07-14
- Photo Galleryhkma · 2026-07-14
- News and Mediahkma · 2026-07-14
- AI Security Report 2026checkpoint_research · 2026-07-14
- [GHSA] GHSA-rw46-qg69-vg6h (medium) — Kimai: ExportTemplate CRUD Missing Authorization Check Allows Unauthorized TEAMLEAD Accessgithub_advisories · 2026-07-14
- [GHSA] GHSA-v8hx-4vx8-wc96 (high) — Kimai: Pre-2FA KIMAI_SESSION cookie grants full authenticated REST API access, bypassing TOTPgithub_advisories · 2026-07-14
- Re: new af_alg exploit in the wild?oss_sec · 2026-07-14
- [Tor] 1382 active exit nodes — anonymizing infrastructure (2026-07-14)tor_exits · 2026-07-14
- [dragonforce] momenta.cn posted to leak siteransomware_live · 2026-07-14
- [GHSA] GHSA-2xgg-2x8h-8xw4 (medium) — Kimai: Improper Authorization in Project, Customer, and Activity Rate Edit Endpoints Allows Cross-Scope Rate Manipulationgithub_advisories · 2026-07-14
- [GHSA] GHSA-xv4r-4885-gwpg (medium) — Kimai has Improper Authorization in Team Member and Team Activity Assignment APIs Which Allows Expansion of Team Scope Beyond Authorized Visibilitygithub_advisories · 2026-07-14
- [GHSA] GHSA-jr9p-4h4j-6c58 (critical) — Kimai: Default APP_SECRET in Docker Image Enables Cookie Forgery and Account Takeovergithub_advisories · 2026-07-14
- [GHSA] GHSA-r8vr-m544-qh4h (medium) — Kimai: Login CSRF in the Timesheet Stop and Restart API Endpoints Allows Unauthorized State Changesgithub_advisories · 2026-07-14
- [GHSA] GHSA-c6w6-57jj-62vh (medium) — Improper Authorization in Kimai Timesheet Restart and Duplicate Allows New Timesheets After Project Access Revocationgithub_advisories · 2026-07-14
- [GHSA] GHSA-3q6q-26vg-v97x (medium) — Kimai: Improper Authorization Through Activity Creation with Preset Project Allows Creation Under Unauthorized Projectsgithub_advisories · 2026-07-14
- Compromised AsyncAPI packages on npm deliver malwaredatadog_seclabs · 2026-07-14
- The FBI Warned About Fake Permit Fees. The Harder Question Is Where the Money Goes. | Recorded Futurerecordedfuture · 2026-07-14
- [GHSA] GHSA-vrr2-g9gh-c3jc (medium) — Kimai: Timesheet PATCH/POST allows assigning to project outside user's team via query_builder OR-bypassgithub_advisories · 2026-07-13
- [GHSA] GHSA-4m8q-55qv-9pwp (medium) — Kimai: Teamlead authorization bypass in GET /api/timesheets allows reading other users' timesheet records without being teamlead of the targetgithub_advisories · 2026-07-13
- [GHSA] GHSA-pgcc-vfmc-7cw5 (medium) — Kimai: Login CSRF in Default Team Creation Endpoints Allows Unauthorized Team and Permission Structure Changesgithub_advisories · 2026-07-13
- new af_alg exploit in the wild?oss_sec · 2026-07-13
- Millenium: A RAT Rewritten, A Threat Multipliedgroupib_blog · 2026-07-13
- Brace Before The Impact: 7 Signals Your Organization Needs A Cybersecurity Services Retainergroupib_blog · 2026-07-13
- The $48 Billion Blind Spot: Why Merchants Pay for Card Breaches They Can’t Seegroupib_blog · 2026-07-13
- [GHSA] GHSA-8f6j-263m-g72x (medium) — Apple App Store Server Python Library: SignedDataVerifier accepts stale OCSP GOOD responses and can bypass certificate revocation checksgithub_advisories · 2026-07-13
- [GHSA] GHSA-xf7x-x43h-rpqh (high) — json_repair: Circular JSON Schema `$ref` causes unbounded CPU DoSgithub_advisories · 2026-07-13
- [GHSA] GHSA-c67f-gmxw-mj93 (critical) — FacturaScripts: Account takeover of any 2FA-enabled usergithub_advisories · 2026-07-13
- Hackers steal Lidl customer data from external service providerthe_record · 2026-07-13
- 2 CVEs Crypt::OpenSSL::X509 versions before 2.1.3oss_sec · 2026-07-13
- The GHOST STADIUM Score: Billions At Stake At The World’s Largest Football Tournamentgroupib_blog · 2026-07-13
- KYC: Bypass age verification using generative video modelssynacktiv · 2026-07-13
- Defending SaaS-based applications against ShinyHunters OAuth abusemsstic · 2026-07-13
- Between Two Nerds: Exploits are not cyber powerriskybiz_news · 2026-07-13
- Completing Compliance with Evidence : A Bottom-Up Approach to NIS2, DORA, and the Cyber Resilience Actsynacktiv · 2026-07-13
- [qilin] Counts & Dobyns posted to leak siteransomware_live · 2026-07-13
- [qilin] Centro Científico e Cultural de Macau posted to leak siteransomware_live · 2026-07-13
- [qilin] Jakub A.S. posted to leak siteransomware_live · 2026-07-13