THREAT OPS › Threat News
Threat Intelligence News
2520 reports from 110+ open cyber-threat-intelligence sources — APT activity, malware, vulnerabilities and campaigns, newest first.
- Re: new af_alg exploit in the wild?oss_sec · 2026-07-14
- [Tor] 1382 active exit nodes — anonymizing infrastructure (2026-07-14)tor_exits · 2026-07-14
- [dragonforce] momenta.cn posted to leak siteransomware_live · 2026-07-14
- [GHSA] GHSA-2xgg-2x8h-8xw4 (medium) — Kimai: Improper Authorization in Project, Customer, and Activity Rate Edit Endpoints Allows Cross-Scope Rate Manipulationgithub_advisories · 2026-07-14
- [GHSA] GHSA-xv4r-4885-gwpg (medium) — Kimai has Improper Authorization in Team Member and Team Activity Assignment APIs Which Allows Expansion of Team Scope Beyond Authorized Visibilitygithub_advisories · 2026-07-14
- [GHSA] GHSA-jr9p-4h4j-6c58 (critical) — Kimai: Default APP_SECRET in Docker Image Enables Cookie Forgery and Account Takeovergithub_advisories · 2026-07-14
- [GHSA] GHSA-r8vr-m544-qh4h (medium) — Kimai: Login CSRF in the Timesheet Stop and Restart API Endpoints Allows Unauthorized State Changesgithub_advisories · 2026-07-14
- [GHSA] GHSA-c6w6-57jj-62vh (medium) — Improper Authorization in Kimai Timesheet Restart and Duplicate Allows New Timesheets After Project Access Revocationgithub_advisories · 2026-07-14
- [GHSA] GHSA-3q6q-26vg-v97x (medium) — Kimai: Improper Authorization Through Activity Creation with Preset Project Allows Creation Under Unauthorized Projectsgithub_advisories · 2026-07-14
- Compromised AsyncAPI packages on npm deliver malwaredatadog_seclabs · 2026-07-14
- The FBI Warned About Fake Permit Fees. The Harder Question Is Where the Money Goes. | Recorded Futurerecordedfuture · 2026-07-14
- [CISA KEV] CVE-2026-56155 — Microsoft Active Directory Federation Services: Microsoft Active Directory Federation Services Insufficient Granularity of Access Control Vulnerability cisa_kev · 2026-07-14
- [CISA KEV] CVE-2026-56164 — Microsoft SharePoint Server: Microsoft SharePoint Server Missing Authentication for Critical Function Vulnerabilitycisa_kev · 2026-07-14
- [GHSA] GHSA-vrr2-g9gh-c3jc (medium) — Kimai: Timesheet PATCH/POST allows assigning to project outside user's team via query_builder OR-bypassgithub_advisories · 2026-07-13
- [GHSA] GHSA-4m8q-55qv-9pwp (medium) — Kimai: Teamlead authorization bypass in GET /api/timesheets allows reading other users' timesheet records without being teamlead of the targetgithub_advisories · 2026-07-13
- [GHSA] GHSA-pgcc-vfmc-7cw5 (medium) — Kimai: Login CSRF in Default Team Creation Endpoints Allows Unauthorized Team and Permission Structure Changesgithub_advisories · 2026-07-13
- new af_alg exploit in the wild?oss_sec · 2026-07-13
- Millenium: A RAT Rewritten, A Threat Multipliedgroupib_blog · 2026-07-13
- Brace Before The Impact: 7 Signals Your Organization Needs A Cybersecurity Services Retainergroupib_blog · 2026-07-13
- The $48 Billion Blind Spot: Why Merchants Pay for Card Breaches They Can’t Seegroupib_blog · 2026-07-13
- [GHSA] GHSA-8f6j-263m-g72x (medium) — Apple App Store Server Python Library: SignedDataVerifier accepts stale OCSP GOOD responses and can bypass certificate revocation checksgithub_advisories · 2026-07-13
- [GHSA] GHSA-xf7x-x43h-rpqh (high) — json_repair: Circular JSON Schema `$ref` causes unbounded CPU DoSgithub_advisories · 2026-07-13
