Latest IntelligencePage 57
Search by keyword →SecurityScorecard Snags Driftnet to Level Up Threat Intelligence
The acquisition looks to boost visibility into third-party ecosystems, which are becoming a bigger concern as vectors for supply chain attacks....
Maximum Severity Cisco SD-WAN Bug Exploited in the Wild
This is the second time this year a threat actor has leveraged a CVSS 10.0 vulnerability in Cisco's network control system....
Congress Puts Heat on Instructure After Canvas Outage
The House Committee on Homeland Security sent a letter about the Canvas cyberattack, the same day that the edtech company said it reached an "agreement" with th...
Sandworm Hackers Pivot From Compromised IT Systems Toward Critical OT Assets
A Russian state-sponsored hacking group known as Sandworm has been caught making a calculated pivot from compromised IT networks into operational technology sys...
Cisco warns of new critical SD-WAN flaw exploited in zero-day attacks
Cisco is warning that a critical Catalyst SD-WAN Controller authentication bypass flaw, tracked as CVE-2026-20182, was actively exploited in zero-day attacks th...
Chinese APT Hackers Exploit Microsoft Exchange to Breach Energy Sector Network
A Chinese state-linked hacking group known as FamousSparrow has quietly infiltrated an Azerbaijani oil and gas company, exploiting an unpatched Microsoft Exchan...
OpenAI confirms security breach in TanStack supply chain attack
OpenAI says two employees' devices were breached in the recent TanStack supply chain attack that impacted hundreds of npm and PyPI packages, causing the company...
Windows 11 and Microsoft Edge hacked at Pwn2Own Berlin 2026
On the first day of Pwn2Own Berlin 2026, security researchers collected $523,000 in cash awards after exploiting 24 unique zero-days. [...]...
New Malware Framework Enables Screen Control, Browser Artifact Access, and UAC Bypass
A newly uncovered malware framework is raising serious alarms across the cybersecurity community. Researchers have identified a previously unknown implant calle...
node-ipc npm Package with 822K Weekly Downloads Compromised in Supply Chain Attack
A widely used JavaScript inter-process communication library has been weaponized again. Socket and Stepsecurity have confirmed that three newly published versio...
Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access
Cisco has released updates to address a maximum-severity authentication bypass flaw in Catalyst SD-WAN Controller that it said has been exploited in limited att...
Anthropic’s Mythos AI Reportedly Found macOS Vulnerabilities that Could Bypass Apple Security
Security researchers at Calif, a Palo Alto-based cybersecurity firm, have used techniques derived from an early version of Anthropic’s secretive Mythos AI...
Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets
Cybersecurity researchers are sounding the alarm about what has been described as "malicious activity" in newly published versions of node-ipc. According to Soc...
Hackers Compromise 170 npm Packages to Steal GitHub, npm, AWS, and Kubernetes Secrets
A sprawling supply chain attack has put software developers worldwide on high alert after hackers compromised more than 170 npm packages and two PyPI packages i...
Critical Canon MailSuite Vulnerability Enables Remote Code Execution Attacks
Enterprise email infrastructure remains one of the most critical and vulnerable targets for cybercriminals. A highly severe security flaw has just been discover...
TeamPCP and BreachForums Hackers Running $1,000 Contest for Supply Chain Attacks
The cybercrime underworld is turning open-source supply chain attacks into a twisted competition. After months of infiltrating security tools and CI/CD pipeline...
'FrostyNeighbor' APT Carefully Targets Govt Orgs in Poland, Ukraine
Attackers uniquely fingerprint victims before delivering spear-phishing payloads aimed at espionage, in the latest campaign from the Belarussian nation-state th...
Microsoft: Russian hackers evolved Kazuar malware into stealthy P2P botnet
“Kazuar,” a long-running malware platform linked to the Russian state-sponsored threat group Secret Blizzard, has evolved into a stealthy peer-to-peer botnet de...
ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories
Everything is still on fire. This week feels dumb in the worst way — bad links, weak checks, fake help desks, shady forum posts, and people turning supply chain...
18-year-old NGINX vulnerability allows DoS, potential RCE
An 18-year-old flaw in the NGINX open-source web server, discovered using an autonomous scanning system, can be exploited for denial of service and, under certa...