Archive · daily briefs
All daily briefs
Every published brief, newest first · one page per UTC day. For the rolling window view, read the live brief.
Sun 05 Jul 2026CTI Daily Brief · 2026-07-05cve-search patches a pre-auth flaw that reads admin credential hashes via /fetch_cve_data2 findingsSat 04 Jul 2026CTI Daily Brief · 2026-07-04PamStealer impersonates the Maccy clipboard app and confirms a stolen macOS password through pam_authenticate before sending it4 findingsFri 03 Jul 2026CTI Daily Brief · 2026-07-03CVE-2026-57517 — Control Web Panel: pre-auth SQLi to RCE via INTO DUMPFILE (CVSS 9.8)7 findingsThu 02 Jul 2026CTI Daily Brief · 2026-07-02Kemp LoadMaster CVE-2026-8037 — exploitation attempts confirmed the day the PoC dropped10 findingsWed 01 Jul 2026CTI Daily Brief · 2026-07-01Nissan is the largest named victim yet in the ShinyHunters Oracle PeopleSoft campaign8 findingsTue 30 Jun 2026CTI Daily Brief · 2026-06-30CVE-2026-48558 — SimpleHelp RMM: OIDC SSO authentication bypass, actively exploited11 findings · 1 criticalMon 29 Jun 2026CTI Daily Brief · 2026-06-29Gogs CVE-2026-52806 moves from "no observed exploitation" to active cryptojacking campaign3 findingsSun 28 Jun 2026CTI Daily Brief · 2026-06-28Keycloak JWT algorithm confusion (CVE-2026-11800): forging federated identity in the EU public sector's dominant IdP9 findingsSat 27 Jun 2026CTI Daily Brief · 2026-06-27Miasma / "Mini Shai-Hulud" npm worm runs a new wave across LeoPlatform/RStreams packages15 findingsFri 26 Jun 2026CTI Daily Brief · 2026-06-26Mandiant publishes the forensic reconstruction behind Cisco SD-WAN Manager CVE-2026-202456 findingsThu 25 Jun 2026CTI Daily Brief · 2026-06-25"Cordyceps" — the GitHub Actions pull_request_target pwn-request class is still widely exploitable at scale7 findingsWed 24 Jun 2026CTI Daily Brief · 2026-06-24Ubiquiti UniFi OS triple-flaw chain to unauthenticated root (CVE-2026-34908 / -34909 / -34910)11 findingsTue 23 Jun 2026CTI Daily Brief · 2026-06-23SonicWall CVE-2024-40766: why patched firewalls keep falling to Akira and Fog9 findingsMon 22 Jun 2026CTI Daily Brief · 2026-06-22AryStinger: a reconnaissance-and-proxy botnet built on end-of-life D-Link routers and QNAP NAS4 findingsSun 21 Jun 2026CTI Daily Brief · 2026-06-21Prinz Eugen: a Go-based encryptor that targets recent files first and leaves no ransom note9 findingsSat 20 Jun 2026CTI Daily Brief · 2026-06-20PTC Windchill CVE-2026-12569: unauthenticated Java deserialization to RCE on the PLM management plane10 findings · 1 criticalFri 19 Jun 2026CTI Daily Brief · 2026-06-19Nightmare/Chaotic Eclipse zero-day wave — the Defender LPE now carries a CVE, a public PoC, and Microsoft's "Exploitation More Likely" rating, with no11 findingsThu 18 Jun 2026CTI Daily Brief · 2026-06-18Mastra npm supply-chain compromise (easy-day-js)9 findingsWed 17 Jun 2026CTI Daily Brief · 2026-06-17CVE-2026-48907 — Widget Factory Joomla Content Editor (JCE) before version 2.9.99.5: unauthenticated profile-import → PHP RCE (CVSS v4 10.0)12 findings · 1 criticalTue 16 Jun 2026CTI Daily Brief · 2026-06-16Council of Europe named as a victim of the Oracle PeopleSoft (CVE-2026-35273) campaign12 findingsMon 15 Jun 2026CTI Daily Brief · 2026-06-15FBI "Operation Ghost Hook" seizes the Outsider PhaaS infrastructure Google had sued2 findingsSun 14 Jun 2026CTI Daily Brief · 2026-06-14Ivanti Sentry CVE-2026-10520 — exploitation