- [GHSA] GHSA-c67f-gmxw-mj93 (critical) — FacturaScripts: Account takeover of any 2FA-enabled usergithub_advisories · 2026-07-13
- Hackers steal Lidl customer data from external service providerthe_record · 2026-07-13
- 2 CVEs Crypt::OpenSSL::X509 versions before 2.1.3oss_sec · 2026-07-13
- The GHOST STADIUM Score: Billions At Stake At The World’s Largest Football Tournamentgroupib_blog · 2026-07-13
- KYC: Bypass age verification using generative video modelssynacktiv · 2026-07-13
- Defending SaaS-based applications against ShinyHunters OAuth abusemsstic · 2026-07-13
- Between Two Nerds: Exploits are not cyber powerriskybiz_news · 2026-07-13
- Completing Compliance with Evidence : A Bottom-Up Approach to NIS2, DORA, and the Cyber Resilience Actsynacktiv · 2026-07-13
- [qilin] Counts & Dobyns posted to leak siteransomware_live · 2026-07-13
- [qilin] Centro Científico e Cultural de Macau posted to leak siteransomware_live · 2026-07-13
- [qilin] Jakub A.S. posted to leak siteransomware_live · 2026-07-13
- [qilin] Cemoi posted to leak siteransomware_live · 2026-07-13
- [qilin] Busscar de Colombia posted to leak siteransomware_live · 2026-07-13
- EU leaders eye social media ban for children under age 13the_record · 2026-07-13
- [titan] DataOstrov s.r.o. posted to leak siteransomware_live · 2026-07-13
- [titan] Ozmit s.r.o. posted to leak siteransomware_live · 2026-07-13
- What the ECB’s AI Cybersecurity Letter Means for Significant Institutionshorizon3 · 2026-07-13
- Japan's largest taxi operator shuts systems after cyberattackbleepingcomputer · 2026-07-13
- [titan] Cooperate consulting CZ s.r.o. posted to leak siteransomware_live · 2026-07-13
- Request for Comments: CARE and Maven Centralsonatype · 2026-07-13
- [qilin] Hillebrand Home Health posted to leak siteransomware_live · 2026-07-13
- Hackers backdoor Jscrambler npm package with infostealer malwarebleepingcomputer · 2026-07-13
- Creating a "Two-Face" Rust binary on Linuxsynacktiv · 2026-07-13
- Paint it blue: Attacking the bluetooth stacksynacktiv · 2026-07-13
- Beyond ACLs: Mapping Windows Privilege Escalation Paths with BloodHoundsynacktiv · 2026-07-13
- On the clock: Escaping VMware Workstation at Pwn2Own Berlin 2025synacktiv · 2026-07-13
- Wireless-(in)Fidelity: Pentesting Wi-Fi in 2025synacktiv · 2026-07-13
- Livewire: remote command execution through unmarshalingsynacktiv · 2026-07-13
- Exploiting Anno 1404synacktiv · 2026-07-13
- ActivID administrator account takeover : the story behind HID-PSA-2025-002synacktiv · 2026-07-13
- 2025 Winter Challenge: Quinindromesynacktiv · 2026-07-13
- Breaking the BeeStation: Inside Our Pwn2Own 2025 Exploit Journeysynacktiv · 2026-07-13
- Site Unseen: Enumerating and Attacking Active Directory Sitessynacktiv · 2026-07-13
- Bypassing Windows authentication reflection mitigations for SYSTEM shells - Part 1synacktiv · 2026-07-13
- Say hi to Pike!synacktiv · 2026-07-13
- Hooking Windows Named Pipessynacktiv · 2026-07-13
- Kubernetes forensics 1/3: what the container ?synacktiv · 2026-07-13
- Exploring cross-domain & cross-forest RBCDsynacktiv · 2026-07-13
- Deep-dive into the deployment of an on-premise low-privileged LLM serversynacktiv · 2026-07-13
- mitmproxy for fun and profit: Interception and Analysis of Application Trafficsynacktiv · 2026-07-13
- 2025 winter challenge writeupsynacktiv · 2026-07-13
- The SQL Server Unicode problem: why your data might not be what you think it is?synacktiv · 2026-07-13
