ZDI-26-227: OpenClaw Canvas Path Traversal Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenClaw. Authentication is required to exploit thi...
Threat Intelligence Feed
Aggregating 5679 articles from trusted cybersecurity sources
Latest News
AI Threat Landscape Digest January-February 2026
KEY FINDINGS AI-assisted malware development has reached operational maturity.VoidLink framework, which is modular, professionally engineered, and fully func...
New Wave of AiTM Phishing Targets TikTok for Business
Push Security has uncovered a new AiTM phishing campaign targeting TikTok for Business accounts using Google and TikTok themed login pages
TeamPCP Targets Telnyx Package in Latest PyPI Software Supply Chain Attack
Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware
Quantum Computing Threat to Encryption Is Closer Than Expected, Warns Google
‘Q-Day’ and the cybersecurity problems it brings could come as early as 2029 as Google accelerates its post-quantum cryptography migration
UK Cracks Down on Chinese Crypto Marketplace for Funding Southeast Asia Scam Hubs
The UK government has sanctioned Xinbi, described as “the second-largest illicit online marketplace ever”
RSAC 2026 wrap-up – Week in security with Tony Anscombe
This year, AI agents took the center stage – as a defensive capability, but more pressingly as a risk many organizations haven't caught up with
A cunning predator: How Silver Fox preys on Japanese firms this tax season
Silver Fox is back in Japan, spoofing tax and HR emails timed to the one season when no one thinks twice about opening them
World Leaks data extortion: What you need to know
World Leaks is a cyber extortion operation that steals sensitive data from organizations and threatens to leak it via the dark web if a ransom is not paid. R...
Security Researchers Sound the Alarm on Vulnerabilities in AI-Generated Code
Security researchers from Georgia Tech have observed a surge in reported CVEs for which the flaw was introduced by AI-generated code
Attackers Rapidly Weaponize Critical Oracle WebLogic RCE, Honeypot Study Finds
Attackers rapidly exploited a critical Oracle WebLogic RCE flaw the same day exploit code was released, according to a CloudSEK honeypot study
EtherRAT Techniques Bypass Security Via Ethereum Smart Contracts
EtherRAT hides C2 in Ethereum smart contracts via EtherHiding, steals wallets and credentials
Data Breaches
Klue breach exposed Salesforce CRM data through stolen OAuth tokens
An attacker broke into competitive-intelligence vendor Klue, stole OAuth tokens its customers use to connect to Salesforce and other platforms, and accessed ...
22nd June – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 22nd June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Texas Park...
Texas Parks and Wildlife Data Breach Affects Over 3M License Customers
Around 3 million Texas licence holders face a data breach after hackers targeted a third-party vendor, exposing driver's licences and passport numbers.
Klue Breach Enables Hackers to Compromise Cybersecurity Firms via OAuth Tokens
At least five cybersecurity firms confirmed they have been affected by a breach of business intelligence platform Klue via Salesforce integration
Texas Parks & Wildlife Data Breach Affects 3 Million Individuals
Hackers stole personal information after breaching the systems of a third-party license vendor serving TPWD. The post Texas Parks & Wildlife Data Breach Affe...
Inside GentleKiller: The EDR-Killer Powering The Gentlemen
The Gentlemen equips affiliates with a centralized EDR-killer suite, rapidly weaponizing BYOVD exploits to disable security tools before ransomware attacks. ...
Inside GentleKiller: The EDR-Killer Powering The Gentlemen
The Gentlemen equips affiliates with a centralized EDR-killer suite, rapidly weaponizing BYOVD exploits to disable security tools before ransomware attacks. ...
MDR Provider Comparison: Time to Discover and Respond to Threats
A detailed MDR provider comparison covering tiers, response speed, coverage, threat intelligence, pricing, and breach warranties to help you choose.
Texas TPWD Vendor Breach Exposes 3 Million Customer Records
Texas Cyber Command has disclosed a massive third-party data breach affecting the Texas Parks and Wildlife Department (TPWD), exposing the personal records o...
CISA Warns of Active Exploitation Following FortiBleed Leak
FortiBleed exposed credentials for 74,000 Fortinet devices, with attackers actively exploiting the leak to target systems worldwide. On June 18, CISA issued ...
Klue OAuth breach victim list grows as Icarus hackers claim attack
Market intelligence platform Klue has publicly confirmed a recent security incident that allowed threat actors to steal OAuth tokens used to connect to custo...
Texas govt data breach exposes over 3 million driver’s licenses
The Texas Parks and Wildlife Department (TPWD) disclosed a data breach at its license system vendor that exposed personal information for more than three mil...