Hello world!
Welcome to WordPress. This is your first post. Edit or delete it, then start writing!
Latest Intelligence
CRITICAL
Breaches
EU logistics giant confirms 12 TB data exfiltration by LockBit 5.0 affiliate
The threat actor is demanding €40M. A leaked sample contains customer contracts, OT diagrams and Active Directory dumps.
CRITICAL
Cves
CVE-2026-31872: pre-auth RCE in Apache Stratos with public exploit code
A patch is available, yet roughly 14,000 internet-facing instances remain unpatched. Proof-of-concept code was weaponized within 18 hours of disclosure.
HIGH
Ransomware
Cl0p resurfaces with MOVEit-style zero-day campaign targeting MFT vendors
Initial victims include three Fortune 500 firms across healthcare and finance. The group has threatened leak-site disclosure by Friday.
HIGH
Apt
Lazarus pivots to npm supply-chain attacks with 47 malicious packages catalogued
Post-install hooks pull a Go-based loader. Observed targets include Web3 developers and DeFi protocol maintainers.
MEDIUM
Policy
CISA emergency directive ED-26-04 mandates Exchange patching by Friday
Federal civilian agencies have 72 hours to apply mitigations or take affected services offline.
HIGH
Cves
Three Ivanti EPMM flaws added to CISA KEV with chained exploitation observed
CVE-2026-22014, -22015 and -22016 enable authentication bypass and remote code execution on mobile management consoles.
MEDIUM
Breaches
Healthcare provider notifies 2.3M patients after MOVEit-related breach
Stolen data includes SSNs, insurance IDs and clinical notes. The provider is offering 24 months of free credit monitoring.
HIGH
Apt
Scattered Spider returns with helpdesk-vishing playbook v3
New tradecraft chains deepfake voice samples, MFA-fatigue and SIM-swap inside a 22-minute window.
MEDIUM
Ransomware
BlackBasta affiliate leaks builder source code on a Russian forum
Defenders have gained visibility into the AES-CTR scheme; YARA signatures were published within six hours of the leak.
LOW
Policy
EU AI Cybersecurity Act passes: what changes for vendors in January 2027
New requirements include mandatory red-team testing, model-card disclosures and post-deployment incident reporting timelines.
HIGH
Cves
Critical use-after-free in libwebp resurfaces in Electron 31 stable
Slack, Discord and Signal desktop apps are affected. Recommended mitigation: disable preview rendering until patches ship.
HIGH
Breaches
Cloud SaaS vendor exposes 8.2B records via misconfigured Elasticsearch
Researcher disclosure: the snapshot was publicly indexed for 11 days before remediation. Customer notifications are underway.
CVE Watch
Full feed →CVE-2026-31872
9.8
Apache Stratos: pre-auth RCE via crafted SOAP payload
Apache
Today
CVE-2026-22014
9.1
Ivanti EPMM: authentication bypass in mobile policy endpoint
Ivanti
Today
CVE-2026-29011
8.6
Microsoft Exchange: chained SSRF and deserialization in the wild
Microsoft
1d ago
CVE-2026-18493
7.8
Cisco IOS XE: privilege escalation via the web UI
Cisco
2d ago
CVE-2026-17204
7.2
Fortinet FortiOS: stack overflow in SSL-VPN
Fortinet
3d ago
CVE-2026-15876
6.5
GitLab CE: IDOR in merge request approvals
GitLab
4d ago
CVE-2026-14411
5.4
Jenkins: stored XSS in pipeline build logs
Jenkins
5d ago
Deep Dive · Analysis
All analysis →
Threat Actor
Inside Scattered Spider: TTPs, infra, and 2026 retainer playbook
A full breakdown of social-engineering tradecraft, helpdesk impersonation flows, and the SIM-swap toolchain still in active use.
Defense
Detection engineering for living-off-the-land binaries in 2026
Sigma rules, Sysmon configs and the EDR blind spots every SOC analyst should know, complete with sample playbooks.