- Exploring cross-domain & cross-forest RBCD: part 2synacktiv · 2026-07-13
- Surviving the surge of new Linux LPE : Defense in Depth not deadsynacktiv · 2026-07-13
- Exploiting the Tesla Wall Connector from its charge port connector - Part 2: bypassing the anti-downgradesynacktiv · 2026-07-13
- Make it Blink: Over-the-Air Exploitation of the Philips Hue Bridgesynacktiv · 2026-07-13
- Bypassing Windows authentication reflection mitigations for SYSTEM shells - Part ②synacktiv · 2026-07-13
- [qilin] URH Hoteliers posted to leak siteransomware_live · 2026-07-13
- New CrashStealer malware poses as Apple crash reporting toolbleepingcomputer · 2026-07-13
- VPN service favored by ransomware groups is sanctioned by USthe_record · 2026-07-13
- [GHSA] GHSA-7xw9-549r-8jrc (high) — DIRAC: SQL injection and lack of access control in PilotManager servicegithub_advisories · 2026-07-13
- [GHSA] GHSA-vg99-gr89-qhw9 (high) — DIRAC: Pilot code downloaded over unverified HTTPS connectiongithub_advisories · 2026-07-13
- [qilin] TitanTV, Inc. posted to leak siteransomware_live · 2026-07-13
- Understanding Illicit Ecosystems: How Dark Web Forums Structure Cybercrimeflashpoint · 2026-07-13
- CrashStealer macOS Malware Uses Notarized Dropper to Pass Gatekeeper Checksthehackernews · 2026-07-13
- Meeting the ECB’s AI-Enabled Cybersecurity Mandate with NodeZero®horizon3 · 2026-07-13
- Google and Microsoft Pull ModHeader With 1.6 Million Installs After Dormant Collector Foundthehackernews · 2026-07-13
- Microsoft Entra ID security updates: Passkeys are the default authentication method in Entra IDmsstic · 2026-07-13
- [safepay] shuttlemeadowcc.com posted to leak siteransomware_live · 2026-07-13
- [dragonforce] Northeast Rescue Systems posted to leak siteransomware_live · 2026-07-13
- CISA warns of actively exploited RCE flaws in Joomla extensionsbleepingcomputer · 2026-07-13
- ⚡ Weekly Recap: ShareFile Threat, Citrix Bleed 2 Ransomware, AI Coding Attacks, and Morethehackernews · 2026-07-13
- Lessons Learned from CISA’s Recent GitHub Leakkrebs · 2026-07-13
- June 2026 Threat Trend Report on APT Groupsahnlab · 2026-07-13
- Effective Patch Management Strategies: 7 Best Practices | Huntresshuntress · 2026-07-13
- [dragonforce] Nicholson y Cano Abogados posted to leak siteransomware_live · 2026-07-13
- Trusting your kids online isn’t enough (Lock and Code S07E14)malwarebytes_blog · 2026-07-13
- Lidl discloses online shop breach after service provider hackbleepingcomputer · 2026-07-13
- Breach at the Beach: Play the Ultimate Entra ID CTFbleepingcomputer · 2026-07-13
- Why cloud security is mission-critical for federal civilian and defense agenciestenable · 2026-07-13
- New MemGhost Attack Plants Persistent False Memories in AI Agents Through One Emailthehackernews · 2026-07-13
- UK charges suspects linked to Russian Coms call spoofing platformbleepingcomputer · 2026-07-13
- [akira] Ironmark posted to leak siteransomware_live · 2026-07-13
- Ghostcommit attack hides malicious AI instructions in imagesmalwarebytes_blog · 2026-07-13
- 13th July – Threat Intelligence Reportcheckpoint_research · 2026-07-13
- Forg365 PhaaS Targets Microsoft 365 with Device Code and AitM Session Theftthehackernews · 2026-07-13
- Introducing Precursor: detecting agentic behavior with continuous client-side signalscloudflare_security · 2026-07-13
- Threat Actors Achieve Persistence After SQL Injectionhuntress · 2026-07-13