confirmed in the wild, gateways backdoored8 findings · 1 criticalSat 13 Jun 2026CTI Daily Brief · 2026-06-13Oracle PeopleSoft CVE-2026-35273 attributed to ShinyHunters; confirmed zero-day, 100+ victims, education sector hit hardest10 findings · 1 criticalFri 12 Jun 2026CTI Daily Brief · 2026-06-12ShinyHunters PeopleSoft campaign — Oracle confirms CVE-2026-35273 and ships an out-of-band patch; Nottingham quantifies 455,000 records12 findings · 1 criticalThu 11 Jun 2026CTI Daily Brief · 2026-06-11ShinyHunters Oracle PeopleSoft campaign: gadget-chain access, SSH default-credential lateral movement, mass exfiltration8 findingsWed 10 Jun 2026CTI Daily Brief · 2026-06-10CVE-2026-44748 — SAP June Patch Day: SAML XML Signature Wrapping in NetWeaver AS ABAP (CVSS 9.9) plus an unauth RFC kernel memory-corruption (CVSS 9.820 findingsTue 09 Jun 2026CTI Daily Brief · 2026-06-09CVE-2026-50751 — Check Point Security Gateway: IKEv1 VPN authentication bypass, actively exploited by a Qilin affiliate9 findings · 1 criticalMon 08 Jun 2026CTI Daily Brief · 2026-06-08CVE-2026-49200 / CVE-2026-49201 — Acer Wave-7 mesh routers: cleartext-credential log + hardcoded backup key, CVSS 10.0, no patch6 findingsSun 07 Jun 2026CTI Daily Brief · 2026-06-07Keycloak 26.6.3: privilege escalation via OAuth token-exchange and SSRF in the EU public sector's reference identity platform6 findingsSat 06 Jun 2026CTI Daily Brief · 2026-06-06Luna Moth / Silent Ransom Group (UNC3753): vishing-to-physical-access data-theft extortion against legal and professional services8 findingsFri 05 Jun 2026CTI Daily Brief · 2026-06-05Redis CVE-2026-23479: a public use-after-free→GOT-overwrite RCE in a database 80% of cloud estates run passwordless9 findingsThu 04 Jun 2026CTI Daily Brief · 2026-06-04HTTP/2 Bomb (CVE-2026-49975): a single-connection memory-exhaustion DoS against every major web server14 findingsWed 03 Jun 2026CTI Daily Brief · 2026-06-03Linux cgroups v1 release_agent container escape (CVE-2022-0492) re-enters active exploitation10 findingsTue 02 Jun 2026CTI Daily Brief · 2026-06-02Windows Netlogon CVE-2026-41089 moves from "patch-available" to actively exploited11 findings · 1 criticalMon 01 Jun 2026CTI Daily Brief · 2026-06-01Italy's low-cost commercial spyware economy: Accessibility-API abuse as the cheap alternative to zero-days3 findingsSun 31 May 2026CTI Daily Brief · 2026-05-31Cisco Talos maps the DICOM-format attack surface against Orthanc PACS — network-ingested medical images as a heap out-of-bounds-write primitive4 findingsSat 30 May 2026CTI Daily Brief · 2026-05-30CVE-2026-0257 — Palo Alto PAN-OS GlobalProtect: Pre-Auth Authentication Bypass via Certificate Reuse14 findings · 1 criticalFri 29 May 2026CTI Daily Brief · 2026-05-29CVE-2026-9170 — IBM HTTP Server / WebSphere Application Server: pre-auth RCE via improper input validation (CVSS 9.8)16 findingsThu 28 May 2026CTI Daily Brief · 2026-05-28Nx Console / TanStack / DAEMON Tools supply-chain cascade lands three CISA KEV entries12 findingsWed 27 May 2026CTI Daily Brief · 2026-05-27Tycoon 2FA after the March 2026 takedown: two-tier AiTM operator architecture and the OAuth device-code variant6 findingsTue 26 May 2026CTI Daily Brief · 2026-05-26Lazarus "RemotePE": a three-stage memory-only RAT that unhooks EDR and blinds ETW7 findingsMon 25 May 2026CTI Daily Brief · 2026-05-25ShinyHunters lists Charter Communications (Spectrum) — telco victim in the Salesforce-credential campaign5 findingsSun 24 May 2026CTI Daily Brief · 2026-05-24Packagist supply-chain wave: Laravel-Lang autoloader backdoor and the cross-ecosystem postinstall strand7 findingsSat 23 May 2026CTI Daily Brief · 2026-05-23Drupal CVE-2026-9082 — CISA KEV addition + active exploitation confirmed; NCSC.ch flips post 12584 to "Actively exploited"13 findings · 1 criticalFri 22 May 2026CTI Daily Brief · 2026-05-22CVE-2026-34926 — Trend Micro Apex One On-Premise: post-auth directory traversal by admin-credential holder injects code deployed fleet-wide to all man10 findings · 1 criticalThu 21 May 2026CTI Daily Brief · 2026-05-21Verizon 2026 DBIR: vulnerability exploitation overtakes credentials as primary breach vector for the first time in 19 years10 findingsWed 20 May 2026CTI Daily Brief · 2026-05-20Prepare emergency Drupal patch window for today 17:00–21:00 UTC16 findings · 1 criticalTue 19 May 2026CTI Daily Brief · 2026-05-19TeamPCP / Shai-Hulud — first copycat wave (Phantom Bot + SSH/cloud stealers), Checkmarx Jenkins plugin trojanised again, PCPJack rival worm hits expos11 findingsMon 18 May 2026CTI Daily Brief · 2026-05-18CVE-2026-42897 Exchange OWA — EM Service auto-mitigation depends on outbound connectivity to officemitigations.microsoft.com5 findings · 1 criticalSun 17 May 2026CTI Daily Brief · 2026-05-17Pwn2Own Berlin 2026: Master-of-Pwn outcomes, the new AI Agents category, and the compound-Exchange-threat picture for European defenders7 findingsSat 16 May 2026CTI Daily Brief · 2026-05-16CVE-2026-42897 — Microsoft Exchange Server 2016 / 2019 / SE: stored XSS in OWA, actively exploited, no permanent patch9 findings · 1 criticalFri 15 May 2026CTI Daily Brief · 2026-05-15CVE-2026-20182 — Cisco Catalyst SD-WAN Controller/Manager: pre-auth authentication bypass enabling full fabric takeover12 findings · 1 criticalThu 14 May 2026CTI Daily Brief · 2026-05-14FamousSparrow Three-Wave Intrusion of an Azerbaijani Energy Operator: ProxyNotShell Re-exploitation and a Wave-1 DLL-Sideload Loader That Overrides Tw6 findingsWed 13 May 2026CTI Daily Brief · 2026-05-13Mini Shai-Hulud — TeamPCP worm hits TanStack, UiPath, Mistral AI, OpenSearch (160+ package versions)15 findingsTue 12 May 2026CTI Daily Brief · 2026-05-12GTIG AI Threat Tracker (May 2026): First Confirmed AI-Generated Zero-Day Exploit ITW and the Behavioural Class of AI-Augmented Malware8 findingsMon 11 May 2026CTI Daily Brief · 2026-05-11Dirty Frag — Microsoft confirms limited in-the-wild exploitation; Red Hat, NCSC.ch, CCB Belgium publish coordinated advisories5 findingsSun 10 May 2026CTI Daily Brief · 2026-05-10cPanel/WHM second emergency TSR in 10 days — embargo lifted on CVE-2026-29202 (post-auth Perl RCE, CVSS 8.8), CVE-2026-29203 (CVSS 8.8), CVE-2026-292012 findingsSat 09 May 2026CTI Daily Brief · 2026-05-09Ivanti EPMM CVE-2026-5787 / CVE-2026-6973 — KEV deadline TOMORROW (2026-05-10); EU victim organisations named; 508 internet-exposed EU instances16 findingsFri 08 May 2026CTI Daily Brief · 2026-05-08CVE-2026-0300 (PAN-OS Captive Portal unauthenticated root RCE): CISA KEV deadline is today (2026-05-09); no patch until 2026-05-1316 findingsThu 07 May 2026CTI Daily Brief · 2026-05-07Quiet window · the run record is the artifact.run record onlyWed 06 May 2026CTI Daily Brief · 2026-05-06Quiet window · the run record is the artifact.run record only